Professional Documents
Culture Documents
Dear Ms Hofmann:
Exemption (b) (6) of the FOIA protects from mandatory disclosure "personnel and
medial files the disclosure of which would constitute a clearly unwarranted invasion of
privacy." 5 U.S.C. 552(b)(6) (1996 & Supp.l 2002). To qualify for protection under
Exemption (b)(6), records must meet two criteria: (1) they must be "personnel and
medical files and similar files," (2) the disclosure of which "would constitute a clearly
unwarranted invasion of personal privacy." Id: U.S. Dep't of State v. Washington Post
Co., 456 U.S. 595, 599-603 (1982). Regarding the first prong, the Supreme Court has
held that this standard is met merely if the information "applies to a particular individual."
U.S. Dep't of State v. Washington Post Co.. 456 U.S. at 602. The second prong
requires courts to strike a balance between the protection of an individual's right to
privacy and the preservation of the public's right to Government information." \± At
599. The "public interest" in the analysis is limited to the "core purpose" for which
Congress enacted the FOIA: to shed . . . light on an agency's performance of its
statutory duties." U.S. Dep't of Justice v. Reporters Comm. for Freedom of the Press.
489 U.S. 749, 773(1989).
We are withholding the names of government employees under Exemption (b) (6) to
protect personal privacy. In this regard we have also redacted the names of third
parties to the e-mail correspondence, and information in the e-mail which may lead to a
disclosure of their identity. See Judicial Watch, Inc. v. United States. No. 03-1160, 2004
WL 26736, *4(4™ Cir. Jan. 6, 2004). Under the Exemption (b)(6) balancing test, the
Supreme Court held in a similar case that disclosure of employee addresses "would not
appreciably further the citizens' right to be informed about what their Government is up
to and, indeed, would reveal little or nothing about the employing agencies or their
activities." United States Dep't of Defense v. Fed. Labor Relations Auth.. 510 U.S. 487,
48 (1994). The same is true here. Disclosure of the names and email addresses of
government employees, as well as third parties, would contribute little to the public's
understanding of government activities. By contrast, such disclosure would constitute a
"non-trivial "and "not insubstantial" invasion of government employees', and the third
parties, privacy, interests. ]d. at 500, 501. As such, the names of government
employees and of third parties to the e-mails are withheld under Exemption (b)(6).
Due to the FOIA's release rules, any individual may request this information, and all
requestors must be treated equally. Releasing this information would have severe
privacy implications, as anyone would be able to contact these individuals at any time
for any reason. They could be subject to unwarranted inquires, harassment, and
possibly even identity theft. These are substantial privacy interstest of the individuals
whose names and identities appear in the e-mail correspondence. Because of this, in
this case it is clear that the privacy interests outweigh public interest in disclosure.
Individuals have a valid interest in regulating who receives their contact information.
They should ultimately decide whether it is made publicly available. Accordingly, we
have redacted the information from the responsive documents.
This letter constitutes a partial denial of your request and is carried out in my
capacity as the representative of the Initial Denial Authority ("IDA"). Please note that all
fees for search and review have been waived. If you desire a determination by the IDA
regarding this partial denial please write to me and I will present the matter for his
consideration. If you have any questions about this letter please contact me at (703)
602-8646, by email at CIO/G6FOIATeam(3>hqda.armv.mil, or visit our website at
www.army.mil/ciog6/footer/foia.html.
Sincerely,
^5ale DeBruler
Chief, Freedom of Information
Office
2
N E T C M i P S ^ r m y SignalXommand
—Eli
3/13/2007
UNCLAS
th
Ill J* UUMIIUIU V - '•-''•
Jmmand mmmmmmmmm
*•*&&£•••••••• . . -. • v s r r : •;•;•
21 m FORCE PROTECTION
• COMMUNICATIONS
D LOGISTICS
PERSONNEL
. • . . ' - * . . • ' . ' - • ' • " • •
:
• • • ' : . ' ' '
OPERATIONS
CRI1"ICAL
1INFF&VJSTRUCTURE
1 1
IOCONMXT
o
3/13/2007
AWRAC FINDINGS REMEDIATED
OCT 2005 to SEPT 2006
FORCE PROTECTION
COMMUNICATIONS
D LOGISTICS
•.•ViV\
• PERSONNEL
OPERATIONS
a.-CR.lTICAC S
INFR^STRUCTgRE
CONTEXT
NETCOM/9H\Army Signal Command
1400
1200
1000 29,171 Web 331,127 Web 278,388 Web 441,254 Web 1,079,940 Web
Pages Scanned Pages Scanned Pages Scanned Pages Scanned Pages Scanned
800
Violations
539
600
400
Violations Web Site
Violations Violations
Wph Sites U£J Violations 167
200-r7VeDii,tes 449 Web Sites 115
114 WebSites C—i _,—
29
/—
,/zmr.
Jun-06 Jul-06 Aug-06 Sep-06 TOTAL Jun-Sept 06
3/13/2007
UNCLAS
NETCOM /-9 th Army Signal£omrnand
®* •
Addrsii ^jf}http://www.saw usacearmy mil'li Jranet/i :ol6to.him ?HHGo A-v*s~-
:utd i i m IU i MI my b L u j u r u Lear i'iajui i m sptjoiktj iiniefTC m
French, as wet as limited German and Spanish,
Since his commissioning In 1982, Colonel Putllam has served In a wide variety of
command and staff assignments In the United States, Europe, Southwest Asia, and the
Caribbean, He commanded the Army's 3 0 t h Engineer Battalion (Topographic) at Fort
Bragg, North Carolina, from 2000 to 2002, and commanded both mechanized and
airborne engineers In Germany and at Fort Bragg while at the company level In the early
and mid 1980s, Other key assignments In his career include service as the French and
Italian Desk Officer for International Army Programs, U.S. Training and Doctrine
Command, In the early 1990s; a deployment to Haiti in 1996 as the United States
Liaison Officer to the Government of Haiti for Electric Power Production; and as
Executive Officer to the Deputy Special Representative of the President for Global
Humanitarian Demlning In Washington, D.C., from 1997 to 1998. Most recently, Colonel
Pulllam served as the Chief of Engineer Operations for United States Central Command
(CENTCOM), working for Generals Tommy Franks and John Ablzaid In execution of
Operations Iraqi Freedom and Enduring Freedom.
