You are on page 1of 100

DEPARTMENT OF THE ARMY

OFFICE OF THE SECRETARY OF THE ARMY


107 ARMY PENTAGON
WASHINGTON, D.C. 20310-0107

Office, Chief Information Officer/G-6


March 16, 2007

Ms. Marcia Hofmann


Electronic Frontier Foundation
1875 Connecticut Avenue, NW
Suite 650
Washington, DC 20009

Dear Ms Hofmann:

This responds to your Freedom of Information Act Request dated November 2,


2006. Your request was referred to this Agency by the US Army Freedom of
Information and Privacy Office on November 6, 2006 using the US Postal Service. Our
office became aware of your request on February 16, 2007 by the Office of General
Counsel. We have carefully reviewed the documents and are releasing all of the pages,
although some pages are partially redacted for Vr\e reasons stated below.

Exemption (b) (6) of the FOIA protects from mandatory disclosure "personnel and
medial files the disclosure of which would constitute a clearly unwarranted invasion of
privacy." 5 U.S.C. 552(b)(6) (1996 & Supp.l 2002). To qualify for protection under
Exemption (b)(6), records must meet two criteria: (1) they must be "personnel and
medical files and similar files," (2) the disclosure of which "would constitute a clearly
unwarranted invasion of personal privacy." Id: U.S. Dep't of State v. Washington Post
Co., 456 U.S. 595, 599-603 (1982). Regarding the first prong, the Supreme Court has
held that this standard is met merely if the information "applies to a particular individual."
U.S. Dep't of State v. Washington Post Co.. 456 U.S. at 602. The second prong
requires courts to strike a balance between the protection of an individual's right to
privacy and the preservation of the public's right to Government information." \± At
599. The "public interest" in the analysis is limited to the "core purpose" for which
Congress enacted the FOIA: to shed . . . light on an agency's performance of its
statutory duties." U.S. Dep't of Justice v. Reporters Comm. for Freedom of the Press.
489 U.S. 749, 773(1989).

We are withholding the names of government employees under Exemption (b) (6) to
protect personal privacy. In this regard we have also redacted the names of third
parties to the e-mail correspondence, and information in the e-mail which may lead to a
disclosure of their identity. See Judicial Watch, Inc. v. United States. No. 03-1160, 2004
WL 26736, *4(4™ Cir. Jan. 6, 2004). Under the Exemption (b)(6) balancing test, the
Supreme Court held in a similar case that disclosure of employee addresses "would not
appreciably further the citizens' right to be informed about what their Government is up
to and, indeed, would reveal little or nothing about the employing agencies or their
activities." United States Dep't of Defense v. Fed. Labor Relations Auth.. 510 U.S. 487,
48 (1994). The same is true here. Disclosure of the names and email addresses of
government employees, as well as third parties, would contribute little to the public's
understanding of government activities. By contrast, such disclosure would constitute a
"non-trivial "and "not insubstantial" invasion of government employees', and the third
parties, privacy, interests. ]d. at 500, 501. As such, the names of government
employees and of third parties to the e-mails are withheld under Exemption (b)(6).

Due to the FOIA's release rules, any individual may request this information, and all
requestors must be treated equally. Releasing this information would have severe
privacy implications, as anyone would be able to contact these individuals at any time
for any reason. They could be subject to unwarranted inquires, harassment, and
possibly even identity theft. These are substantial privacy interstest of the individuals
whose names and identities appear in the e-mail correspondence. Because of this, in
this case it is clear that the privacy interests outweigh public interest in disclosure.
Individuals have a valid interest in regulating who receives their contact information.
They should ultimately decide whether it is made publicly available. Accordingly, we
have redacted the information from the responsive documents.

This letter constitutes a partial denial of your request and is carried out in my
capacity as the representative of the Initial Denial Authority ("IDA"). Please note that all
fees for search and review have been waived. If you desire a determination by the IDA
regarding this partial denial please write to me and I will present the matter for his
consideration. If you have any questions about this letter please contact me at (703)
602-8646, by email at CIO/G6FOIATeam(3>hqda.armv.mil, or visit our website at
www.army.mil/ciog6/footer/foia.html.

Sincerely,

^5ale DeBruler
Chief, Freedom of Information
Office

2
N E T C M i P S ^ r m y SignalXommand
—Eli

OFFICIAL ARMY WEB SITES SCANNED


(SEPTEMBER 2006)

• Number of WEB Sites scanned SEPT 06: 25


(1,500 registered)

• Number of pages scanned in SEPT: 351,899

• Number of content violations verified and


corrected: 21

3/13/2007
UNCLAS
th
Ill J* UUMIIUIU V - '•-''•
Jmmand mmmmmmmmm
*•*&&£•••••••• . . -. • v s r r : •;•;•

AWRAC FINDINGS REMEDIATED


SEPTEMBER 2006

21 m FORCE PROTECTION

• COMMUNICATIONS

D LOGISTICS

PERSONNEL
. • . . ' - * . . • ' . ' - • ' • " • •

:
• • • ' : . ' ' '

OPERATIONS

CRI1"ICAL
1INFF&VJSTRUCTURE
1 1
IOCONMXT
o
3/13/2007
AWRAC FINDINGS REMEDIATED
OCT 2005 to SEPT 2006

FORCE PROTECTION

COMMUNICATIONS

D LOGISTICS
•.•ViV\

• PERSONNEL

OPERATIONS

a.-CR.lTICAC S
INFR^STRUCTgRE
CONTEXT
NETCOM/9H\Army Signal Command

Army Web Risk Assessment Cell (AWRAC)


Traditional Web Sites - Content Violations
• Web Sites • Violations

1400

1200

1000 29,171 Web 331,127 Web 278,388 Web 441,254 Web 1,079,940 Web
Pages Scanned Pages Scanned Pages Scanned Pages Scanned Pages Scanned
800
Violations
539
600

400
Violations Web Site
Violations Violations
Wph Sites U£J Violations 167
200-r7VeDii,tes 449 Web Sites 115
114 WebSites C—i _,—

29
/—
,/zmr.
Jun-06 Jul-06 Aug-06 Sep-06 TOTAL Jun-Sept 06

3/13/2007
UNCLAS
NETCOM /-9 th Army Signal£omrnand

Army Web Risk Assessment Cell


Site of the Month
• 3 District Commander tliography - Microsoft Internet Explorer.
Fie Edit View Favorites Tools Help
.fwratK
«

®* •
Addrsii ^jf}http://www.saw usacearmy mil'li Jranet/i :ol6to.him ?HHGo A-v*s~-
:utd i i m IU i MI my b L u j u r u Lear i'iajui i m sptjoiktj iiniefTC m
French, as wet as limited German and Spanish,
Since his commissioning In 1982, Colonel Putllam has served In a wide variety of
command and staff assignments In the United States, Europe, Southwest Asia, and the
Caribbean, He commanded the Army's 3 0 t h Engineer Battalion (Topographic) at Fort
Bragg, North Carolina, from 2000 to 2002, and commanded both mechanized and
airborne engineers In Germany and at Fort Bragg while at the company level In the early
and mid 1980s, Other key assignments In his career include service as the French and
Italian Desk Officer for International Army Programs, U.S. Training and Doctrine
Command, In the early 1990s; a deployment to Haiti in 1996 as the United States
Liaison Officer to the Government of Haiti for Electric Power Production; and as
Executive Officer to the Deputy Special Representative of the President for Global
Humanitarian Demlning In Washington, D.C., from 1997 to 1998. Most recently, Colonel
Pulllam served as the Chief of Engineer Operations for United States Central Command
(CENTCOM), working for Generals Tommy Franks and John Ablzaid In execution of
Operations Iraqi Freedom and Enduring Freedom.

Among his decorations, Colonel Pulllam has been awarded the Defense Meritorious
Service Medal with Oak Leaf Cluster, the Army's Meritorious Service Medal with two Oak
Leaf Clusters, the Global War on Terrorism Expeditionary Medal, the Army Staff
Identification Badge, and the French Army's National Defense Medal (Sliver Rank), He is
a Sapper and Master Parachutist.
Colonel Pulllam Is married to the beautiful and talented Jacqueline Langlols Putllam,
herself a software engineer Instructor and the daughter of a Tennessee Baptist
Minister. They have twin eight-year-old daughters, Katherlne Anne (Katie) and
Jacqueline Alexandra (Alex).
n
In the last paragraph of this Colonel's biography, I discovered his wife's full name, as well as the names and
ages of his twin daughters. While these types of findings are becoming more rare, they are still being found in our
scans. After I sent an email notification to the webmaster of this site, 1 promptly received a return call saying this
issue was resolved, and this paragraph is no longer part of the Colonel's biography.

3/13/2007

UNCLAS
mm
NETCOM/9 th Army Signal Cbmri

WEB LOG VIOLATIONS


(WILD BLOGS)

• BLOGS:
• Total scans: 75 in SEPT 2006
• Total manually reviewed: 305
• Number of pages scanned in SEPT 2006:
209,435
• Number pages with possible violations: 6,538
•Number reviewed: 6,538
• Number of content violations: 0

3/13/2007
UNCLAS
.;:~
NETCOM / 9 th Army Signal;Command
V " ' . ' ' - - • ' — - i ~ i >—,-«,—_^___ *, -----J-L- • • ; _ _ _ / • ' - -

Army Web Risk Assessment Cell (AWRAC)


Web Log (Blog) Sites - Content Violations
Web Sites Web Sites Q Web Sites V i o l a t i o n s hteb Sites Web Sites
u
49 50 ™ ' 75 174
40 -A y. •"••
z=
1
f.-.- v •••„'„•£:

30 H '

m
20 27,400 Web 199,882 Web 844,979 Web
408,262 Web 209,435 Web
Pages Scanned Pages Scanned Pages Scanned Pages Scanned Pages Scanned
W
Pf
10
Violations!
Violations 3
1

6-Jun 6-Jul 6-Aug 6-Sep TOTAL Jun-Sep 06

3/13/2007

UNCLAS
NETCOM / 9 t,v Army Signal
- • - • .

^ ^ • • v ^ . . ; . - ; " w ^ -
: r ^
Command
: •WUfcUWH!

B logging Policy
So what restrictions are imposed on us milbloggers you may ask? Well
read the policy for yourself. Personally I think it's pretty relaxed,
here's a few exerpts:
Soldier
MULTI- Prohibited information. Any official information t h a t is
NATIONAL generally not available to the public and which would not be Blog
released under the Freedom of Information Act. Examples
CORPS-IRAQ
include but are not limited t o :
about
Policy for Unit 1) Classified information OPSEC
and Soldier
Owned and
2) Casualty information before the next-of-kin has been
Policy
formally notified by the Military Service concerned.
Maintained 3) Information protected by the Privacy Act.
Websites 4) Information regarding incidents under ongoing
investigation.
L 5) For Official Use Only information.

Personal web sites and web togs. Personal web sites and web
(ogs produced in a personal capacity and not in connection w i t h
official duties need not be cleared in advance. However, i t is
the responsibility of MNC-I personnel to ensure that any
personal web sites and web logs do not contain prohibited
information as defined In this policy. MNC-1 personnel who
have any questions regarding prohibited information may
submit the information to their servicing S2/G2/C2 for
classification questions or to their PAO for other questions.

Soldiers appear to be more aware of OPSEC violations judging by both


comments in blogs and a decrease in violations, http://bandit36.biogspot.com

3/13/2007

UNCLAS
NETCOM/.9 th ArmySignal Command
I
1
• : - - : : z U l - - - • - ^ : — - • " " - - ^

OFFICIAL ARMY WEB SITES SCANNED


(AUGUST 2006)

• Number of WEB Sites scanned AUG 06: 42


(1,500 registered)

• Number of pages scanned in AUG: 728,273

• Number of content violations verified and


corrected: 118

3/13/2007
UNCLAS
NETCOM79^ ArmySignaLCpmmancJ

AWRAC FINDINGS REMEDIATED


AUGUST 2006
90

118 ^80 H FORCE PROTECTION


80

70 COMMUNICATIONS

60
D LOGISTICS
50 -

DPERSONNEL
40

OPERATIONS &£r
30

20 ©CRITICAL,jn
INFRASTRUCTUREv
qCONTEXT

3/13/2007
UNCLAS
d
n
>
NETCOM / 9 th Army Sig qjTjmand

Army Web Risk Assessment Cell (AWRAC)


Traditional Web Sites - Content Violations
a Web Sites • Violations

1400-

1200

1000 29,171 Web 331,127 Web 278,388 Web 441,254 Web 1,079,940 Web
Pages Scanned Pages Scanned Pages Scanned Pages Scanned Pages Scanned
800
Violations
571
600

Web s n s
Violations Violations Violations
Violations
149 Websites 16i
Ned bites Websites 114
71
29 42
/777T-
U / ' a i l BBWB
May-06 Jun-06 Jul-06 Aug-06 TOTAL May-Aug 06

3/13/2007

UNCLAS
XPQM / 9^Army Signal C o m m a n ^

^ i j E l Go • I Link!

