The Pentagon is reviewing its policies toward social networking sites amid network security and other concerns.
According to reports, U.S. officials have ordered a review of the threats and benefits of using Web 2.0 sites such as Facebook and others. The review is slated to be completed by the end of September.
News of the review follows an order issued Aug. 3 banning the U.S. Marine Corps from accessing social networking sites such as Facebook and Twitter from the Marine Corps Enterprise Network (MCEN). The order does not disallow Marines from using the networks on their personal computers outside of work.
“[Social networking sites] in general are a proven haven for malicious actors and content and are particularly high risk due to information exposure, user generated content and targeting by adversaries,” the order reads. “The very nature of SNS [social networking sites] creates a larger attack and exploitation window, exposes unnecessary information to adversaries and provides an easy conduit for information leakage that puts OPSEC, COMSEC, personnel and MCEN at an elevated risk of compromise.”
In the past, the military has not been totally averse to social networking. The U.S. Marine Corps order, for example, stands in contrast to the U.S. Army’s decision earlier this year to permit personnel to access certain social networks from domestic campus area networks. The Army gave the thumbs-up to Facebook, Twitter and Flickr, but disallowed other Web 2.0 sites like MySpace and YouTube.
Part of the issue seems to be concerns over data leaks. Enterprises face these same concerns as well. However, opinion about how businesses should approach social networks is divided. Some experts say the best approach is to focus on enabling secure use of the sites through corporate policy and educating users on what not to do. Otherwise, employees may be tempted to access the sites via Web proxies.
Still, malware authors are increasingly turning to social networking sites to spread their wares. Earlier this year, an analysis by Kaspersky Lab revealed that social networks are 10 times more effective as avenues of malware distribution than e-mail.
In general, social networks should be treated with caution, Derek Mankey, project manager of cyber-security and threat research at Fortinet, told eWEEK.
“Social networking is quickly driving the next generation of threats, as these platforms have become widely adopted, which means large user bases and huge traffic,” he said. “Any time you have these factors, combined with a growing platform that is increasingly becoming more complex, it will inherently open security holes.”