Among his decorations, Colonel Pulllam has been awarded the Defense Meritorious
Service Medal with Oak Leaf Cluster, the Army's Meritorious Service Medal with two Oak
Leaf Clusters, the Global War on Terrorism Expeditionary Medal, the Army Staff
Identification Badge, and the French Army's National Defense Medal (Sliver Rank), He is
a Sapper and Master Parachutist.
Colonel Pulllam Is married to the beautiful and talented Jacqueline Langlols Putllam,
herself a software engineer Instructor and the daughter of a Tennessee Baptist
Minister. They have twin eight-year-old daughters, Katherlne Anne (Katie) and
Jacqueline Alexandra (Alex).
n
In the last paragraph of this Colonel's biography, I discovered his wife's full name, as well as the names and
ages of his twin daughters. While these types of findings are becoming more rare, they are still being found in our
scans. After I sent an email notification to the webmaster of this site, 1 promptly received a return call saying this
issue was resolved, and this paragraph is no longer part of the Colonel's biography.
3/13/2007
UNCLAS
mm
NETCOM/9 th Army Signal Cbmri
• BLOGS:
• Total scans: 75 in SEPT 2006
• Total manually reviewed: 305
• Number of pages scanned in SEPT 2006:
209,435
• Number pages with possible violations: 6,538
•Number reviewed: 6,538
• Number of content violations: 0
3/13/2007
UNCLAS
.;:~
NETCOM / 9 th Army Signal;Command
V " ' . ' ' - - • ' — - i ~ i >—,-«,—_^___ *, -----J-L- • • ; _ _ _ / • ' - -
30 H '
m
20 27,400 Web 199,882 Web 844,979 Web
408,262 Web 209,435 Web
Pages Scanned Pages Scanned Pages Scanned Pages Scanned Pages Scanned
W
Pf
10
Violations!
Violations 3
1
3/13/2007
UNCLAS
NETCOM / 9 t,v Army Signal
- • - • .
^ ^ • • v ^ . . ; . - ; " w ^ -
: r ^
Command
: •WUfcUWH!
B logging Policy
So what restrictions are imposed on us milbloggers you may ask? Well
read the policy for yourself. Personally I think it's pretty relaxed,
here's a few exerpts:
Soldier
MULTI- Prohibited information. Any official information t h a t is
NATIONAL generally not available to the public and which would not be Blog
released under the Freedom of Information Act. Examples
CORPS-IRAQ
include but are not limited t o :
about
Policy for Unit 1) Classified information OPSEC
and Soldier
Owned and
2) Casualty information before the next-of-kin has been
Policy
formally notified by the Military Service concerned.
Maintained 3) Information protected by the Privacy Act.
Websites 4) Information regarding incidents under ongoing
investigation.
L 5) For Official Use Only information.
Personal web sites and web togs. Personal web sites and web
(ogs produced in a personal capacity and not in connection w i t h
official duties need not be cleared in advance. However, i t is
the responsibility of MNC-I personnel to ensure that any
personal web sites and web logs do not contain prohibited
information as defined In this policy. MNC-1 personnel who
have any questions regarding prohibited information may
submit the information to their servicing S2/G2/C2 for
classification questions or to their PAO for other questions.
3/13/2007
UNCLAS
NETCOM/.9 th ArmySignal Command
I
1
• : - - : : z U l - - - • - ^ : — - • " " - - ^
3/13/2007
UNCLAS
NETCOM79^ ArmySignaLCpmmancJ
70 COMMUNICATIONS
60
D LOGISTICS
50 -
DPERSONNEL
40
OPERATIONS &£r
30
20 ©CRITICAL,jn
INFRASTRUCTUREv
qCONTEXT
3/13/2007
UNCLAS
d
n
>
NETCOM / 9 th Army Sig qjTjmand
1400-
1200
1000 29,171 Web 331,127 Web 278,388 Web 441,254 Web 1,079,940 Web
Pages Scanned Pages Scanned Pages Scanned Pages Scanned Pages Scanned
800
Violations
571
600
Web s n s
Violations Violations Violations
Violations
149 Websites 16i
Ned bites Websites 114
71
29 42
/777T-
U / ' a i l BBWB
May-06 Jun-06 Jul-06 Aug-06 TOTAL May-Aug 06
3/13/2007
UNCLAS
XPQM / 9^Army Signal C o m m a n ^
^ i j E l Go • I Link!
-CD
113 I i * [ • M O O |U|H HH
Dr>wnkpndecJ ( 0 &> I VLS Unknown Zone
This site was found while reviewing a Scan Request earlier this week. It depicts a portion of their
communications network and the names of servers and routers. A notification has gone out to the unit, and I am
currently working with the webmaster to get this item removed from public access.
UNCLAS
NETCOM / 9 th Army Signal Command •
3/13/2007
UNCLAS
NETCOM / 9 lh Army'sigrial CommarfflS
3/13/2007
UNCLAS
Although he is no longer in the military, this former soldier has been
contacted about his photos which expose the weaknesses in our
equipment. A request was sent to the soldier's website on 29 Aug 2006
for the pictures to be blocked or removed. No response has been received.
3/13/2007
UNCLAS
) NETCOM / 9 t h Army Signal Command I — —
COMMUNICATIONS
D LOGISTICS
• ;
DPERSONNEL
OPERATIONS
i& DCRITICAL wm
INFRASXRUC :
A. J_ p
MNTEXT <"<-:.
m. -m^emyd
3/13/2007
NETCOM/9 t h Ar . Command
COMMUNICATIONS
• LOGISTICS
,
• PERSONNEL
OPERATIONS
• CRITICAL
INF=RASTRi|C HUB
• CONTEXll;
•
OTHERS
3/13/2007
IBHMJ1MI
ETCOM / 9 t h Army Signal Command
_ — • • • • .- . ' • — " • " : • - " . • • ••••:::-• v : . . ' • - . " - -
1400-
1200
1000 29,171 Web 331,127 Web 278,388 Web 441,254 Web 1,079,940 Web
Pages Scanned Pages Scanned Pages Scanned Pages Scanned Pages Scanned
800
600
400
Violations
200 -hweb Sites TT5
3/13/2007
UNCLAS
NETCOM / 9*h'Army Signal Command
mm
Pacific R r s i o n D i r e c t o r y
KOI-M Directory
Access to the C E N T C O M list is restricted. N o n - U S Aiiny Veterinary Service in d m duals must request a login and password.