-CD

>. >•-.'•:>?. N o -tJttl1lle* , *'?^ A


COffUfl htlps://bialilotid.rntvT3rmv.mil ftfaaiM) Rf= T * o
USAREUR
JfMMWW^^WSSJ^]]
KUWAtT hMp3://ceTtilv1.orlflJTn.orcent.anny mil
TY^I Mttttn U**r -J-. U3FK htl$>s t//UB F M t v . k o r e n . o r r n y* m i l i M t i t h i Hod* InWrrtmito* 1 " 1
TRAINER hitp^iO'Triilner.rfitv.armY^mlf
—tJ £l*fllro*ilw Dal*
m?Hs9ffH*

113 I i * [ • M O O |U|H HH
Dr>wnkpndecJ ( 0 &> I VLS Unknown Zone

This site was found while reviewing a Scan Request earlier this week. It depicts a portion of their
communications network and the names of servers and routers. A notification has gone out to the unit, and I am
currently working with the webmaster to get this item removed from public access.

UNCLAS
NETCOM / 9 th Army Signal Command •

WEB LOG VIOLATIONS


(WILD BLOGS)
• BLOGS:
• Total scans: 70 in AUG 2006
• Number of pages scanned in AUG 2006:
408,262
• Number pages with possible violations: 7,051
• Number reviewed: 7,051
• Number of content violations: 1
• Photos of I ED damage.

3/13/2007
UNCLAS
NETCOM / 9 lh Army'sigrial CommarfflS

Army Web Risk Assessment Cell (AWRAC)


Web Log (blog) Sites - Content Violations
W e b Sites T
| g Web Sites Violations Veb Sites Web Sites
49 70 174
40 -zi
Web Sites
33
F
30
I
20
295,096 Web 27,400 Web 199,882 Web 408,262 Web 930,640 Web
Pages Scanned Pages Scanned Pages Scanned Pages Scanned Pages Scanned

6-May 6-Jun 6-Jul 6-Aug TOTAL May-Aug 06

3/13/2007
UNCLAS
Although he is no longer in the military, this former soldier has been
contacted about his photos which expose the weaknesses in our
equipment. A request was sent to the soldier's website on 29 Aug 2006
for the pictures to be blocked or removed. No response has been received.

3/13/2007
UNCLAS
) NETCOM / 9 t h Army Signal Command I — —

OFFICIAL ARMY WEB SITES SCANNED


December 2006

• Number of Web Sites scanned in DEC


27 (1,500 registered)

• Number of pages scanned in DEC:


59,287

• Number of content violations verified and


corrected: 150
3/13/2007
UNCLAS
NETCOM / 9th Army Signal Command

AWRAC FINDINGS REMEDIATED


December 2006
95
,150 M FORCE PROTECTION

COMMUNICATIONS

D LOGISTICS
• ;

DPERSONNEL

OPERATIONS

i& DCRITICAL wm
INFRASXRUC :
A. J_ p
MNTEXT <"<-:.

m. -m^emyd
3/13/2007
NETCOM/9 t h Ar . Command

AWRAC FINDINGS REMEDIATED


OCT 2005 to DEC 2006
M FORCE PROTECTION

COMMUNICATIONS

• LOGISTICS
,
• PERSONNEL

OPERATIONS

• CRITICAL
INF=RASTRi|C HUB
• CONTEXll;


OTHERS

3/13/2007
IBHMJ1MI
ETCOM / 9 t h Army Signal Command
_ — • • • • .- . ' • — " • " : • - " . • • ••••:::-• v : . . ' • - . " - -

Army Web Risk Assessment Cell (AWRAC)


Traditional Web Sites - Content Violations
• Web Sites • Violations

1400-

1200

1000 29,171 Web 331,127 Web 278,388 Web 441,254 Web 1,079,940 Web
Pages Scanned Pages Scanned Pages Scanned Pages Scanned Pages Scanned
800

600

400
Violations
200 -hweb Sites TT5

Sep-06 Oct-06 Nov-06 Dec-06 TOTAL Sept-Dec 06

3/13/2007

UNCLAS
NETCOM / 9*h'Army Signal Command
mm

Army Web Risk Assessment Cell


Site of the Month

'3Approwed5ources - Microsoft I n t r m r l Explorer


Pite Edit'' • view ' FavoMtns ' Tools.' Holp

0MB. W^MMHW& '^M^« • j & t ^ v ^ ^ f £ J1 ©


Address | s & l htto://vets.annedd. army. mil/ 86 £ ^ 7CftOO 4D-H61 /Cont cot/ApprovedSour c M " 2 jj3 G° \| Llfo

DOD Directory of Sanitarily Approved Food


Establishments for A r m e d Forces
Procurement
TJnite(1 States i i i c k u l i n s Alsiskn mul H a w a i i . Cnundn, t h e Cnrribean A r e a nml S o u t h A m e r i c a D i r e c t o r y

Pacific R r s i o n D i r e c t o r y

Europe Recioii Directory

KOI-M Directory

C E N T C O M D i r e c t o r y - access f o r non-TJS A i i n y Veterinary Service P e r s o n n e l .

C E N T C O M D i r e c t o r y - access for ITS A r m y V e t e r i n a r y Service P e r s o n n e l ,

Access to the C E N T C O M list is restricted. N o n - U S Aiiny Veterinary Service in d m duals must request a login and password.
Access to all other list is unrestricted at tlus time. If y o u require access to the C E N T C O M list please Click here.

This is a positive example'of how a command can hyperlink to items. TheCENTOM


£ood Directories are password protected due to their locations. A notification was sent
to this command to recommend using a password on the other regions as well. ; • -

3/13/2007
UNCLAS
: N E T C ( } M / 9 t h Army Signal Command
. :•-•- • ' , ' • ••' '. _ _ „ •••••_•_ " • -

1 - t t w w n

UNOFFICAL WEB LOGS REVIEWED AND SCANNED


DECEMBER 2006

• Blogs:
• Total Manually Reviewed: 431

• Total Scans: 43

• Number of Pages Scanned: 524,372

•Number of Content Violations: 0

3/13/2007

UNCLAS
V
th
NETCOM / 9 Army Signal Command

Army Web Risk Assessment Cell


Web Log (Blog) Sites - Content Violations
\Web Site:s \ Veb Site s
Web Sit.3S |nwe!b sites • Violatio m- Veb Site s
75 /o DJ 40 256
yin-v' s.?.r. . -- • j ^ .:- ,-. S
- / ' . - . - •• > / . :...J J < . » I . > . . . . . . . . >•
4U~ ;j

- • ; • ! I
•.-I

• • - • ' *

i
'
iis£ ' ' ; j
'•

"'
I • • - :
\

I !

30-'
'
'

m
i
i •

1
> i
:
* -
onJ"
cu
/• • • :

!i • . - ;

20 9,435 W eb i 56,782 tf /eb 1 24,687 1Web 5 24,372 \Veb 9 25,236 VVeb


Pa ges Sea nned f3 ages S canned p'ages S<;anned P ages Sc.anned P ages Sc anned

I 1
1 • ' : •
!
L
! 1
:V -•;
;
; 1
10- * : t i
\ _ : . . - . - •
| Violatu?n«
\ • . " •
^Violation s • •

|Violatior I S • • ; •

| 4
| Violations . • _ • ' . • '

2 .* 2 ! Violations . ^ ^ M ^ M M

0 - £m

6-Sep
0
'• jay" ,.^_ i t ksi-
6-Oct
-Y-3 =
1

6-Nov
H r • f '—-
6-Dec
1—1 •* 1

TOTAL Sep-Dec 06
! J —-r-}

3/13/2007
TJNCLAS
..

TGOM7'9"?. Army Signal Command


• .

iiti _ J,

Blog of the Month


•In Country
Soldier •We're here in Iraq now. I won't be biogging anything cool
comments in probably while we're here though. I remember really
blog about
OPSEC enjoying a few blogs at the beginning of the war, but they
were pushing the limits a little bit on OPSEC and I don't
plan to get anywhere near those limits. Names, places,
time, movements, and tactics won't be talked about except
either in very general terms or after the fact.

The Army's efforts to educate it's personnel about


OPSEC vulnerabilities regarding websites GO-ARMY!
appears to be paying off judging by this soldier's REDLICE
comments in his blog.
http://www.xanga.com/AnAmericanSoldier VIOLATIONS,
M

3/13/2007
NETCOM/ 9!h Army Signal Command,

OFFICIAL ARMY WEB SITES SCANNED


January 2007

• Number of Web Sites scanned in January: 172


(1,500 registered)

• Number of pages scanned in January: 48,574

• Number of content violations verified and


corrected: 11.4

3/13/2007
UNCLAS
i&KS!
NETCOM / 9 t h Army Signal Command

AWRAC FINDINGS REMEDIATED


January 2007
;•. - iv.-.- •. • . . ;;..-

114 FORCE PROTECTION

COMMUNICATIONS

—__
• LOGISTICS :

DPERSONNEL

OPERATIONS

CRITICAL!
INFRASTRUCTURE; 5
OeQNTEXTl

3/13/2007
NETCOM / 9 , h Army Signal Command
I

AWRAC FINDINGS REMEDIATED


OCT 2005 to JAN 2007
800

FORCE PROTECTION

COMMUNICATIONS

D LOGISTICS
• . • • •

:

D PERSONNEL

OPERATIONS

OH CRITICAL
JNF=RASTRUCTURE
JCONTEXT

PI^OTHER;
*juu
3/13/2007
UNCLAS
X p / 9 lh ;Army SignaliCpmrnand —

Army Web Risk Assessment Cell (AWRAC):


Traditional Web Sites - Content Violations
• Web Sites • Violations Violations
2,049

1400-

1200 Violations
1016
1000 114,848 Web 59,287 Web 59,287 Web 332,458 Web
158,323 Web
Pages Scanned Pages Scanned Pages Scanned Pages Scanned Pages Scanned
800

600

400

200

0
Oct-06 Nov-06 Dec-06 Jan-07 TOTAL Oct 06-Jan
07

3/13/2007

UNCLAS
NETCOM / 9"? Army Signal Command
H m w m

Army Web Risk Assessment Cell


Site of the Month
y
Ksijujjjj'...i.i.'ii ...L-*^i.h••••;I..I,..W.I>..:.r^wM.-.•;••• • rH;."JIJ?WUW,IWIJT<IJIIJI.• I^-^Tr:7 ! ^i:?J 1 »^-7 v ?/ij!!r^^v ; r!'d!. : *' ;
™ . . .
"" .'': ~!7 -^
•usr*
H

:
FUe ."jEdft GO. To FovoHtdJ.. Help 1
•SSI* §1 'X"
: .: '"':
<OW't- «£>:.'> ErMs]'.'.^! ^ ^ • • ^ r w ^ ^ j:^?||> ;i&Q I
Address |-'«J ^tDr//www.ml,armyJrrptf/mairi/t'1aln/Oov^osdfid^
2Ts
|H Clltk'Hirte r
Go Links • * *

**n ror
©•.. l ^ V - I '\-Js\" .'.:>~~^- *'" - •:"r"-'' i f ' ^ ' ^ w
**- i; " Y f

Collaborative Technology Alliance

Advanced Decision
Architectures
CTA Overview
CTAC
29 A p r i l 2003

Collaborative Alliance JWanager


-=•- L

This is one of the concerns from the Army Research Lab for January. There are several briefings that go into
some detail and contain personnel's names and email contact information; When the notification was sent to the
ARL, a response from the PAO stated that they were aware of the Army Regulations but they felt this info is
necessary on their publicly accessible website. The email is on the next slide.
:
' • • • "

— 3/13/2UU/

UNCLAS
•NETCOM/9l h ; Army Signal Command • — — i i i ••*

Army Web Risk Assessment Cell


Site of the Month

Lick war-
As per our conversation of January 9th, below is the response to your December email, "48 OPSEC Concerns on Public Website."
ARL is fully cognizant of the need to follow proper OPSEC procedures, as well as the DA and DoD guidance. In September of 2005,
ARL used the established guidances in craning its own regulations on how material would be published on the external internet site.
This policy also «ARL-MEMO-25-70.pdf» took into account the need for flexibility to pursue ARL's stated mission as the Army's
corporate laboratory, and reflected our dedication as an organization to proper OPSEC procedures.
We recognize that names and contact information are posted on the external server. However, the posted information pertains to
recognized POCs for internal lab programs. Quoting the ARL memo, these POCs help ARL "act as the bridge between the science
and technology community and the warfighter." The relevant section of the policy is below for your convenience. Additionally, I have
attached the full policy in PDF form to this file.
With this in mind, ARL believes the content on its internet server is in conformity with the existing guidance. Should you have any
immediate questions, you may reach me at 301 -394-1889. ARL's Associate for Corporate Programs, Leonard Huskey, oversees the
website and maybe reached at 301-394-4154.

-Paul D, Schmitt
ARL Public Affairs Office
301-394-1889

ARL MEMO 25-70


5. POLICY AND PROCEDURES
(2) Content.
(b) Information NOT Appropriate or Releaseable
(vi) Information of a personal nature which could be used to identify an individual or their location is prohibited with the exception
of 1) and 2) below. The consent of an individual does not negate this requirement. All Internet references shall be anonymous with
reference to an organization, a generic office symbol, centraforganization phone number or function-based email address,
* 1) The posting of names and contact information for the ARL Director and the ARL Public Affairs Officer is permitted.
** 2) ARL is not an insular organization. Its success hinges on its ability to act as the bridge between the science and technology
community and the warfighter. ARL has identified technical topics that are essential to its mission accomplishment and has assigned
responsibility to select individuals for communicating with the public in these topical areas. It is in these areas that ARL must
effectively collaborate with the public sector.
For those individuals designated as technical topic leaders, their duty descriptions and performance objectives designate them as
organizational spokespersons and recognized leaders in their specialty fields and they require a high-level of unrestricted national
visibility to carry-out their duties. Their duties include: being readily identified and contacted as the Army's lead for discussions of
potential new extramural programs in their area of expertise; being sought out to serve on special task forces and committees; being
sought as a consultant by other specialists; and receiving invitations and address national professional organizations.

3/13/2007
_

NETCOM / 9 t h Army Signal Command !


M M M M J i t < H M

UNOFFICAL WEB LOGS REVIEWED AND SCANNED


January 2007

• Blogs:
• Total Manually Reviewed: 0

• Total Scans: 42

• Number of Pages Scanned: 127,346

•Number of Content Violations Corrected: 10


i

3/13/2007
UNCLAS
N E T C O M 7 9 * Army Signal Command WRASSES •$>Gmxm
— - - • • •' : • • • - : : — ~ — • • ' • - ••- - - • . • • • • • • - • -

Army Web Risk Assessment Cell


Web Log (Blog) Sites - Content Violations
Web Sites Web Sites n W e b Sites V i o l a t i o n s [eb Sites Web Sites
78 63 ' mr 42 223
40 zz
I i
;

30 408,262 Web 209,435 Web tfl 66,782 Web 127,346 Web 811,825 Web
Pages Scanned Pages Scanned Pages Scanned Pages Scanned Pages Scanned
:

20
Violation^

14
Violation
0
10-ji
Violation^ ?Violations
0 2 Violations
2

6-Oct 6-Nov 6-Dec 6-Jan TOTAL Oct 06-Jan


07

3/13/2007

UNCLAS
NE1 7;9$ Army Signal Command MKWHbMUStft

Army Web Risk Assessment Cell


Blog of the Month

This we're featuring a blog from a service member which is displaying battle damage to his humvee after a
: supposed hit .and run. A notification has been sent to this blogger and the AWRAC team is currently waiting for a.
resborise;.P-:^/: 'Zf^-yf'/.£*:'• - p.-;;p';
• tf-JStythj-O- >& & [ a l : j j M l Petef An«ita^,-ir|-|^MIrfwtrfraca:,;,J''^;FWr6Wtel<)ani...|-SlRAQ, BA6HPA... H ^ l http://ht>m«U ! " | j j 5 | ! p ^ ^ ^ > i a g » ^ « « g ^ » < » - 2:31 PM
5!

3/13/2007
UNCLAS
p.^N ETCQl^^ Signal ^Cpmniand" ^ f l ^ . ^ j S L

OFFICIAL ARMY WEB SITES SCANNED


(JUNE 2006)

• Number of WEB Sites scanned JULY 06: 71


(1,500 registered)

• Number of pages scanned in JULY: 441,254

• Number of content violations verified and


corrected: 28

3/13/2007
UNCLAS
AWRAC FINDINGS REMEDIATED
JULY 2006

m FORCE PROTECTION

COMMUNICATIONS

• LOGISTICS

• PERSONNEL

OPERATIONS

• CRITICAL
llNFRA^RUpTURe
• ,-- p i
1
>.;>•;• •••:

ppsj^l^i^'. ill
3/13/2007
NETCOM / 9 th Army Signal Command
M

AWRAC FINDINGS REMEDIATED


OCT 2005 to JULY 2006
600
FORCE PROTECTION

500 • COMMUNICATIONS

D LOGISTICS
400

PERSONNEL
' iHl
OPERATIONS

ED CRITICAL
^INFRASTRUCTURE
D CONTEXT

OTHER
NETCOM / 9 t h Army Signal Command
•«•—mm t-m.mx-MtittMMi

Army Web Risk Assessment Cell (AWRAC)


Traditional Web Sites - Content Violations
D Web Sites • Violations

1400

1200

1000 29,171 Web T_r 331,127 Web 278,388 Web 441,254 Web 1,079,940 Web
Pages Scanned Pages Scanned Pages Scanned Pages Scanned Pages Scanned
800 Violations
611
600

400
Violations Violations Violations Violations
/VebSites 1
,nn .WobSitCG 154 447 Web SUes—t4S WebSites ^1

Apr-06 May-06 Jun-06 Jul-06 TOTAL Apr-Jul 06

3/13/2007

UNCLAS
a Pathfinder 3IOC TTP
S u m m s v Oon???t bra afrald??????.???Embrace it???love lt???llve l t ? ? ? P » t h f l n d e r Access: Access Unit P a t h f i n d e r Server. Install IZ Analyst
N o t e b o o k Pluo-lnvislt Untt P a t h f i n d e r w e b o a g e ,
r i e Fannat: Microsoft P o w e r P o i n t - A u t h o r : florlnda.white
to ftftYTR Knciwledg? Center L K t Uod-ated t v v v vyMM/MTO: 2 0 0 e / 0 5 / i o
Q Army W e b Risk Ass^stmoni: g DCQS-A i C J T T P
.ell (AWRAC) Horn*?
@J Pathfinder 3IOC TTP
mSE^*MZ:^:IL
Army Orfj-anlzatlons has m o v e d .
To access, dick t h e Site Mao t a b .
5 - i n . m i i ^ Don?7?t b e afraid??????. ???Embrace lt???love lt???llve It F ? ? P e t h f i n d e r Access:Access Unit P a t h f i n d e r server. Install 12 Analyst
N o t e b o o k Pluo-lnVlsIt Unit P a t h f i n d e r w e b p a a e .
File Farrnax: Microsoft PowerPoint - A u t h o r : florlnda. w h i t e
Last u p d a t e d < v V t f / M M / D O ) : 2 0 0 S / 0 5 / 0 0
33 "3. AtitMrfJS Serv^kres g| DCGS-A I G3 PathFlnder
GS S. .o.rm5' e-Cpmmsrce
03 9° Mv Beneftts B FM 3t21*3ffl FEF
® & MV Education S'jrr.msi v Many units rnlaht have n o trained p a t h f i n d e r assets. Non-oathfVideT-quallfled Soldiers receive training from tHs p a t h f i n d e r s and
B3 S My Famltv form a company-level p a t h f i n d e r t e a m .

• r^r^r^j nsrF*3 1^31^7^^.


flMjSt.gr 11 J EST i S :<£>; [ a j *j "(Pi Inb^K - Mfrr6sof.il 1 BjirotreatBrraJnui;-..'! 'ai*(H:]il.lrkw..iT)M"o...| jT#1 Microsoft "ptwgr,,: | j £ } RrWiy (Cho^lcd-..^- f | 7 I LS] fe3 J t t Q r ^ v % f " i l ^ 12:31 PM
<
On Friday, July, 28, an email was received requesting that the AWRAC look at a slide show hosted on AKO. Upon investigation,
it was discovered that this item was a SECRET document that was posted on an UNCLASSIFIED network. An immediate
notification went out to AKO, who then removed the document from their server. The employer of the contractor that posted
this item has also been notified. This is a snapshot of the search in which the document was found.
3/13/2007

UNCLAS
NETCOM / ?'K Army•: uAMttUJHUBBMuuimiwnssi
——

WEB LOG VIOLATIONS


(WILD BLOGS)
• BLOGS:
• Total scans: 50 in JUL 2006
Q Number of pages scanned in JUL 2006:
199,882
• Number pages with possible violations: 3,909
• Number reviewed: 3,909
• Number of content violations: 1
• Former soldier notified, no response, unit
notified, new e-mail address located, but soldier
still has not responded.
3/13/2007
UNCLAS
M N E T C Q M / a ^ Army Signal Command

Army Web Risk Assessment Cell (AWRAC):


Web Log (blog) Sites - Content Violations
Veb Sites Web Sites
D Web Sites • Violations
jjg 50 174
40 /• :'
Web Sites
33
Web Sites
30 f6?
30 :
i

20
1,108 Web 295,096 Web 27,400 Web 199,882 Web 523,486 Web
Pages Scanned Pages Scanned Pages Scanned Pages Scanned Pages Scanned

10
Violations
3

Apr-06 06-May 06-Jun 06-Jul TOTAL Apr-Jul 06

3/13/2007

UNCLAS
Excerpts and pictures from a former soldier's blog from A/1-12 CAV, Fort
Hood. Soldier was contacted previously by the U.S. Army HRC in St Louis
about his photos exposing the weakness in our weapons system. He
blocked four but not the ones featured in this slide. AWRAC sent a
request to the Soldier 20 July 2006 with pictures to be blocked or
removed, no response. AWRAC then sent a request to command. The
command reply states he is no longer in the military, but they would make
every effort to contact member and have photos removed.
UNCLAS
WiV^l
NETCOM/9th Army Signal Comman

OFFICIAL ARMY WEB SITES SCANNED


(JUNE 2006)

• Number of WEB Sites scanned JUNE 06: 29


(1,500 registered)

• Number of pages scanned in JUNE: 278,388

• Number of content violations verified and


corrected: 33

3/13/2007
UNCLAS
. -•-TC0M/9^ArmySignayCbmmand

AWRAC FINDINGS REMEDIATED


JUNE 2006

m FORCE PROTECTION

• COMMUNICATIONS

• LOGISTICS

DPERSONNEL

• OPERATIONS

• CRITICAL
INFRASTRUCTURE
&
• CONTEXT
• ; • • •

3/13/2007
/ 9 t h Army Signal Command
; • • • : ;

AWRAC FINDINGS REMEDIATED


OCT 2005 to JUNE 2006

U FORCE PROTECTION

• COMMUNICATIONS

D LOGISTICS

• PERSONNEL

• OPERATIONS

• CRITICAL
.INFRASTRUCTURE
• CONTEXT

K)THER
"37T37ZDDT
~ / ^ ; !^.^ ; , -r-.^- - j ?*.-.•. i

HSaiSiaKHIKlWKS^attStt
; N E T C O M / 9 t h : A r m y Signal Command

Army Web Risk Assessment Cell (AWRAC)


Traditional Web Sites - Content Violations
• Web Sites • Violations

>* —
1400-'

1200-'

1000-'

* 52,822 Web 29,171 Web 331,127 Web 278,388 Web 691,5 08 Web
800
Pages Scanned Pages Scanned Pages Scanned Pages Scanned Page;s Scannc;d
3/0

600-

Wf»h s it.fi fi
400-'
Violations 273
Violations Violations
Ma \A/n h CStAcvloiailons x-"
ive
D bites 1fiR A/n h Ritr" 151 149
200- 96 92 ^ j ^ V/eb S ' t e i ^ ^ ™
Rfl
:
_ . - • / . .

56 M

0-'
/
1
^Wrrm u ....• ^^T 2
29
. . - . • ; • . • • .