Access to all other list is unrestricted at tlus time. If y o u require access to the C E N T C O M list please Click here.
3/13/2007
UNCLAS
: N E T C ( } M / 9 t h Army Signal Command
. :•-•- • ' , ' • ••' '. _ _ „ •••••_•_ " • -
—
1 - t t w w n
• Blogs:
• Total Manually Reviewed: 431
• Total Scans: 43
3/13/2007
UNCLAS
V
th
NETCOM / 9 Army Signal Command
- • ; • ! I
•.-I
• • - • ' *
i
'
iis£ ' ' ; j
'•
"'
I • • - :
\
I !
30-'
'
'
m
i
i •
1
> i
:
* -
onJ"
cu
/• • • :
!i • . - ;
I 1
1 • ' : •
!
L
! 1
:V -•;
;
; 1
10- * : t i
\ _ : . . - . - •
| Violatu?n«
\ • . " •
^Violation s • •
|Violatior I S • • ; •
| 4
| Violations . • _ • ' . • '
2 .* 2 ! Violations . ^ ^ M ^ M M
0 - £m
•
6-Sep
0
'• jay" ,.^_ i t ksi-
6-Oct
-Y-3 =
1
6-Nov
H r • f '—-
6-Dec
1—1 •* 1
TOTAL Sep-Dec 06
! J —-r-}
3/13/2007
TJNCLAS
..
iiti _ J,
3/13/2007
NETCOM/ 9!h Army Signal Command,
3/13/2007
UNCLAS
i&KS!
NETCOM / 9 t h Army Signal Command
COMMUNICATIONS
•
—__
• LOGISTICS :
DPERSONNEL
OPERATIONS
CRITICAL!
INFRASTRUCTURE; 5
OeQNTEXTl
3/13/2007
NETCOM / 9 , h Army Signal Command
I
FORCE PROTECTION
COMMUNICATIONS
D LOGISTICS
• . • • •
:
•
D PERSONNEL
OPERATIONS
OH CRITICAL
JNF=RASTRUCTURE
JCONTEXT
PI^OTHER;
*juu
3/13/2007
UNCLAS
X p / 9 lh ;Army SignaliCpmrnand —
1400-
1200 Violations
1016
1000 114,848 Web 59,287 Web 59,287 Web 332,458 Web
158,323 Web
Pages Scanned Pages Scanned Pages Scanned Pages Scanned Pages Scanned
800
600
400
200
0
Oct-06 Nov-06 Dec-06 Jan-07 TOTAL Oct 06-Jan
07
3/13/2007
UNCLAS
NETCOM / 9"? Army Signal Command
H m w m
:
FUe ."jEdft GO. To FovoHtdJ.. Help 1
•SSI* §1 'X"
: .: '"':
<OW't- «£>:.'> ErMs]'.'.^! ^ ^ • • ^ r w ^ ^ j:^?||> ;i&Q I
Address |-'«J ^tDr//www.ml,armyJrrptf/mairi/t'1aln/Oov^osdfid^
2Ts
|H Clltk'Hirte r
Go Links • * *
**n ror
©•.. l ^ V - I '\-Js\" .'.:>~~^- *'" - •:"r"-'' i f ' ^ ' ^ w
**- i; " Y f
Advanced Decision
Architectures
CTA Overview
CTAC
29 A p r i l 2003
This is one of the concerns from the Army Research Lab for January. There are several briefings that go into
some detail and contain personnel's names and email contact information; When the notification was sent to the
ARL, a response from the PAO stated that they were aware of the Army Regulations but they felt this info is
necessary on their publicly accessible website. The email is on the next slide.
:
' • • • "
— 3/13/2UU/
UNCLAS
•NETCOM/9l h ; Army Signal Command • — — i i i ••*
Lick war-
As per our conversation of January 9th, below is the response to your December email, "48 OPSEC Concerns on Public Website."
ARL is fully cognizant of the need to follow proper OPSEC procedures, as well as the DA and DoD guidance. In September of 2005,
ARL used the established guidances in craning its own regulations on how material would be published on the external internet site.
This policy also «ARL-MEMO-25-70.pdf» took into account the need for flexibility to pursue ARL's stated mission as the Army's
corporate laboratory, and reflected our dedication as an organization to proper OPSEC procedures.
We recognize that names and contact information are posted on the external server. However, the posted information pertains to
recognized POCs for internal lab programs. Quoting the ARL memo, these POCs help ARL "act as the bridge between the science
and technology community and the warfighter." The relevant section of the policy is below for your convenience. Additionally, I have
attached the full policy in PDF form to this file.
With this in mind, ARL believes the content on its internet server is in conformity with the existing guidance. Should you have any
immediate questions, you may reach me at 301 -394-1889. ARL's Associate for Corporate Programs, Leonard Huskey, oversees the
website and maybe reached at 301-394-4154.
-Paul D, Schmitt
ARL Public Affairs Office
301-394-1889
3/13/2007
_
• Blogs:
• Total Manually Reviewed: 0
• Total Scans: 42
3/13/2007
UNCLAS
N E T C O M 7 9 * Army Signal Command WRASSES •$>Gmxm
— - - • • •' : • • • - : : — ~ — • • ' • - ••- - - • . • • • • • • - • -
30 408,262 Web 209,435 Web tfl 66,782 Web 127,346 Web 811,825 Web
Pages Scanned Pages Scanned Pages Scanned Pages Scanned Pages Scanned
:
20
Violation^
•
14
Violation
0
10-ji
Violation^ ?Violations
0 2 Violations
2
3/13/2007
UNCLAS
NE1 7;9$ Army Signal Command MKWHbMUStft
This we're featuring a blog from a service member which is displaying battle damage to his humvee after a
: supposed hit .and run. A notification has been sent to this blogger and the AWRAC team is currently waiting for a.
resborise;.P-:^/: 'Zf^-yf'/.£*:'• - p.-;;p';
• tf-JStythj-O- >& & [ a l : j j M l Petef An«ita^,-ir|-|^MIrfwtrfraca:,;,J''^;FWr6Wtel<)ani...|-SlRAQ, BA6HPA... H ^ l http://ht>m«U ! " | j j 5 | ! p ^ ^ ^ > i a g » ^ « « g ^ » < » - 2:31 PM
5!