Mar-06 Apr-06 May-06 Jun-06 TOTAL Mar-Jun 06

3/13/2007

UNCLAS
s://www.cs.dnieddoimy.n>il/bullistiiJininrj/maps/CB_Re(j350M3pI.pdf - M i c r o s o f t I n t e l net Enplm

t-
2-
3-
4-
5-
6-
7-
8-
9-
10
11
12
13 - Automated Record Fire
14 - Modified Record Fire
15 - Grenade Launcher Range
16 - Hand Grenade Qualification Course'
17 - Hand Grenade Familiarization Range

This map was found during a scan of an AMEDD training facility in TX on'
22 JUN 06. The webmaster was notified, since it displays specific training Ld
areas on the site.
IStP $ EB £?". ® El,:.• j : W\ '"box..- Micro,., g ) Watchfire W,; ^ ' - C j netcomb :22 AM
r f

: : — — - . " . 1 ^ ^ - • ' / • • - , • • :

th
NETCOM / 9 Army Signa

WEB LOG VIOLATIONS


(WILD BLOGS)
• BLOGS:
• Total scans: 49 in JUN 2006
• Number of pages scanned in JUN 2006: 1,615
• Number pages with possible violations: 998
• Number reviewed: 998
• Number of content violations: 1
• Soldier notified, no response

3/13/2007
UNCLAS
NETCOM / 9 t h Army Signal Command •

Army Web Risk Assessment Cell (AWRAC):


Web Log (blog) Sites - Content Violations
ID Web Sites V i o l a t i o n s fVeb Sites Web Sites
49 124
7"*~r
40
Web Sites
Web Sites 33
30
30 Web Sites
25 s

20 295,096 Web 27,400 Web 1,615 Web 325,219 Web


1,108 Web
Pages Scanned Pages Scanned Pages Scanned Pages Scanned Pages Scanned

Mar-06 Apr-06 6-May 6-Jun TOTAL Mar-Jun 06

3/13/2007

XJNCLAS
Excerpts and pictures from a soldier's blog at Camp Phoenix, Afghanistan:
'There is a mountain nearby that people from Camp Phoenix climb from
time to time, and about a month ago I'd decided I would put my name on
the waiting list to go...I ended up getting to the top in 45 minutes...."
Soldier contacted 19 JUN 06 about providing information on troop
movements, locations, and vulnerabilities. No response as of 23 JUN 06.
3/13/2007
UNCLAS
NETCOM / 9 t h Army-Signal Command

OFFICIAL ARMY WEB SITES SCANNED


(APRIL 2006)

• Number of WEB Sites scanned MAY 06: 92


(1,500 registered)

• Number of pages scanned in MAY: 331,127

• Number of content violations verified and


corrected: 295

3/13/2007
UNCLAS
NETCOM/ 9 t h Army Signal Command
• ..:_':\ ,

11
•__i_n.mlmJ.i_L.i_-.ji.- Maui i.—_..-r j _ ..•• . j — _t jtftgJ . •i.W-Lli.mtl ^luw. m j_xJ.M-imi%j&m^mJB

AWRAC FINDINGS REMEDIATED


MAY 2006

• FORCE PROTECTION

• COMMUNICATIONS

P LOGISTICS
- - . , • • - : . •

DPERSONNEL

• OPERATIONS

SMi?iTifcXi?s
^INFRASTRUCTURE:;
•JCONTEXT
•mm
H:,^

SMIK#A^^lter -: • ..-••••••

3/13/2007
AWRAC FINDINGS REMEDIATED
OCT 2005 to MAY 2006

El FORCE PROTECTION

• COMMUNICATIONS

Q LOGISTICS

DPERSONNEL

• OPERATIONS
• ' . ' • ' . - . • • •

D CRITICAL
JNFF^STRJUCTURE
INFRA3TF
$&* :
OGONTEXT ,jmm ^

37T3720UT
:
— - r-^ • . - - • • • - . , • • — ~ - — . - . - • . . . * ; • - : ^ - — ~

-NETCOM / 9^ Army Signal Command • ' • • • * • ; * . '

Army Web Risk Assessment Cell (AWRAC):


Traditional Web Sites - Content Violations
a Web Sites • Violations

1400

1200
Violations
1000 905

800 60,407 Web 52,822 Web 29,171 Web 331,127 Web 473,527 Web
Pages Scanned Pages Scanned Pages Scanned Pages Scanned Pages Scanned

Feb-06 Mar-06 Apr-06 May-06 TOTAL Feb-May 06

3/13/2007
UNCLAS
|tf
|L
.iC

raa
r,-

->,
L
| -

P>
•s
r> —I

^ i
1ff fj
ft
o
II 3 -n

13 1
WEB LOG VIOLATIONS
(WILD BLOGS)

• BLOGS:
• Total scans: 33 in MAY 2006
• Number of pages scanned in MAY 2006:
27,400
• Number pages with possible violations: 636
• Number reviewed: 836
• Number of content violations: 1
• Soldier's chain of command notified, content
removed the same day.
3/13/2007
UNCLAS
" :'v''--'; — .
IgNETCOM./.9 th
Army Signal Command !^W

Army Web Risk Assessment Cell (AWRAC)


Web Log (blog) Sites - Content Violations
• Web Sites • Violations Web Sites
124
40 y—
Web Sites
Web Sites 33
s /
30
30 Web Sites
25

20 295,096 Web 27,400 Web 331,424 Web


2,239 Web 1,108 Web
Pages Scanned Pages Scanned Pages Scanned Pages Scanned Pages Scanned

Feb-06 Mar-06 Apr-06 6-May TOTAL Feb-May 06

3/13/2007

UNCLAS
NETCOM / 9^ Army Signal Coh^mand

OFFICIAL ARMY WEB SITES SCANNED


November 2006

• Number of Web Sites scanned NOV: 51


(1,500 registered)
• Number of Web Sites manually reviewed: 22

• Number of pages scanned in NOV: 114,848

• Number of content violations verified and


corrected: 20

3/13/2007
UNCLAS
f -NETCOM / 9 t h Army Signal Command
. JM I_±J " .. •• — i • •P ^ P ^ H J ^ — ^ ^ ' n • • • • • > » » • > • ' • • .••nil' i •• .'• • •' ii"i

AWRAC FINDINGS REMEDIATED


November 2006

1 FORCE PROTECTION

COMMUNICATIONS

• LOGISTICS
•?-• ^ T

• PERSONNEL?

OPERATIONS
J r
. • . : ' - - ; • - -

• CRITICAL
INFRASTRUCTURE]
CONIB^B

3/13/2007
d
n
>
en

30 ; :
;

°£
' •

srn
O O o
I^H
&£•&'*''
1 CJ
N» :
. H -n o
HK
«s
to
ro r?
• ••
. .: 0
•t»
cr> rn •ID


CD

J
• • - •
01 -? >
!."'-! Ol

0 0
C/)
z 3J
to';
CO

0 m •Si.
<
o
•H^i^ n#,:vS '.; • : v
'D • • • 10 ^
m 3j
o
o 5 0 - O "0 r 0 •n 0 £3'
^rH-l^»Ol^ : ! '3D ' ; "0 O 0 O 0 0 >cu.:
^^SE^^^mZ-^Tn - J • m D O 3J 0
' 3 •

O > stt-i
JRD^Pmi&O':::^ > O m H
CO fflffl^^^^^i;:-:X —4 2> H Z m
H ^l"
Tl
O w
CO 0 v § CO 0 D
ro
o z P 0
o >
-si HNS^^^ ~~1 . H H
m
c • V'
O 0
•L: . *
fl^flW^*?^*'"? 1
.:••••:•• "• • "•-"
i
Z
O
: .
N E T Cn0MM/ Q/ 9t ^h AA>
• - •
r m y Signal Command;
• • • • • : > r J
\ ••• + * • • • - • • : • • - - : • • • . - . • •
ii

Army Web Risk Assessment Cell (AWRAC)


Traditional Web Sites - Content Violations
• Web Sites • Violations

1400

1200

1000 29,171 Web 331,127 Web 278,388 Web 441,254 Web 1,079,940 Web
Pages Scanned Pages Scanned Pages Scanned Pages Scanned Pages Scanned
800

600
Violations
400 Violations -33T
Web Site
Violations Violations 227 184
Wffh SitP
200 -^Nvb Sites ^"4 Web Sites TT5

Aug-06 Sep-06 Oct-06 Nov-06 TOTAL Aug-Nov 06

3/13/2007

UNCLAS
N E T C O M / 9 t h Army Signal Command
• •

Army Web Risk Assessment Cell


' 3 Project Officer Bio - Microsoft Internet Explorer.,..
r-WM
FHe Edit View Favorites Tools Help a?
El Gs! €£• U 3 Searcn
i f i ? Favorites ^ (SI- £1
Addre = h f f j h*^r//i*rWwHkv*arpac.wniy,fTrif/cfc2CFOfi/ProjectOffBra,a5p Go Lirfc *»
- I. • 11 i 1 m
pes
a s s i s t e d in t h e n e g o t i a l i o n s a n d i m p l e m e n t a t i o n of t h e N u b a M o u n t a i n s
C e a s e f i r e . This e x p a n d e d into a c o m p r e h e n s i v e c e a s e f i r e to help end the
civil w a r t h a i h a s killed more than 2 million people and l a s t e d more t h a n 2 0
years. O t h e r a s s i g n m e n t s include C h i e f of C o m b a t Training C e n t e r s . U . S .
A r m y Civil Affairs and P s y c h o l o g i c a l O p e r a t i o n s C o m m a n d from 1 9 9 5 to
1 9 9 8 ; Project Officer. U . S . A r m y S p e c i a l O p e r a t i o n s C o m m a n d . 1 9 9 2 to
1 9 9 3 ; Project Officer. John F. K e n n e d y S p e c i a l W a r f a r e C e n t e r and S c h o o l ,
1991 to 1 9 9 2 ; a n d B r i g a d e S i g n a l Officer. 2 n d B r i g a d e , 1st Cavalry Division.
S a u d i A r a b i a / I r a q during O p e r a t i o n D e s e r t S l o i m .
C o l o n e l E y r e h a s also served a s a Direct Support T e a m L e a d e r . 4 5 0 t h
- Civil Affairs B a t t a l i o n (Airborne). C o m p a n y C o m m a n d e r . 5 5 2 n d S i g n a l
C o m p a n y . C a m p R e d C l o u d . K o r e a ; Battalion S i g n a l Officer, 2 - 7 2 n d A r m o r
B a t t a l i o n , 2 n d Infantry Division, C a m p C a s e y , K o r e a ; E x e c u t i v e and
O p e r a t i o n s Officer, Field S t a t i o n S i n o p in T u r k e y ; and a s P l a t o o n L e a d e r .

5 5 t h S i g n a l C o m p a n y . 6 t h Cavalry B r i g a d e (Air C o m b a t ) , Fort H o o d , T e x a s .
In 2 0 0 3 , C o l o n e l E y r e g r a d u a t e d from t h e U S A r m y W a r College w i t h
a m a s t e r s d e g r e e in S t r a t e g i c S t u d i e s He also h a s a m a s t e r s degree in
M a n a g e m e n t from W e b s t e r University,' S I . L o u i s , M i s s o u r i . He has
completed the Civil Affairs Officer A d v a n c e Course, Psychological
O p e r a t i o n s Officer C o u r s e , and the Joint S p e c i a l O p e r a t i o n s Officer C o u r s e
His awards and d e c o r a t i o n s include the Bronze Star. Army.
C o m m e n d a t i o n M e d a l for h e r o i s m . Navy and M a r i n a C o r p s C o m m e n d a t i o n
M o d a l , H u m a n i t a r i a n Service M e d a l (with A B r o n z e S t a r s ) , Joint M e r i t o r i o u s

Unit A w a r d (with 1 Silver O a k Leaf), V a l o r o u s Unit A w a r d , M a s t e r
P a r a c h u t i s t B a d g e , Air A s s a u l t B a d g e , and I h e A r m y Staff Identification
Badge H e w a s the first n o n - N o r w e g i a n a n d t h e only A m e r i c a n S o l d i e r l b
ever receive the N o r w e g i a n M e d a l for International S e r v i c e . O t h e r foreign
a w a r d s include liberation m e d a l s from S a u d i A r a b i a a n d Kuwait a s w e l l a s
parachutist b a d g e s from A u s t r a l i a , G e r m a n y . C a n a d a . F r a n c e , P e r u . •
E c u a d o r , S p a i n , T h a i l a n d , and the Ivory C o a s t .
C o l o n e l E y r e is m a r r i e d to the former L e o c a d i a R a z n y of M c K s e s p o r t ,
P e n n s y l v a n i a , T h e y have two children, F r a n c i s T. E y r e I V and J a n e E y r e .

. This Colonel's biography was found on the website for.the Combined Federal ,:
Campaign in Hawaii. In.the last paragraph, it displays the Colonel's wife's maiden
name, town and state'of birth; and both children's full names-;;;A notification was sent on
20November and we are; currently awaiting resolution.
• ::-vv^'
• - • • • .