3/13/2007
UNCLAS
p.^N ETCQl^^ Signal ^Cpmniand" ^ f l ^ . ^ j S L
3/13/2007
UNCLAS
AWRAC FINDINGS REMEDIATED
JULY 2006
m FORCE PROTECTION
COMMUNICATIONS
• LOGISTICS
• PERSONNEL
OPERATIONS
• CRITICAL
llNFRA^RUpTURe
• ,-- p i
1
>.;>•;• •••:
ppsj^l^i^'. ill
3/13/2007
NETCOM / 9 th Army Signal Command
M
500 • COMMUNICATIONS
D LOGISTICS
400
PERSONNEL
' iHl
OPERATIONS
ED CRITICAL
^INFRASTRUCTURE
D CONTEXT
OTHER
NETCOM / 9 t h Army Signal Command
•«•—mm t-m.mx-MtittMMi
1400
1200
1000 29,171 Web T_r 331,127 Web 278,388 Web 441,254 Web 1,079,940 Web
Pages Scanned Pages Scanned Pages Scanned Pages Scanned Pages Scanned
800 Violations
611
600
400
Violations Violations Violations Violations
/VebSites 1
,nn .WobSitCG 154 447 Web SUes—t4S WebSites ^1
3/13/2007
UNCLAS
a Pathfinder 3IOC TTP
S u m m s v Oon???t bra afrald??????.???Embrace it???love lt???llve l t ? ? ? P » t h f l n d e r Access: Access Unit P a t h f i n d e r Server. Install IZ Analyst
N o t e b o o k Pluo-lnvislt Untt P a t h f i n d e r w e b o a g e ,
r i e Fannat: Microsoft P o w e r P o i n t - A u t h o r : florlnda.white
to ftftYTR Knciwledg? Center L K t Uod-ated t v v v vyMM/MTO: 2 0 0 e / 0 5 / i o
Q Army W e b Risk Ass^stmoni: g DCQS-A i C J T T P
.ell (AWRAC) Horn*?
@J Pathfinder 3IOC TTP
mSE^*MZ:^:IL
Army Orfj-anlzatlons has m o v e d .
To access, dick t h e Site Mao t a b .
5 - i n . m i i ^ Don?7?t b e afraid??????. ???Embrace lt???love lt???llve It F ? ? P e t h f i n d e r Access:Access Unit P a t h f i n d e r server. Install 12 Analyst
N o t e b o o k Pluo-lnVlsIt Unit P a t h f i n d e r w e b p a a e .
File Farrnax: Microsoft PowerPoint - A u t h o r : florlnda. w h i t e
Last u p d a t e d < v V t f / M M / D O ) : 2 0 0 S / 0 5 / 0 0
33 "3. AtitMrfJS Serv^kres g| DCGS-A I G3 PathFlnder
GS S. .o.rm5' e-Cpmmsrce
03 9° Mv Beneftts B FM 3t21*3ffl FEF
® & MV Education S'jrr.msi v Many units rnlaht have n o trained p a t h f i n d e r assets. Non-oathfVideT-quallfled Soldiers receive training from tHs p a t h f i n d e r s and
B3 S My Famltv form a company-level p a t h f i n d e r t e a m .
UNCLAS
NETCOM / ?'K Army•: uAMttUJHUBBMuuimiwnssi
——
20
1,108 Web 295,096 Web 27,400 Web 199,882 Web 523,486 Web
Pages Scanned Pages Scanned Pages Scanned Pages Scanned Pages Scanned
10
Violations
3
3/13/2007
UNCLAS
Excerpts and pictures from a former soldier's blog from A/1-12 CAV, Fort
Hood. Soldier was contacted previously by the U.S. Army HRC in St Louis
about his photos exposing the weakness in our weapons system. He
blocked four but not the ones featured in this slide. AWRAC sent a
request to the Soldier 20 July 2006 with pictures to be blocked or
removed, no response. AWRAC then sent a request to command. The
command reply states he is no longer in the military, but they would make
every effort to contact member and have photos removed.
UNCLAS
WiV^l
NETCOM/9th Army Signal Comman
3/13/2007
UNCLAS
. -•-TC0M/9^ArmySignayCbmmand
m FORCE PROTECTION
• COMMUNICATIONS
• LOGISTICS
DPERSONNEL
• OPERATIONS
• CRITICAL
INFRASTRUCTURE
&
• CONTEXT
• ; • • •
3/13/2007
/ 9 t h Army Signal Command
; • • • : ;
U FORCE PROTECTION
• COMMUNICATIONS
D LOGISTICS
•
• PERSONNEL
• OPERATIONS
• CRITICAL
.INFRASTRUCTURE
• CONTEXT
K)THER
"37T37ZDDT
~ / ^ ; !^.^ ; , -r-.^- - j ?*.-.•. i
HSaiSiaKHIKlWKS^attStt
; N E T C O M / 9 t h : A r m y Signal Command
>* —
1400-'
1200-'
1000-'
* 52,822 Web 29,171 Web 331,127 Web 278,388 Web 691,5 08 Web
800
Pages Scanned Pages Scanned Pages Scanned Pages Scanned Page;s Scannc;d
3/0
•
600-
Wf»h s it.fi fi
400-'
Violations 273
Violations Violations
Ma \A/n h CStAcvloiailons x-"
ive
D bites 1fiR A/n h Ritr" 151 149
200- 96 92 ^ j ^ V/eb S ' t e i ^ ^ ™
Rfl
:
_ . - • / . .
56 M
0-'
/
1
^Wrrm u ....• ^^T 2
29
. . - . • ; • . • • .
3/13/2007
UNCLAS
s://www.cs.dnieddoimy.n>il/bullistiiJininrj/maps/CB_Re(j350M3pI.pdf - M i c r o s o f t I n t e l net Enplm
t-
2-
3-
4-
5-
6-
7-
8-
9-
10
11
12
13 - Automated Record Fire
14 - Modified Record Fire
15 - Grenade Launcher Range
16 - Hand Grenade Qualification Course'
17 - Hand Grenade Familiarization Range
This map was found during a scan of an AMEDD training facility in TX on'
22 JUN 06. The webmaster was notified, since it displays specific training Ld
areas on the site.
IStP $ EB £?". ® El,:.• j : W\ '"box..- Micro,., g ) Watchfire W,; ^ ' - C j netcomb :22 AM
r f
: : — — - . " . 1 ^ ^ - • ' / • • - , • • :
th
NETCOM / 9 Army Signa
3/13/2007
UNCLAS
NETCOM / 9 t h Army Signal Command •
3/13/2007
XJNCLAS
Excerpts and pictures from a soldier's blog at Camp Phoenix, Afghanistan:
'There is a mountain nearby that people from Camp Phoenix climb from
time to time, and about a month ago I'd decided I would put my name on
the waiting list to go...I ended up getting to the top in 45 minutes...."
Soldier contacted 19 JUN 06 about providing information on troop
movements, locations, and vulnerabilities. No response as of 23 JUN 06.
3/13/2007
UNCLAS
NETCOM / 9 t h Army-Signal Command
3/13/2007
UNCLAS
NETCOM/ 9 t h Army Signal Command
• ..:_':\ ,
11
•__i_n.mlmJ.i_L.i_-.ji.- Maui i.—_..-r j _ ..•• . j — _t jtftgJ . •i.W-Lli.mtl ^luw. m j_xJ.M-imi%j&m^mJB
• FORCE PROTECTION
• COMMUNICATIONS
P LOGISTICS
- - . , • • - : . •
DPERSONNEL
• OPERATIONS
SMi?iTifcXi?s
^INFRASTRUCTURE:;
•JCONTEXT
•mm
H:,^
SMIK#A^^lter -: • ..-••••••
3/13/2007
AWRAC FINDINGS REMEDIATED
OCT 2005 to MAY 2006
El FORCE PROTECTION
• COMMUNICATIONS
Q LOGISTICS
DPERSONNEL
• OPERATIONS
• ' . ' • ' . - . • • •
D CRITICAL
JNFF^STRJUCTURE
INFRA3TF
$&* :
OGONTEXT ,jmm ^
37T3720UT
:
— - r-^ • . - - • • • - . , • • — ~ - — . - . - • . . . * ; • - : ^ - — ~
1400
1200
Violations
1000 905
800 60,407 Web 52,822 Web 29,171 Web 331,127 Web 473,527 Web
Pages Scanned Pages Scanned Pages Scanned Pages Scanned Pages Scanned
3/13/2007
UNCLAS
|tf
|L
.iC
raa
r,-
->,
L
| -
P>
•s
r> —I
^ i
1ff fj
ft
o
II 3 -n
13 1
WEB LOG VIOLATIONS
(WILD BLOGS)
• BLOGS:
• Total scans: 33 in MAY 2006
• Number of pages scanned in MAY 2006:
27,400
• Number pages with possible violations: 636
• Number reviewed: 836
• Number of content violations: 1
• Soldier's chain of command notified, content
removed the same day.
3/13/2007
UNCLAS
" :'v''--'; — .
IgNETCOM./.9 th
Army Signal Command !^W
3/13/2007
UNCLAS
NETCOM / 9^ Army Signal Coh^mand
3/13/2007
UNCLAS
f -NETCOM / 9 t h Army Signal Command
. JM I_±J " .. •• — i • •P ^ P ^ H J ^ — ^ ^ ' n • • • • • > » » • > • ' • • .••nil' i •• .'• • •' ii"i
1 FORCE PROTECTION
COMMUNICATIONS
• LOGISTICS
•?-• ^ T
• PERSONNEL?
OPERATIONS
J r
. • . : ' - - ; • - -
• CRITICAL
INFRASTRUCTURE]
CONIB^B
3/13/2007
d
n
>
en
30 ; :
;
°£
' •
srn
O O o
I^H
&£•&'*''
1 CJ
N» :
. H -n o
HK
«s
to
ro r?
• ••
. .: 0
•t»
cr> rn •ID
•
•
CD
•
J
• • - •
01 -? >
!."'-! Ol
0 0
C/)
z 3J
to';
CO
0 m •Si.
<
o
•H^i^ n#,:vS '.; • : v
'D • • • 10 ^
m 3j
o
o 5 0 - O "0 r 0 •n 0 £3'
^rH-l^»Ol^ : ! '3D ' ; "0 O 0 O 0 0 >cu.:
^^SE^^^mZ-^Tn - J • m D O 3J 0
' 3 •
O > stt-i
JRD^Pmi&O':::^ > O m H
CO fflffl^^^^^i;:-:X —4 2> H Z m
H ^l"
Tl
O w
CO 0 v § CO 0 D
ro
o z P 0
o >
-si HNS^^^ ~~1 . H H
m
c • V'
O 0
•L: . *
fl^flW^*?^*'"? 1
.:••••:•• "• • "•-"
i
Z
O
: .
N E T Cn0MM/ Q/ 9t ^h AA>
• - •
r m y Signal Command;
• • • • • : > r J
\ ••• + * • • • - • • : • • - - : • • • . - . • •
ii
1400
1200
1000 29,171 Web 331,127 Web 278,388 Web 441,254 Web 1,079,940 Web
Pages Scanned Pages Scanned Pages Scanned Pages Scanned Pages Scanned
800
600
Violations
400 Violations -33T
Web Site
Violations Violations 227 184
Wffh SitP
200 -^Nvb Sites ^"4 Web Sites TT5
3/13/2007
UNCLAS
N E T C O M / 9 t h Army Signal Command
• •
. This Colonel's biography was found on the website for.the Combined Federal ,:
Campaign in Hawaii. In.the last paragraph, it displays the Colonel's wife's maiden
name, town and state'of birth; and both children's full names-;;;A notification was sent on
20November and we are; currently awaiting resolution.
• ::-vv^'
• - • • • .
"37T37ZUTjr
UNCLAS
* c.
• < • ' - • • : • •
NETCOM ;;jK9& Army Signal Command
• • • • , - , - • • • • • • • ; • • • • • ' A .. . - ^ .. • * - . : • • • • • • V . - • • < • : - . • • •••• - • • - • • •
TT-.—" • < • 'J1 ' ' * i . .1 i.'_m 1 '^i • • ' — . —v . . <.— -. .• • i' - ^rr^n u> . • a^^-r™-^^—••'•^^g^a^^B
• Blogs:
• Total Manually Reviewed:532
• Total Scans: 63
3/13/2007
UNCLAS
' I.