"37T37ZUTjr

UNCLAS

* c.
• < • ' - • • : • •
NETCOM ;;jK9& Army Signal Command
• • • • , - , - • • • • • • • ; • • • • • ' A .. . - ^ .. • * - . : • • • • • • V . - • • < • : - . • • •••• - • • - • • •

TT-.—" • < • 'J1 ' ' * i . .1 i.'_m 1 '^i • • ' — . —v . . <.— -. .• • i' - ^rr^n u> . • a^^-r™-^^—••'•^^g^a^^B

UNOFFICAL WEB LOGS REVIEWED AND SCANNED


NOVEMBER 2006

• Blogs:
• Total Manually Reviewed:532

• Total Scans: 63

• Number of Pages Scanned: 124,687

•Number of Content Violations: 2

3/13/2007
UNCLAS
' I.
•I NETCOM/9" Army Signal C o m m a ^ ~W^\
"

Army Web Risk Assessment Cell


Web Log (Blog) Sites - Content Violations
Web Sites Web Sites | Q W e b S i t e s • V i o l a t i o n s fveb Sites Web Sites
70 75 TTT 63 286
40 •zi ^

30

20 ii
408,262 Web 209,435 Web 66,782 Web 124,687 Web 809,166 Web
Pages Scanned Pages Scanned Pages Scanned Pages Scanned Pages Scanned

6-Aug 6-Sep 6-Oct 6-Nov TOTAL Aug-Nov 06

3/13/2007

UNCLAS
NETCOM / 9th Army Signal Command
• ' " • • ' • • •

Bjffeateg.a^' - • • • " • •

Blog of the Month


Soldier Soldier station in Iraq mentioned in You Tube Video about mortar
comments in damage to base and troops morale concerning incoming mortar.
YOU-Tube Soldier also mentioned his name and unit.
Video AWRAC emailed soldier and requested he consider OPSEC
implications in his videos.

"Thank you for this advice..I am editing out my remarks Soldier-


regarding the mortars....Camp Anaconda as you may be reply to
aware is known as "Mortaritaville"...a google search of AWRAC
that will bring you to Camp Anaconda.l understand now request.;
though that my comments about the success or failure of I!
attacks and how we respond them to them may be useful
to the enemy...I apologize for this and will ensure that
future videos are contain no questionable
information....thank you for your assistance...."
. http://www.youtube.com/watch?v=GtLffp9QRcU
Video removed from You-Tube.

3/13/2007
UNCLAS
NETCOM/ 9 h Army Signal Command
• • . P H . - . ... jj_-»»ihp.B^B^^Mgcwgj. | 'JL.. 1 i ---< nurtmu_i_i IJ_.~ . I - ^ - . - I J — M - ^ ^ ^ r ^ J U - j - ^ a — L L i g f t n ii_i u n _ -

OFFICIAL ARMY WEB SITES SCANNED


* (October 2006)

• Number of Web Sites scanned OCT: 44


(1,500 registered)
• Number of Web Sites Manually Reviewed: 22

• Number of pages scanned in OCT: 158,323


^

• Number of content violations verified and


corrected: 21

3/13/2007

UNCLAS
— M M M H
j SNETC0M;/9'tArmy Signal Command
1
' I'lg"™™^^™i i 1 — . ; . . r-—'. ! ' t - . L " .• ' \'.- . ^ n e 1 . " — ' • • • • • 'j_i -.". 'M ? P l « _ T ^ - i

AWRAC FINDINGS REMEDIATED


October 2006

FORCE PROTECTION

COMMUNICATIONS

D LOGISTICS

D^PERSONNEL

PERATIONS

QCRITICAL
m
1INERASTRUCT0RB

3/13/2007

»
NETCOM / 9th Army Signal Command!
' '•:• '.

• '

AWRAC FINDINGS REMEDIATED


OCT 2005 to OCT 2006
FORCE PROTECTION

COMMUNICATIONS

D LOGISTICS

• .PERSONNEL

^OPERATIONS
:
3^Hv?":-'?3

• CRITICAL
fflNFRftSTRUCTORE
OCQNTEXTi

3/13/2007

> i.-
S N E K O M / 9 t h Army Signal Command .

Army Web Risk Assessment Cell (AWRAC):


Traditional Web Sites - Content Violations
D Web Sites • Violations

1400-

1200

1000 29,171 Web 331,127 Web 278,388 Web 441,254 Web 1,079,940 Web
Pages Scanned Pages Scanned Pages Scanned Pages Scanned Pages Scanned
800 Violations
617
600

400 Violations Web Site


Violations 227
i»/«wc;t««, tm Violations Violations 204
J/VphSitPS JUH__ ,VebSil^ m web s i t e s — ^ 5 — Web Site
200
71 42
S. •— -
/:.;TiE;„--.i.i^-J
0 .JSHL. / '
Jul-06 Aug-06 Sep-06 Oct-06 TOTAL J ul-Oct 06

3/13/2007

UNCLAS
i $
M
32 NETCOM / 9 t h Army Signal Command

Army Web Risk Assessment Cell


Site of the Month

u ..BIS.
Davttf i."3 The page requires a client certificate - Microsoft Internet Explorer
Comput I
Edit Vtow Favor K M TOOFS Help /# m
Q * * * - © " S H I C j [ , P Search ^^vorftes , @
DI3,
Address 4 9 https://tnosc,pac,armY.mH/refwerws/seEUrlty/Ir^^ Go i U n ^
•••• —

The page requires a client certificate '

The page y o u a r e a t t e m p t i n g to access requires y o u r b r o w s e r t o h a v e a Secure


S o c k e t s L a y e r ( S S L ) c l i e n t c e r t i f i c a t e t h a t t h e W e b s e r v e r will r e c o g n i z e . T h e c l i e n t
c e r t i f i c a t e is u s e d f o r i d e n t i f y i n g y o u as a v a l i d u s e r o f t h e r e s o u r c e .

Please t r y t h e f o l l o w i n g :

• C o n t a c t t h e W e b s i t e a d m i n i s t r a t o r if y o u b e l i e v e y o u s h o u l d b e a b l e t o v i e w
this d i r e c t o r y or page w i t h o u t a client certificate, o r to obtain a client
certificate.
* t f y o u a l r e a d y h a v e a cfiertt c e r t i f i c a t e , u s e y o u r W e b b r o w s e r ' s s e c u r i t y
f e a t u r e s t o e n s u r e t h a t y o u r c l i e n t c e r t i f i c a t e is i n s t a l l e d p r o p e r l y , ( S o m e
Web b r o w s e r s r e f e r t o client certificates as b r o w s e r o r persona?
^ certificates.)

HTTP E r r o r 4 0 3 , 7 - F o r b i d d e n [ S S L c l i e n t c e r t i f i c a t a is r e q u i r e d .
Internet I n f o r m a t i o n Services (ITS)

army G I I J
1st - Soil
Technical I n f o r m a t i o n (for support personnel)

• G o t o M i c r o s o f t P r o d u c t S u p p o r t S e r v i c e s and p e r f o r m a t i t l e s e a r c h f o r t h e
words HTTP and 4 0 3 -
• O p e n I I S H e l p , w h i c h is a c c e s s i b l e in ITS M a n a g e r ( i n e t m g r ) , a n d s e a r c h i.

f o r topics titled A b o u t C e r t i f i c a t e s , U s i n g C e r t i f i c a t e T r u s t L i s t s ,

This is a.pagewasfrbm the;T-N0SQwebsite thatdjsplayed.ihdividuals' names and email;


.addresses on a publicly accessible web; page.. Upon notification to the;web site administrator,"
this page was moved behind, a firewall and nowjrequires'a client certificate for .access.,;; ,:--
.
' "'" " ' "•'•••"""•" 3/13/21107 '"

UNCLAS
i i.
I .• U ~ .. • . , ; . , , ; • . , . „ , — — • • • - . , . . • • • • • : • • : , . : : • , • • • • ' ••• --,••:. I-

th
. „ _ , , NETCOM / 9 Army Signal Command
J
:u \smsasaeasaBX=1
•HOTW,IIHIWII>M ,-_• ••• • .•-•:.• •• .• • • •-•_. '" J - . - v •••• - ..^;. : • ••__--- •••••• Ifmmmnrtriirmrs

UNOFFICAL WEB LOGS REVIEWED AND SCANNED


(OCTOBER 2006)

• Blogs:

• Total Manually Reviewed: 456

• Total Scans: 78

• Number of Pages Scanned: 66,782

•Number of Content Violations: 2


3/13/2007

UNCLAS
^ N E T C O M / 9lhl Army Signal Command

Army Web Risk Assessment Cell


Web Log (Blog) Sites - Content Violations
Web Sites WebSites Q w e b S i t e s Violations fVeb Sites Web Sites
70 ' 273
50 nr 78
40 2S ?== I

30

'*
2 0 - 199,882 Web 408,262 Web 884,361 Web
209,435 Web 66,782 Web
Pages Scanned Pages Scanned Pages Scanned Pages Scanned Pages Scanned

1"

6-Jul 6-Aug 6-Sep 6-Oct TOTAL Jul-Oct 06

3/13/2007

UNCLAS
< -<»
N E T C O M / 9 t h Army Signal Command
^ • i - ••• - • • • • • • ii .. • - • • • .—: !—-»•' .•_ i * ' ' • - — . . • • . . . •' .'.:• • • . ' . - • - — • " . ' • . • '. . ••••

Blog of the Month

http://www.xanqa.com/JoshatBurke
Soldier
mentions " Well they are telling us we are flying out of Iraq the day
redeployment after thanksgiving...."
in blog. Soldier contacted about 0PSEC concern. No response
has been received.

•• tu

"The DoD is cracking down on MilBlogs, and I wouldn't be • Soldier


able to continue Blogging and stil! be compliant with AR Blog
25-1, the Army's Regulation governing Personal about
Websites. With the "running out" of local commercial \ " : ' . ' •-

OPSEC
Internet Service Providers in Iraq, the only bandwidth i Policy.
available to me would be government-owned. AR 25-1 IS K i t :
states that I cannot use government time or resources to |»The.-|
maintain a personal Web Site." word is
http://www.mikequlf.blogspot.com/ getting
•put.
3/13/2007
UNCLAS
% u
For Official Use Only

Army Web Risk Assessment Cell (AWRAC):


Traditional Web Sites - Content Violations
n Web Sites • Violations

Violations
1,164

1000

1,549,679 Web 1,407,279 Web 60,407 Web 52,822 Web 29,171 Web
800
Pages Scanned Pages Scanned Pages Scanned Pages Scanned Pages Scanned

600 Violations Violations


407 439
400
Violations
[WebSites 1 R R
Violations-
200
Web Sit
L y U / 56'
Jan-Apr 06 Jan-06 Feb-06 Mar-06 Apr-06

NETCOM / 9" Army Signal Command


"Voice of the Army"

i -u
For Official Use Only

Army Web Risk Assessment Cell (AWRAC):


Web Log (blog) Sites - Content Violations
AWRAC: Btoos

Web Sites • Web Sites • Violations


91
40 ~/^~_

Web Sites
29 Web Sites
30 z:
Web Sites -xr
25
::.
1

20-
304,024 Web 5,581 Web 2,239 Web 1,108 Web 295,096 Web
Pages Scanned Pages Scanned Pages Scanned Pages Scanned Pages Scanned

Web Sites

^Violation
1

Jan-Apr 06 Jan-06 Feb-06 Mar-06 06-Apr

NETCOM / 9th Army Signal Command


"Voice of the Army"
UNCLASSIFIED//FOR OFFICIAL USE ONLY

EXECUTIVE SUMMARY 1 February 2007

(U) OFFICE OF THE UNDER SECRETARY OF DEFENSE VISIT TO AWRAC.


(NETC-EST-D
(U//FOUO) Mrs. fl Btwo other OSD representatives visited the Army Web
Risk Assessment CelrTAWRAC) during the recent 24x7 AWRAC operation conducted at
the Manassas Armory. The visit stemmed from communications between the AWRAC
and OSD representatives regarding the prospect of re-organizing the Joint Web Risk
Assessment Cell (JWRAC) under Mrs.J| | office. The AWRAC Government Lead
presented a one-hour briefing on the Ceirsmission, logistics, training, and operations.
Additionally, the OSD team interviewed several soldiers from the AWRAC team and
seemed to be pleased with the ingenuity of the Guard AWRAC soldiers and their efforts
to enhance the AWRAC operations. The OSD team has since requested that the
AWRAC briefing be made available at a follow-up meeting on 23 February 2007 in
Greenbelt, Maryland. PREPARE MEMO .

LTCM f-EST-
1/57 H T O ? 2 ^ ^ ^ ^ ^ ^ ^ ^
APPROVED BY COL Stephen Jurinko

UNCLASSIFTED//FOR OFFICIAL USE ONLY


UNCLASSIFIED//FOR OFFICIAL USE ONLY

EXECUTIVE SUMMARY 21 July 2006

(U) MOBILIZATION OF ARMY WEB RISK ASSESSMENT CELL TEAM fNETC-EST-l)


(U//FOUO)The Army Web Risk Assessment Cell (AWRAC) successfully mobilized 10
members of the Virginia National Guard Data Processing Unit on 10-21 July 2006 for
one year. The team will support AWRAC's mission to monitor official and unofficial web
sites for OPSEC violations IAW the CSA's 20 AUG 2005 message. The team processed
through Fort Belvoir, and is assigned to NETCOM, with duty at the unit's headquarters at
Manassas Armory. Team members have received 90 percent of their initial required
training, and will receive additional outside training during the next month. The group has
received NETCOM computers, badges and e-mail accounts, and has been task
organized under NETCOM EST-A. The armory was provided with two phone lines with
DSN capabilities in support of the mission, and the unit voluntarily added a T-1 line. The
team has been assigned a range of tasks which will increase web monitoring, refine
tracking procedures and streamline notification processes.