•I NETCOM/9" Army Signal C o m m a ^ ~W^\
"
30
20 ii
408,262 Web 209,435 Web 66,782 Web 124,687 Web 809,166 Web
Pages Scanned Pages Scanned Pages Scanned Pages Scanned Pages Scanned
3/13/2007
UNCLAS
NETCOM / 9th Army Signal Command
• ' " • • ' • • •
Bjffeateg.a^' - • • • " • •
3/13/2007
UNCLAS
NETCOM/ 9 h Army Signal Command
• • . P H . - . ... jj_-»»ihp.B^B^^Mgcwgj. | 'JL.. 1 i ---< nurtmu_i_i IJ_.~ . I - ^ - . - I J — M - ^ ^ ^ r ^ J U - j - ^ a — L L i g f t n ii_i u n _ -
3/13/2007
UNCLAS
— M M M H
j SNETC0M;/9'tArmy Signal Command
1
' I'lg"™™^^™i i 1 — . ; . . r-—'. ! ' t - . L " .• ' \'.- . ^ n e 1 . " — ' • • • • • 'j_i -.". 'M ? P l « _ T ^ - i
FORCE PROTECTION
COMMUNICATIONS
D LOGISTICS
D^PERSONNEL
PERATIONS
QCRITICAL
m
1INERASTRUCT0RB
3/13/2007
»
NETCOM / 9th Army Signal Command!
' '•:• '.
• '
COMMUNICATIONS
D LOGISTICS
• .PERSONNEL
^OPERATIONS
:
3^Hv?":-'?3
• CRITICAL
fflNFRftSTRUCTORE
OCQNTEXTi
3/13/2007
> i.-
S N E K O M / 9 t h Army Signal Command .
1400-
1200
1000 29,171 Web 331,127 Web 278,388 Web 441,254 Web 1,079,940 Web
Pages Scanned Pages Scanned Pages Scanned Pages Scanned Pages Scanned
800 Violations
617
600
3/13/2007
UNCLAS
i $
M
32 NETCOM / 9 t h Army Signal Command
u ..BIS.
Davttf i."3 The page requires a client certificate - Microsoft Internet Explorer
Comput I
Edit Vtow Favor K M TOOFS Help /# m
Q * * * - © " S H I C j [ , P Search ^^vorftes , @
DI3,
Address 4 9 https://tnosc,pac,armY.mH/refwerws/seEUrlty/Ir^^ Go i U n ^
•••• —
Please t r y t h e f o l l o w i n g :
• C o n t a c t t h e W e b s i t e a d m i n i s t r a t o r if y o u b e l i e v e y o u s h o u l d b e a b l e t o v i e w
this d i r e c t o r y or page w i t h o u t a client certificate, o r to obtain a client
certificate.
* t f y o u a l r e a d y h a v e a cfiertt c e r t i f i c a t e , u s e y o u r W e b b r o w s e r ' s s e c u r i t y
f e a t u r e s t o e n s u r e t h a t y o u r c l i e n t c e r t i f i c a t e is i n s t a l l e d p r o p e r l y , ( S o m e
Web b r o w s e r s r e f e r t o client certificates as b r o w s e r o r persona?
^ certificates.)
HTTP E r r o r 4 0 3 , 7 - F o r b i d d e n [ S S L c l i e n t c e r t i f i c a t a is r e q u i r e d .
Internet I n f o r m a t i o n Services (ITS)
army G I I J
1st - Soil
Technical I n f o r m a t i o n (for support personnel)
• G o t o M i c r o s o f t P r o d u c t S u p p o r t S e r v i c e s and p e r f o r m a t i t l e s e a r c h f o r t h e
words HTTP and 4 0 3 -
• O p e n I I S H e l p , w h i c h is a c c e s s i b l e in ITS M a n a g e r ( i n e t m g r ) , a n d s e a r c h i.
f o r topics titled A b o u t C e r t i f i c a t e s , U s i n g C e r t i f i c a t e T r u s t L i s t s ,
UNCLAS
i i.
I .• U ~ .. • . , ; . , , ; • . , . „ , — — • • • - . , . . • • • • • : • • : , . : : • , • • • • ' ••• --,••:. I-
th
. „ _ , , NETCOM / 9 Army Signal Command
J
:u \smsasaeasaBX=1
•HOTW,IIHIWII>M ,-_• ••• • .•-•:.• •• .• • • •-•_. '" J - . - v •••• - ..^;. : • ••__--- •••••• Ifmmmnrtriirmrs
• Blogs:
• Total Scans: 78
UNCLAS
^ N E T C O M / 9lhl Army Signal Command
30
'*
2 0 - 199,882 Web 408,262 Web 884,361 Web
209,435 Web 66,782 Web
Pages Scanned Pages Scanned Pages Scanned Pages Scanned Pages Scanned
1"
3/13/2007
UNCLAS
< -<»
N E T C O M / 9 t h Army Signal Command
^ • i - ••• - • • • • • • ii .. • - • • • .—: !—-»•' .•_ i * ' ' • - — . . • • . . . •' .'.:• • • . ' . - • - — • " . ' • . • '. . ••••
http://www.xanqa.com/JoshatBurke
Soldier
mentions " Well they are telling us we are flying out of Iraq the day
redeployment after thanksgiving...."
in blog. Soldier contacted about 0PSEC concern. No response
has been received.
•• tu
OPSEC
Internet Service Providers in Iraq, the only bandwidth i Policy.
available to me would be government-owned. AR 25-1 IS K i t :
states that I cannot use government time or resources to |»The.-|
maintain a personal Web Site." word is
http://www.mikequlf.blogspot.com/ getting
•put.
3/13/2007
UNCLAS
% u
For Official Use Only
Violations
1,164
1000
1,549,679 Web 1,407,279 Web 60,407 Web 52,822 Web 29,171 Web
800
Pages Scanned Pages Scanned Pages Scanned Pages Scanned Pages Scanned
i -u
For Official Use Only
Web Sites
29 Web Sites
30 z:
Web Sites -xr
25
::.
1
20-
304,024 Web 5,581 Web 2,239 Web 1,108 Web 295,096 Web
Pages Scanned Pages Scanned Pages Scanned Pages Scanned Pages Scanned
Web Sites
^Violation
1
LTCM f-EST-
1/57 H T O ? 2 ^ ^ ^ ^ ^ ^ ^ ^
APPROVED BY COL Stephen Jurinko
PREPARE MEMO
M A J
« •NETC-EST-l/703-602-
APPROVED BY
1. References:
Memorandum, Office of the Secretary of Defense, November 25,1998, Subject: Web Site Administration
Policies and Procedures with 11 January 2002 amendments
Memorandum, Office of the Secretary of Defense, July 13, 2000, Subject: Privacy Policies and Data
Collection of DOD Public Web Sites
Memorandum, Deputy Secretary of Defense, 24 September 1996, Subject: Information Vulnerability and
the World Wide Web
Memorandum, Office of Management and Budget, June 22, 2000, Subject: Policies and Data Collection of
Federal Web Sites
DOD Directive 5230.29, "Security and Policy Review of DOD Information for Public Release," May 6,1996
DOD Directive 5230.9, "Clearance of DOD Information for Public Release," April 9, 1996
Memorandum, Office of the Director of Information Systems for Command Control, Communications, and
Computers (DISC4), 30 November 1998, Subject: Guidance for Management of Publicly Accessible U.S.
Army Websites
Army Regulation (AR) 380-5, 29 September 2000, Department of the Army Information Security Program
1. References:
a. DoDI 5230.29 Security and Policy Review of DoD
Information for Public Release, 6 March 1996
b. Memorandum, Deputy Secretary of Defense, dated 24
September 1998, Information Vulnerability and the World
Wide Web.
c. Memorandum, Assistant Secretary of Defense, dated 28
December 2001, Removal of Personally Identifying
Information of DOD Personnel from Unclassified Websites
5. Definitions:
THADDEUS A. DMUCHOWSKI
COL, GS
Director, Information Assurance
Memorandum, Office of the Secretary of Defense, November 25,1998, Subject: Web Site Administration
Policies and Procedures with 1 Uanuary 2002 amendments
Memorandum, Office of the Secretary of Defense, July 13, 2000, Subject: Privacy Policies and Data
Collection of DOD Public Web Sites
Memorandum, Deputy Secretary of Defense, 24 September 1996, Subject: Information Vulnerability and
the World Wide Web
Memorandum, Office of Management and Budget, June 22, 2000, Subject: Policies and Data Collection of
Federal Web Sites
DOD Directive 5230.29, "Security and Policy Review of DOD Information for Public Release," May 6,1996
DOD Directive 5230.9, "Clearance of DOD Information for Public Release," April 9,1996
Memorandum, Office of the Director of Information Systems for Command Control, Communications, and
Computers (DISC4), 30 November 1998, Subject: Guidance for Management of Publicly Accessible U.S.
Army Websites
Army Regulation (AR) 380-5, 29 September 2000, Department of the Army Information Security Program
1. Task: Research policy on the collection of Personal information on Military, DoD, and
Contract Employees.
• References:
a. Telecom conversation with MS Thornton, Janice, Ms., FOJA, RMDA
703-806-7138.
b. DoD 5400.11-R, Privacy program, Deputy Assistant Secretary of Defense
(Administration) August 1983.
http://www.dtic.mil/whs/directives/corres/pdf/540011r_0883/p540011r.pdf
c. Memorandum, Deputy Secretary of Defense, 24 September 1996, Subject:
Information Vulnerability and the World Wide Web
d. OSD Memo Subj: Removal of Personally Identifying Information from
Unclassified Websites 28 Dec 2001.
e. Web Site Administration Policies & Procedures November 25,1998 With
Amendments from 11 January, 2002
* Any personal information posted on the Internet or Intranet must be handle as FOUO
under FOIA
* C2.1.4.1. When an individual is requested to furnish personal information about
himself or herself for inclusion in a system of records, a Privacy Act Statement is required
regardless of the medium used to collect the information (forms, personal interviews, stylized
formats, telephonic interviews, or other methods).
* Any personal information posted on the Internet or Intranet must be handle as FOUO
under FOIA.
References
Memorandum, Office of the Secretary of Defense, November 25, 1998, Subject: Web
Site Administration Policies and Procedures
Memorandum, Office of the Secretary of Defense, July 13, 2000, Subject: Privacy
Policies and Data Collection of DOD Public Web Sites
Memorandum, Office of Management and Budget, June 22, 2000, Subject: Policies and
Data Collection of Federal Web Sites
DOD Directive 5230.29, "Security and Policy Review of DOD Information for Public
Release," May 6, 1996
DOD Directive 5230.9, "Clearance of DOD Information for Public Release," April 9,1996
Army Regulation (AR) 380-5, 29 September 2000, Department of the Army Information
Security Program
Personnel risk:
Removal of: Plans and lessons Learned, Operations or Vulnerabilities.
Any Reference to movement of or locations of units and personnel.
Removal of all personal information: SSN, DOB, Name or location or family
members.
Deputy SECDEF Memo, Subj: Operations Security Throughout the Department of Defense
http://www.fas.org/sqp/bush/wolfowitz.html 18 Oct 2001.
OSD Memo Subj: Withholding of Personally Identifying Information Under the Freedom of
Information Act (FOIA): http://www.defenselink.mil/pubs/foi/withhold.pdf 9 Nov 2001.
Implementation of FOIA for personal information. Withholding of list of name and e-mail
addresses under FOIA
DODD 5230.9 Clearance of DOD Information for Public Release April 9,1996,
ASD(PA) http://sites.defenselink.miI/dd5230_9.html#A
AR 530-1 is available at.. <http://www.fas.orQ/irp/doddir/armv/ar530-1t.htm>
AR 25-1
http://www.usapa.army.mil/pdffiles/r25 2.pdf
Basically from your point of view, I ' d say that if something raises a question,
the web site owner should be able to present the official public release
clearance when requested to do so.
B^-jobc
IBRN WH Memo 19
Mar 021.pdf
INFORMATION PAPER
NETC-EST-I.