PREPARE MEMO

M A J
« •NETC-EST-l/703-602-

APPROVED BY

UNCLASSIFIED//FOR OFFICIAL USE ONLY


DEPARTMENT OF THE ARMY
OFFICE OF THE SECRETARY OF THE ARMY
107 ARMY PENTAGON
WASHINGTON DC 20310-0107

Office, Chief Information Officer / Q6

SAIS-IOA 27 March 2002

MEMORANDUM FOR MACOM, PEO, PM, INFORMATION ASSURANCE PROGRAM


MANAGERS

SUBJECT: Implementation of the Web Risk Assessment Cell


Evaluations

1. References:

a. DoDI 5230.29 Security and Policy Review of DoD


Information for Public Release, 6 March 1996
b. Memorandum, Deputy Secretary of Defense, dated 24
September 1998, Information Vulnerability and the World
Wide Web.
c. Memorandum, Assistant Secretary of Defense, dated 28
December 2001, Removal of Personally Identifying
Information of DOD Personnel from Unclassified Websites

2. In accordance with the above directives, the Army has


developed and implemented a plan to conduct ongoing operational
security and web risk assessments of the content of Army
websites. To accomplish this mission, the Army Web Risk
Assessment Cell (AWRAC) was created with the mission to review
and ensure that publicly accessible, non-restricted, U.S. Army
worldwide web (WWW) websites are compliant with Federal, DoD, and
DA website administration policies, procedures, and best
practices. Additional guidance on website content is enclosed.

3. The Department of Defense has mandated that DoD websites be


made available to the public and provide accurate and timely
information relating to its activities, objectives, policies, and
programs. At the same time we must ensure the information
provided does not compromise the security of our nation or the
privacy, and security of service members and there families.
Security of information on publicly accessible websites must be
viewed in the context of an organization's overall OPSEC posture.
Within the context of Army Information Assurance, the WWW should
not be treated any differently from any other potential
vulnerability. Information Assurance Program Managers (IAPM) are
instrumental in advising the commanders on their roles and
responsibility concerning website security. -
SAIS-IOA
Subject: Web Risk Assessment Findings

4. The AWRAC program requires that commanders/supervisors of


affected websites be notified of security concerns and take
appropriate remedial actions, e.g., questionable material
removed, risk accepted by commander, request for clarifying,
information. The AWRAC will report security concerns via e-mail
memorandum to the point of contact (POC) posted on the website.
Website POCs are directed to acknowledge receipt via email to the
AWRAC (• Mxs.army• mil) and forward the memorandum
to the c^fflanuer^supervisor, or his/her designated
representative, responsible for the website. Suspense dates for
corrective actions/resolution of security concerns are provided
in the memorandum. Copies of the memorandums will be furnished
to the appropriate MACOM, PEO, IAPMs.

5. On 9 March 2002, the AWRAC began evaluating Army websites for


possible operational/security concerns. Results of this and
future evaluations will be forwarded to the commander/supervisor
responsible for the website IAW the procedures outlined above.

Encl THADDEUS A. DMUCHOWSKI


COL, GS
Director, Information Assurance
SAIS-IOA
Subject: Web R i s k A s s e s s m e n t Findings

WEB SITE CONTENT GUIDANCE

Memorandum, Office of the Secretary of Defense, November 25,1998, Subject: Web Site Administration
Policies and Procedures with 11 January 2002 amendments

Memorandum, Office of the Secretary of Defense, July 13, 2000, Subject: Privacy Policies and Data
Collection of DOD Public Web Sites

Memorandum, Deputy Secretary of Defense, 24 September 1996, Subject: Information Vulnerability and
the World Wide Web

Memorandum, Office of Management and Budget, June 22, 2000, Subject: Policies and Data Collection of
Federal Web Sites

DOD Directive 5230.29, "Security and Policy Review of DOD Information for Public Release," May 6,1996

DOD Directive 5230.9, "Clearance of DOD Information for Public Release," April 9, 1996

Memorandum, Office of the Director of Information Systems for Command Control, Communications, and
Computers (DISC4), 30 November 1998, Subject: Guidance for Management of Publicly Accessible U.S.
Army Websites

Army Regulation (AR) 25-1, 4 August 1999, Army Information Management

Army Regulation (AR) 380-5, 29 September 2000, Department of the Army Information Security Program

Army Regulation (AR) 380-19, 27 February 1998, Information Systems Security


DEPARTMENT OF THE ARMY
OFFICE OF THE SECRETARY OF THE ARMY
107 ARMY PENTAGON
WASHINGTON DC 20310-0107

Office, Chief Information Officer / G6

NETC-EST-A S: March 22, 2002

March 11, 2002

MEMORANDUM FOR WEB SITE ACTIVITY COMMANDER/SUPERVISOR

SUBJECT: Web Risk Assessment Findings

1. References:
a. DoDI 5230.29 Security and Policy Review of DoD
Information for Public Release, 6 March 1996
b. Memorandum, Deputy Secretary of Defense, dated 24
September 1998, Information Vulnerability and the World
Wide Web.
c. Memorandum, Assistant Secretary of Defense, dated 28
December 2001, Removal of Personally Identifying
Information of DOD Personnel from Unclassified Websites

2. On 9-10 March 2002, the Headquarters, Department of the


Army, Information Assurance Office (NETC-EST-A) Web Risk
Assessment Cell conducted an assessment of -your web site (WWW...) .
Also evaluated was your required registration with the Government
Information Locator Service (GILS). GILS Identifies public
information resources throughout the U.S. Federal Government,
describe the information available in those resources, and
provide assistance in obtaining the information. The following
registration and security concerns were noted and rated by
category (see below).

CATEGORY WEB ADDRESS FINDING REFERENCE

3. The Army Web Risk Assessment Cell (AWRAC) program requires


that commanders/supervisors of affected websites .be notified of'
security concerns and take appropriate remedial actions, e.g.,
questionable material removed, risk accepted by commander,
request for clarifying information. The AWRAC will report
SAIS-IOA
Subject: Web Risk Assessment Findings

security concerns via e-mail memorandum to the point of contact


(POC) posted on the website. Website POCs are directed to
acknowledge receipt via email to the AWRAC
BHPK W.army.mil) and forward the memorandum to
the commander/ supervisor, or his/her designated representative,
responsible for the website. Suspense dates for corrective
actions/resolution of security concerns are provided in the
memorandum. Copies of this memorandum will be furnished to the
appropriate MACOM, PEO, IAPMs.

4. The Department of Defense has mandated that DoD websites be


made available to the public and provide accurate and timely
information relating to its activities, objectives, policies, and
programs. At the same time we must ensure the information
provided does not compromise the security of our nation or the
privacy of service members and there families.

5. Definitions:

a. CRITICAL: Information that is either classified or, when


combined with other sensitive information, may have
significant operational impact. It is information that
could put either personnel or facilities at risk.

b. MAJOR: Information in itself or in aggregation that is


FOR OFFICIAL USE ONLY (FOUO).

c. MINOR: All other violations that do not fall in either


of the above two categories. Information, which may not
be posted, on official web sites open to public access.
Also, information that is contrary to the web policy
guidance. (Note: Commanders may elect to assume this
level of risk.)

6. POC: Mr. 0 BHSfe Army Web Risk Assessment


A n a l y s t , COM : 7 ^ ^ B b ^ ^ 8 5,
Email: flMnBMiiKHMiMI-ARMY.MIL

THADDEUS A. DMUCHOWSKI
COL, GS
Director, Information Assurance

CF: Appropriate MACOM/PEO/PM


SAIS-IOA
Subject: Web Risk Assessment Findings
WEB SITE CONTENT GUIDANCE

Memorandum, Office of the Secretary of Defense, November 25,1998, Subject: Web Site Administration
Policies and Procedures with 1 Uanuary 2002 amendments

Memorandum, Office of the Secretary of Defense, July 13, 2000, Subject: Privacy Policies and Data
Collection of DOD Public Web Sites

Memorandum, Deputy Secretary of Defense, 24 September 1996, Subject: Information Vulnerability and
the World Wide Web

Memorandum, Office of Management and Budget, June 22, 2000, Subject: Policies and Data Collection of
Federal Web Sites

DOD Directive 5230.29, "Security and Policy Review of DOD Information for Public Release," May 6,1996

DOD Directive 5230.9, "Clearance of DOD Information for Public Release," April 9,1996

Memorandum, Office of the Director of Information Systems for Command Control, Communications, and
Computers (DISC4), 30 November 1998, Subject: Guidance for Management of Publicly Accessible U.S.
Army Websites

Army Regulation (AR) 25-1, 4 August 1999, Army Information Management

Army Regulation (AR) 380-5, 29 September 2000, Department of the Army Information Security Program

Army Regulation (AR) 380-19, 27 February 1998, Information Systems Security


DEPARTMENT OF THE ARMY
OFFICE OF THE SECRETARY OF THE ARMY
107 ARMY PENTAGON
WASHINGTON DC 20310-0107

Otfica, Chief Information Officer / G6

NETC-ESTA-A 24 January 2003

MEMORANDUM FOR COL Dmuchowski

SUBJECT: Privacy ACT research for POC list

1. Task: Research policy on the collection of Personal information on Military, DoD, and
Contract Employees.

• References:
a. Telecom conversation with MS Thornton, Janice, Ms., FOJA, RMDA
703-806-7138.
b. DoD 5400.11-R, Privacy program, Deputy Assistant Secretary of Defense
(Administration) August 1983.
http://www.dtic.mil/whs/directives/corres/pdf/540011r_0883/p540011r.pdf
c. Memorandum, Deputy Secretary of Defense, 24 September 1996, Subject:
Information Vulnerability and the World Wide Web
d. OSD Memo Subj: Removal of Personally Identifying Information from
Unclassified Websites 28 Dec 2001.
e. Web Site Administration Policies & Procedures November 25,1998 With
Amendments from 11 January, 2002

2. Before collecting Personal information:

* Any personal information posted on the Internet or Intranet must be handle as FOUO
under FOIA
* C2.1.4.1. When an individual is requested to furnish personal information about
himself or herself for inclusion in a system of records, a Privacy Act Statement is required
regardless of the medium used to collect the information (forms, personal interviews, stylized
formats, telephonic interviews, or other methods).

* C2.1.4.2 the Privacy Act Statement shall include:


> The specific federal statute or Executive Order that authorizes the collection
(CI.1.4 C H I )
> Principal purpose.
> routine uses (C4.2.6. CH4)
> Whether the information is voluntary or mandatory (C2.1.5.)
NETC-ESTA-A
Subject: Privacy ACT research for POC list

* C2.1.5. C2.1.5. Mandatory as Opposed to Voluntary Disclosures. Include in the


Privacy Act Statement specifically whether furnishing the requested personal
data is mandatory or voluntary. A requirement to furnish personal data is
mandatory only when a Federal statute, Executive Order, Regulation, or other
lawful order specifically imposes a duty on the individual to provide the
information sought, and the individual is subject to a
penalty if he or she fails to provide the requested information. If providing the
information is only a condition of or prerequisite to granting a benefit or privilege
and the individual has the option of requesting the benefit or privilege, providing
the information is always voluntary. However, the loss or denial of the privilege,
benefit, or entitlement sought may be listed as a consequence of not furnishing
the requested information.

* C4.2.3.1.2. All disclosures of personal information regarding Federal


civilian employees shall be made in accordance with the Federal Personnel
Manual (FPM) (reference (h)).

* Any personal information posted on the Internet or Intranet must be handle as FOUO
under FOIA.
References

Memorandum, Office of the Secretary of Defense, November 25, 1998, Subject: Web
Site Administration Policies and Procedures

Memorandum, Office of the Secretary of Defense, July 13, 2000, Subject: Privacy
Policies and Data Collection of DOD Public Web Sites

Memorandum, Deputy Secretary of Defense, 24 September 1996, Subject: Information


Vulnerability and the World Wide Web

Memorandum, Office of Management and Budget, June 22, 2000, Subject: Policies and
Data Collection of Federal Web Sites

DOD Directive 5230.29, "Security and Policy Review of DOD Information for Public
Release," May 6, 1996

DOD Directive 5230.9, "Clearance of DOD Information for Public Release," April 9,1996

Memorandum, Office of the Director of Information Systems for Command Control,


Communications, and Computers (DISC4), 30 November 1998, Subject: Guidance for
Management of Publicly Accessible U.S. Army Websites

Memorandum, Office of the Director of Information Systems for Command Control,


Communications, and Computers (DISC4), DRAFT, Subject: Defending the Army's
Systems and Networks. A Force Protection Issue

Army Regulation (AR) 25-1, 4 August 1999, Army Information Management

Army Regulation (AR) 380-5, 29 September 2000, Department of the Army Information
Security Program

Army Regulation (AR) 380-19, 27 February 1998, Information Systems Security


Dr. Hamre memorandum date 24 sep 1998 SUBJECT Information Vulnerability and
the World Wide Web. http://www.defenselink.mil/other info/depsecweb.pdf

Personnel risk:
Removal of: Plans and lessons Learned, Operations or Vulnerabilities.
Any Reference to movement of or locations of units and personnel.
Removal of all personal information: SSN, DOB, Name or location or family
members.

Deputy SECDEF Memo, Subj: Operations Security Throughout the Department of Defense
http://www.fas.org/sqp/bush/wolfowitz.html 18 Oct 2001.

OPSEC in general,(Do not conduct any work-related conversations in common


areas, public places, while commuting, or over unsecured electronic circuits)

OSD Memo Subj: Withholding of Personally Identifying Information Under the Freedom of
Information Act (FOIA): http://www.defenselink.mil/pubs/foi/withhold.pdf 9 Nov 2001.

Implementation of FOIA for personal information. Withholding of list of name and e-mail
addresses under FOIA

OSD Memo Subj: Removal of Personally Identifying Information from Unclassified


Websites: http://www.defenselink.mil/pubs/foi/names removal.pdf 28 Dec 2001.

Removal Of Lists and roster, Telephone directories, Organizational Charts. .

DODD 5230.9 Clearance of DOD Information for Public Release April 9,1996,
ASD(PA) http://sites.defenselink.miI/dd5230_9.html#A
AR 530-1 is available at.. <http://www.fas.orQ/irp/doddir/armv/ar530-1t.htm>

AR25-1 Army Information Management:


http://www.usapa.armv.mil/pdffiles/r25 1 .pdf - 30 J UN 2004

AR 25-1
http://www.usapa.army.mil/pdffiles/r25 2.pdf

DoD Web Policy


Donald Rumsfeld's message to DOD (R 141553Z JAN 03)
Web Site Administration Policies & Procedures (11/25/1998) including all
updates (01/11/2002)
Amendment and Corrections to Web Site Administration Policies & Procedures
(01/11/2002)
Accessibility of DoD Web Sites to People with Disabilities *E_I
Clearance of DoD Information for Public Release DoD Directive 5230.9 _§l
Security and Policy Review of DoD Information for Public Release DoD
Instruction 5230.29 _ l
Clearing Electronic Information for the Public
Cookie / Privacy Policy ^
Domain Registration in the .mil Domain 1B9
Electronic Newspaper Policy DoD Instruction 5120.4
Freedom of Information Act - FOIA
DoD FOIA Guidance
Removal of Personally Identifying Information of DoD Personnel from
Unclassified Web Sites
Withholding of Personally Identifying Information under the FOIA
DoD Guidance on Attorney General FOIA Memorandum
GELS Policy. Deputy Secretary of Defense John White (09/02/1995) %3
Mobile Code Policy °Eg|
Principles of Information
Records Management DoD Directive 5015.2

Posting NBC Information:


Some things can be publicly released and therefore posted, but the material
must have been reviewed according to the most recent guidance and
reviewed/released I A W existing policy. Guidance on what can be released is
covered by the so-called "Card" memo (memo from White House signed by
Andrew Card, 19 Mar 02, attached) and the associated DoD
guidance/SECDEF msg (see <http.//f oia.navy.mil/020520policvmemo-
encll.txt>), and in DoDI 5230.19 (see paras 6.1.7.4 and 6.2.7, in particular)
which states the CBRN info is one of 7 areas of info that requires review at
the DoD level. Thus, that info must be submitted to Army HQ f o r
subsequent DoD determination (see para 6.2.3).

Basically from your point of view, I ' d say that if something raises a question,
the web site owner should be able to present the official public release
clearance when requested to do so.

B^-jobc

IBRN WH Memo 19
Mar 021.pdf
INFORMATION PAPER

NETC-EST-I.
04 May 2006

SUBJECT: Army Web Risk Assessment Cell (AWRAC)

1. Purpose. To provide guidance on the mission of the Army Web Risk Assessment Cell

2. Facts: The AWRAC mission is to search DoD Websites and unofficial sites related to the
Army for information and trends of data that could be used to breach security or pose a threat to
defensive and offensive operations and military personnel. In addition, AWRAC evaluates
website content to ensure compliance with departmental policies, federal regulations and
procedures, and industry best practices. The AWRAC's core mission consists of website
patrolling, bulk analysis, and operational security analysis.

3. AWRAC was established in February 2002 with one full-time person to review official Army
(.mil) sites for possible OPSEC violations. The mission was expanded in June 2002 to include
all .mil sites, including those with restricted domains. An Al Qaeda training manual recovered in
Manchester, England, in 2003 stated that "using public sources openly and without restoring to
illegal means, it is possible to gather at least 80% of information about the enemy.'

4. AWRAC was added to AR 25-1 (Army Policy on Website Management) in June 2004.
AWRAC's mission was expanded in August 2005 by the Army Chief of Staff to include scans of
unofficial weblogs (blogs) which contained information concerning the Army, available to the
public and found on the internet. AWRAC scans numerous sites, such as Family Support Group
websites, unofficial Army websites posted by service members and other items found on the
web, i.e., unpublished doctoral dissertations. The publication of DA Pam 25-1-1 (Information
Technology Support and Services) in November 2005, required all individuals appointed to be
Web masters/maintainers, reviewers, and content managers to complete training and
certification, as necessary, equal to the duties assigned to them. The training site is located at:
https://iatraininq.us.army.mil.

5. Using the webcrawler program Watchfire, AWRAC analysts perform site-by-site, page-by-
page evaluation of Department of the Army (DA) website content and unofficial sites. Using a
browser, Operations Security (OPSEC) guidance, a web crawling software, and a list of target
websites, monitors visit each DA Website and manually evaluate the content of each page on
the site for inappropriate links to commercial, personal and classified sites, as well as for
OPSEC violations.

6. AWRAC currently employs four full-time analysts, and coordinates for support from Army
National Guard and Reserve soldiers to conduct analyses during their drill weekends and
annual training. Analysts review sites, and contact webmasters or bloggers if a potential threat
is found. AWRAC also supports a website on Army Knowledge Online at
https://www.us.armv.mil/suite/portal.do?$p=254224 to provide information on AWRAC issues.

MAJj Ji/703 602-7482


Approvecmy^^_
From: Marois, Debbie A Ms AAA
To: AAA Liaison;
CC:
Subject: Announcement Letter A-2007-FFI-0651 (UNCLASSIFIED)
Date: Friday, April 06, 2007 11:14:25 AM
Attachments: 065 lannouncement.pdf

Classification: UNCLASSIFIED
Caveats: NONE

Classification: UNCLASSIFIED
Caveats: NONE

Attached is the signed announcement letter for the Summary Audit of the Information
Technology Procurement Process (A-2007-FFI-0651). We anticipate that we will need
POCs for the following:
CIO/G-6
ASA(ALT)
ASA(FM&C)

Thanks - have a great day!

Debbie

>Debbie Marois, CIA


>Auditor-in-Charge, Army Audit Agency
information Technology Team, Fort Belvoir
>Comm 703-428-6004, DSN 328-6004
>
>
>

Classification: UNCLASSIFIED
Caveats: NONE

Classification: UNCLASSIFIED
Caveats: NONE
For Official Use Only
DEPARTMENT OF THE ARMY
UNITED STATES ARMY NETWORK ENTERPRISE TECHNOLOGY COMMAND/
9 * ARMY SIGNAL COMMAND
2530 CRYSTAL DRIVE, 6 T H FLOOR
ARLINGTON, VA 22202
REPLY TO
ATTENTION OF:

NETC-EST-CG * 13 March 2006

MEMORANDUM THRU

NETCOM Office of Information Assurance and Compliance (NETC-EST-I), 2530 Crystal


Drive, 6th Floor, Arlington, VA 22202

FOR Headquarters Department of the Army G-3, ATTN: DAMO-ODM, Mobilization Branch,
400 Army Pentagon, Washington, D.C., 20310-0400

SUBJECT: Request for 365 day mobilization of two five person Reserve Component
Information Operations teams in support of Chief of Staff of the Army directive on OPSEC

1. The purpose of this memorandum is to request HQDA G-3 approve and direct the 365 day
mobilization of ten total Information Operations (IO) personnel. These personnel will be utilized
by the G-6 as two five person teams "to track and report, on a quarterly basis, open source
OPSEC violations" as directed by the Chief of Staff of the Army (CSA).

2. These OPSEC compromises are mainly derived from our continued operations in both OIF
and OEF. According to Al-Qaeda in their own terrorist handbook, they find 80% of the
information they use against us from open sources. The CSA reinforces this by stating that "the
enemy aggressively reads our open sources and continues to exploit such information for use
against our forces such OPSEC violations needlessly place lives at risk and degrade the
effectiveness of our operations."

3. The G-6 does not have the requisite personnel to perform this directive from the CSA,
additional personnel are required. Ten mobilized personnel from the Reserve Component will
allow the G-6 to properly execute this directive.

4. These ten personnel should come from the USAR and ARNG. They will be assigned to
NETCOM's Office of Information Assurance & Compliance, Army Web Risk Assessment Cell
(AWRAC) and perform duties in Crystal City, Arlington, VA.

5. If this mobilization request is not approved it will significantly impact the ability of the G-6 to
continue executing this directive. Properly executing this directive is essential to helping
safeguard our sensitive information and protecting the lives of our force.

For Official Use Only


I

For Official Use Only

NETC-EST-CG
SUBJECT: Request for 365 day mobilization of two five person Reserve Component
Information Operations teams in support of Chief of Staff of the Army directive

6. Operational information:

a. Requested mobilization station: Fort Belvoir, VA


b. Post mobilization station: Fort Belvoir, VA
c. Desired mobilization date: 24 June 2006
d. Unit of assignment: Army Web Risk Assessment Cell within NETCOM
e. Supported unit: G-6
f. Number of days mobilized: 365
g. Type of duty: Mobilization in support CSA directive

7. This request has been coordinated with the Army OPSEC Officer in DAMO-ODI, M A J ^ £
at 703-614-6558.

8. Army Web Risk Assessment Cell point of contact is C P T ^ Bat 703-602-7482.

CARROLL F. POLLETT
Brigadier General, USA
Commanding

For Official Use Onlv


f

1. HQDA TASKING CONTROL NUMBER 2. TODAYS DATE 3. SUSPENSE DATE


ARfoIY STAFT I N G FC)RM 20 0306 I0D MM YY|
4. OFFICE SYMBOL
Request f or Mobilization of Reserve Compionent Information Operations
NET C-EST-I
Teams
6. ROUTI NG: (ECC U SE ONLY)
Initial Dale
ECC POC (Rank,Name,Phone) Dir,iECC

SA EOH Commants:
% : • • • . .

CSA ?t'-'r • ' ^

; I J
. • , .

.\
• • • - ^ . - - . ' • •

USA i •

VCSA • ' ; .

• '
• -I--: .
DAS I
H
VDAS '

7. EXECUTIVE SIMm.ni it CTION MEM ORANDUM (Desertsa briatly the requirement, background, and action taken ecommanded.
or Must be sufficient!v detailed to identity the
acton without recoLrse to othersources.)

Kev Points
• 1'he Arrr yWebF Risk Assessr nent Cell (AWRAC) is responsible f or reviewing the Army's publicly-
accessit »le web:sites and ass essing the operational security and threats of those site s.

• . AM/RAC is comr. rised of Arm y Reserve and National Guard sold iers who support the mission
d uring w eekend drills and an nual training.

• CJSAme ssage ([DTG: 200001 Z Aug 05) has expanded the AWR^C mission to includ 3 review of
Airmy-rel ated infc >rmation sha red on unofficial websites posted b\ / service members.

Reit (a)CS A mess age (D7 G: 200001Z Aug 05)


Ericl:(1)M<= jmoran<dum: Re quest for Mc bilization of Reserve Component In formation Operation s Teams.
(2)CJ5A mes sage (D 7G: 2000012I Aug 05) Subject: CHIEF OF STAF FOFTHE ARMYO PSEC *
GUIDANCE
1. Purpose: To obtain the Commanding General's signature on a request for the 365-day mobilization of two
five-person Reserve Component Information Operations teams in support of the Chief of Staff of the Army's
directive on OPSEC and the World Wide Web.

2. Discussion:
a. The G-6 does not have the requisite personnel to perform this directive from the CSA; additional
personnel are required. Ten mobilized personnel from the Reserve Component will allow the G-6 to properly
execute this directive.

b. The Army Web Risk Assessment Cell is responsible for reviewing the content of the Army's publicly-
accessible web sites. The Army Web Risk Assessment Cell conducts ongoing operational security and threat
assessments of Army websites utilizing Army Reserve and National Guard soldiers, and uses weekend drills
and annual training to support its mission. The CSA message (DTG: 200001Z Aug 05) has tasked the HQDA G-
6 (in coordination with the G2) to track and report, on a quarterly basis, open source OPSEC violations and
expanded the Army Web Risk Assessment Cell mission to include review of Army-related web-logs (blogs),
video logs, photo-sharing sites and unofficial websites posted by service members for OPSEC concerns.

3. Recommendation: The CG signs the memorandum.

APPROVED. .DISAPPROVED NOTED .SEE ME. COMMENT


8. LEAD AGENCY STAf TCOORDINATION HQDA TASKING :ONTROL NUMBER:


TITLE INITIAL TYPEC)R PRINTED NAME DATE
BRANCH MM
DIVISION Mr.V
DIRECTOR COL Stephen Jurink3
PRINCIP/ J. Mr. Joe> Capps
ACTION C)FFIC ER: (Name/Position/Phone lumber/E-mail)
A CPTfl P-602-74 82
FILE LOC *nof i:
SACO NAME// feme/PositionPhone Number€-mail)

Recomm sndat ion for Sta ff F rincipal:

:
9. HQDA STAI F COORDINATI 3N
CONCUR NONCONCUR tIGENCY NAME (RANIC, LAST NAME) PHONE DATE REMAR K

• • Phone Numbe r

• • Phone Number

*
• • Phone Numbe r

• • Phone Numbe r

• • Phone Numbe r

• • Phone Numbe '

D • Phone Numbe

• • Phone Numbe

• • Phone Numbe •

• • Phone Numbei

• • Phone Numbei

• • Phone Number

10. REMARK SBYE CC/SACO C RETURNEDR :QUEST1NG ADCIITIONAL INFOF MAT10N/CLARIFIC ATTON "^k- .L .".v. til, ' .r' - ' - :• ! •

J
;\.':., -.v.
& •">"' afej
§M j
• • : • • ! | :•

- • - - s h ' 1 .•! ,..-,.::•.


-•-:'V^r :;;?•:•. v<
£j:< • > • : • • •
" • ;
• - •{•*' ^ •
«3L't!S,!i-: " & & • ; •• ••• :.

31 .
• • ' • - • • ' . - ' • • • • > : • . . .
:
- ' ;•

• - ' - . " • . .
A1
,'- -' "
: ' • - • • • . : . " :
ll.l

3? " . •

HQDA FORM 5 9 Feb 06


I

For Official Use Only


* .DEPARTMENT OF THE ARMY
UNITED STATES ARMY NETWORK ENTERPRISE TECHNOLOGY COMMAND/
9 * ARMY SIGNAL COMMAND
2133 CUSHING STREET
FORT HUACHUCA, AZ 85613
REPLY TO
ATTENTION OF:

NETC-EST-CG

MEMORANDUM THRU NETCOM Office of Information Assurance and Compliance (NETC-


EST-I), 2530 Crystal Drive, 6th Floor, Arlington, VA 22202

FOR Headquarters, Department of the Army G-3 (DAMO-ODM/Mobilization Branch), 400


Army Pentagon, Washington, DC 20310-0400

SUBJECT: Request for 365-Day Mobilization of Two-Five Person Reserve Component


Information Operations Teams in Support of Chief of Staff of the Army Directive on OPSEC

1. The purpose of this memorandum is to request HQDA G-3 approve and direct the 365 day
mobilization of ten total Information Operations (IO) personnel. These personnel will be utilized
by the G-6 as two-five person teams "to track and report, on a quarterly basis, open source
OPSEC violations" as directed by the Chief of Staff of the Army (CSA).

2. These OPSEC compromises are mainly derived from our continued operations in both OJJF
and OEF. According to Al-Qaeda in their own terrorist handbook, they find 80% of the
information they use against us from open sources. The CSA reinforces this by stating that "the
enemy aggressively reads our open sources and continues to exploit such information for use
against our forces such OPSEC violations needlessly place lives at risk and degrade the
effectiveness of our operations."

3. The G-6 does not have the requisite personnel to perform this directive from the CSA,
additional personnel are required. Ten mobilized personnel from the Reserve Component will
allow the G-6 to properly execute this directive.

4. These ten personnel should come from the US AR and ARNG. They will be assigned to
NETCOM's Office of Information Assurance & Compliance, Army Web Risk Assessment Cell
(AWRAC) and perform duties in Crystal City, Arlington, VA.

5. If this mobilization request is not approved it will significantly impact the ability of the G-6 to
continue executing this directive. Properly executing this directive is essential to helping
safeguard our sensitive information and protecting the lives of our force.

For Official Use Only


For Official Use Only

NETC-EST-CG
SUBJECT: Request for 365-Day Mobilization of Two-Five Person Reserve Component
Information Operations Teams in Support of Chief of Staff of the Army Directive on OPSEC

6. Operational information:

a. Requested mobilization station: Fort Belvoir, VA


b. Post mobilization station: Fort Belvoir, VA
c. Desired mobilization date: 24 June 2006
d. Unit of assignment: Army Web Risk Assessment Cell within NETCOM
e. Supported unit: G-6
f. Number of days mobilized: 365
g. Type of duty: Mobilization in support CSA directive

7. This request has been coordinated with the Army OPSEC Officer in DAMO-ODI,
at 703-614-6558.

8. Army Web Risk Assessment Cell point of contact is C P T ^ ft 703-602-7482

CARROLL F. POLLETT
Brigadier General, USA
Commanding

For Official Use Only


For Official Use Only

NETC-EST-I 16 MAR 06

DECISION PAPER THRU ESTA Director

FOR COMMANDING GENERAL

SUBJECT: Request for Mobilization of Reserve Component Information Operations Teams

1. FOR: Signature.

2. PURPOSE: To obtain the Commanding General's signature on a request for the 365-day
mobilization of two five-person Reserve Component Information Operations teams in support of
the Chief of Staff of the Army's directive on OPSEC and the World Wide Web.

3. RECOMMENDATION: The CG signs the policy memo.

4. ASSUMPTIONS: None.

5. FACTS:

a. Background. The Army Web Risk Assessment Cell (AWRAC) is responsible for
reviewing the content of the Army's publicly-accessible web sites. AWRAC conducts ongoing
operational security and threat assessments of Army websites. AWRAC is made up of Army
Reserve and National Guard soldiers, and uses weekend drills and annual training to support its
mission.

b. Facts. CSA message (DTG: 200001Z Aug 05) has expanded the AWRAC mission to"
include review of Army-related web-logs (blogs), video logs, photo-sharing sites and unofficial
websites posted by service members for OPSEC concerns.

6. RATIONALE FOR RECOMMENDATION: To protect Army units, servicemembers, and DA


civilians from harm due to an OPSEC compromise.

7. IMPACT FOR OF SUCCESS OR FAILURE: If this mobilization request is not approved, it


will significantly impact the ability of the G-6 to continue executing this directive. This measure is
essential to ensure the safety of both classified information and U.S. servicemembers.

8. APPROVED NEED MORE INFORMATION SEE ME

PREPARED BY: CPT J B/AWRAC Government Lead/(703) 602-7482


RELEASED BY: COL Stepheri^flurinko/ Director of the Information Assurance and
Compliance Directorate for the Department of the Army/(703) 602-7403

For Official Use Only


DTG: 200001Z Aug 05

From: DOD, ARMY, ORGANIZATIONS, ARMY OPERATIONS CENTER, AOC CAT


OPSWATCH G3 DAMO AOC(MC)
Subj: (U) CHIEF OF STAFF OF THE ARMY OPSEC GUIDANCE (U//FOUO)

UNCLASSIFIED//FOR OFFICIAL USE ONLY.

CSA SENDS:

PASS TO ALL ARMY LEADERS.

REF//A//MSG/ALARACT/141637Z FEB 05/SUBJ: SENSITIVE PHOTOGRAPHS


(U/FOUO)

1. (U//FOUO) OPSEC IS A CHAIN OF COMMAND RESPONSIBILITY. IT IS


SERIOUS BUSINESS AND WE MUST DO A BETTER JOB ACROSS THE ARMY. THE
ENEMY AGGRESSIVELY "READS" OUR OPEN SOURCE AND CONTINUES TO
EXPLOIT SUCH INFORMATION FOR USE AGAINST OUR FORCES. SOME SOLDIERS
CONTINUE TO POST SENSITIVE INFORMATION TO INTERNET WEBSITES AND BLOGS,
E.G., PHOTOS DEPICTING WEAPON SYSTEM VULNERABILITIES AND TACTICS,
TECHNIQUES, AND PROCEDURES. SUCH OPSEC VIOLATIONS NEEDLESSLY PLACE
LIVES AT RISK AND DEGRADE THE EFFECTIVENESS OF OUR OPERATIONS.

2. (U//FOUO) THIS IS NOT THE FIRST TIME THIS ISSUE HAS SURFACED. THE
VICE CHIEF OF STAFF OF THE ARMY PREVIOUSLY ADDRESSED THIS VIA MESSAGE
IN FEBRUARY 2005. TAKE A HARD LOOK AT HIS GUIDANCE.

3. (U//FOUO) LEADERS AT ALL LEVELS MUST TAKE CHARGE OF THIS ISSUE AND
GET THE MESSAGE DOWN TO THE LOWEST LEVELS. TO ASSIST YOU, THE HQDA
G-2 AND THE OPSEC SUPPORT ELEMENT ARE DEVELOPING A TRAINING MODULE AND
ARE FORMING A MOBILE TRAINING TEAM TO ASSIST IN TRAINING YOUR
SOLDIERS. DETAILS WILL BE PROVIDED NLT 2 SEPTEMBER 2005. HQDA G-6
(IN COORDINATION WITH G-2) IS DIRECTED TO TRACK AND REPORT, ON A
QUARTERLY BASIS, OPEN SOURCE OPSEC VIOLATIONS. AN INTERIM CHANGE TO
AR 53 0-1, OPERATIONS SECURITY, WILL BE PUBLISHED VIA MESSAGE WITHIN 3 0
DAYS WHICH WILL CONTAIN CLEAR POLICY CONCERNING THE POSTING OF
SENSITIVE PHOTOS AND INFORMATION ON THE INTERNET.

4. (U//FOUO) GET THE WORD OUT AND FOCUS ON THIS ISSUE NOW. I EXPECT
TO SEE IMMEDIATE IMPROVEMENT.

5. (U//FOUO) EXPIRATION DATE OF THIS ALARACT IS UNDETERMINED.

PETER J. SCHOOMAKER, GEN, CSA


UNCLASSIFIED//FOR OFFICIAL USE ONLY

EXECUTIVE SUMMARY 18 October 2006

(U) ARMY WEB RISK ASSESSMENT CELL. (NETC-EST-I)


(U//FOUO) The Army Web Risk Assessment Cell (AWRAC) made up of 10 mobilized Virginia
National Guard soldiers, 3 traditional (part time) National Guard Teams from Maryland,
Washington, Texas, and an Army Reserve Team from Virginia continues to successfully review
official and unofficial web sites and blogs for Operational Security (OPSEC) violations IAW the
CSA's 20 AUG 2005 message. The team also has three full-time contractors to provide
continuity. The Cell conducts a wide range of tasks that have increased the amount of web
sites and blogs being reviewed, constant refinement of tracking procedures, and streamlining of
the notification process. The Cell typically reviews several hundred thousand web pages and
makes dozens of notifications every month. Over the past nine months, the Cell has reviewed
over 715 web sites and blogs comprised of more than 4,213,000 pages. The Cell's search has
uncovered more than 1630 OPSEC violations and ensured their correction. In addition, the Cell
has expanded their monthly review of the popular blog from approximately 30 blogs comprised
of 5500 pages each month to 75 blogs comprised of 210,000 pages. Soldiers continue to post
articles and blogs that contain information about the Army mission that are clear OPSEC
violations. The AWRAC is on the front line to identify these risks which save lives and Army
resources through the painstaking review of all official and thousands of unofficial sites. The
Virginia National Guard is training two more teams to augment the mission and to serve as
possible replacements for the soldiers who are currently mobilized.
PREPARE MEMO .

LTC STEPHEN WARNOCK/NETC-EST-l/703-571-3528

APPROVED BY

UNCLASSIFIED//FOR OFFICIAL USE ONLY

You might also like