04 May 2006
1. Purpose. To provide guidance on the mission of the Army Web Risk Assessment Cell
2. Facts: The AWRAC mission is to search DoD Websites and unofficial sites related to the
Army for information and trends of data that could be used to breach security or pose a threat to
defensive and offensive operations and military personnel. In addition, AWRAC evaluates
website content to ensure compliance with departmental policies, federal regulations and
procedures, and industry best practices. The AWRAC's core mission consists of website
patrolling, bulk analysis, and operational security analysis.
3. AWRAC was established in February 2002 with one full-time person to review official Army
(.mil) sites for possible OPSEC violations. The mission was expanded in June 2002 to include
all .mil sites, including those with restricted domains. An Al Qaeda training manual recovered in
Manchester, England, in 2003 stated that "using public sources openly and without restoring to
illegal means, it is possible to gather at least 80% of information about the enemy.'
4. AWRAC was added to AR 25-1 (Army Policy on Website Management) in June 2004.
AWRAC's mission was expanded in August 2005 by the Army Chief of Staff to include scans of
unofficial weblogs (blogs) which contained information concerning the Army, available to the
public and found on the internet. AWRAC scans numerous sites, such as Family Support Group
websites, unofficial Army websites posted by service members and other items found on the
web, i.e., unpublished doctoral dissertations. The publication of DA Pam 25-1-1 (Information
Technology Support and Services) in November 2005, required all individuals appointed to be
Web masters/maintainers, reviewers, and content managers to complete training and
certification, as necessary, equal to the duties assigned to them. The training site is located at:
https://iatraininq.us.army.mil.
5. Using the webcrawler program Watchfire, AWRAC analysts perform site-by-site, page-by-
page evaluation of Department of the Army (DA) website content and unofficial sites. Using a
browser, Operations Security (OPSEC) guidance, a web crawling software, and a list of target
websites, monitors visit each DA Website and manually evaluate the content of each page on
the site for inappropriate links to commercial, personal and classified sites, as well as for
OPSEC violations.
6. AWRAC currently employs four full-time analysts, and coordinates for support from Army
National Guard and Reserve soldiers to conduct analyses during their drill weekends and
annual training. Analysts review sites, and contact webmasters or bloggers if a potential threat
is found. AWRAC also supports a website on Army Knowledge Online at
https://www.us.armv.mil/suite/portal.do?$p=254224 to provide information on AWRAC issues.
Classification: UNCLASSIFIED
Caveats: NONE
Classification: UNCLASSIFIED
Caveats: NONE
Attached is the signed announcement letter for the Summary Audit of the Information
Technology Procurement Process (A-2007-FFI-0651). We anticipate that we will need
POCs for the following:
CIO/G-6
ASA(ALT)
ASA(FM&C)
Debbie
Classification: UNCLASSIFIED
Caveats: NONE
Classification: UNCLASSIFIED
Caveats: NONE
For Official Use Only
DEPARTMENT OF THE ARMY
UNITED STATES ARMY NETWORK ENTERPRISE TECHNOLOGY COMMAND/
9 * ARMY SIGNAL COMMAND
2530 CRYSTAL DRIVE, 6 T H FLOOR
ARLINGTON, VA 22202
REPLY TO
ATTENTION OF:
MEMORANDUM THRU
FOR Headquarters Department of the Army G-3, ATTN: DAMO-ODM, Mobilization Branch,
400 Army Pentagon, Washington, D.C., 20310-0400
SUBJECT: Request for 365 day mobilization of two five person Reserve Component
Information Operations teams in support of Chief of Staff of the Army directive on OPSEC
1. The purpose of this memorandum is to request HQDA G-3 approve and direct the 365 day
mobilization of ten total Information Operations (IO) personnel. These personnel will be utilized
by the G-6 as two five person teams "to track and report, on a quarterly basis, open source
OPSEC violations" as directed by the Chief of Staff of the Army (CSA).
2. These OPSEC compromises are mainly derived from our continued operations in both OIF
and OEF. According to Al-Qaeda in their own terrorist handbook, they find 80% of the
information they use against us from open sources. The CSA reinforces this by stating that "the
enemy aggressively reads our open sources and continues to exploit such information for use
against our forces such OPSEC violations needlessly place lives at risk and degrade the
effectiveness of our operations."
3. The G-6 does not have the requisite personnel to perform this directive from the CSA,
additional personnel are required. Ten mobilized personnel from the Reserve Component will
allow the G-6 to properly execute this directive.
4. These ten personnel should come from the USAR and ARNG. They will be assigned to
NETCOM's Office of Information Assurance & Compliance, Army Web Risk Assessment Cell
(AWRAC) and perform duties in Crystal City, Arlington, VA.
5. If this mobilization request is not approved it will significantly impact the ability of the G-6 to
continue executing this directive. Properly executing this directive is essential to helping
safeguard our sensitive information and protecting the lives of our force.
NETC-EST-CG
SUBJECT: Request for 365 day mobilization of two five person Reserve Component
Information Operations teams in support of Chief of Staff of the Army directive
6. Operational information:
7. This request has been coordinated with the Army OPSEC Officer in DAMO-ODI, M A J ^ £
at 703-614-6558.
CARROLL F. POLLETT
Brigadier General, USA
Commanding
SA EOH Commants:
% : • • • . .
; I J
. • , .
.\
• • • - ^ . - - . ' • •
USA i •
VCSA • ' ; .
• '
• -I--: .
DAS I
H
VDAS '
7. EXECUTIVE SIMm.ni it CTION MEM ORANDUM (Desertsa briatly the requirement, background, and action taken ecommanded.
or Must be sufficient!v detailed to identity the
acton without recoLrse to othersources.)
Kev Points
• 1'he Arrr yWebF Risk Assessr nent Cell (AWRAC) is responsible f or reviewing the Army's publicly-
accessit »le web:sites and ass essing the operational security and threats of those site s.
• . AM/RAC is comr. rised of Arm y Reserve and National Guard sold iers who support the mission
d uring w eekend drills and an nual training.
• CJSAme ssage ([DTG: 200001 Z Aug 05) has expanded the AWR^C mission to includ 3 review of
Airmy-rel ated infc >rmation sha red on unofficial websites posted b\ / service members.
2. Discussion:
a. The G-6 does not have the requisite personnel to perform this directive from the CSA; additional
personnel are required. Ten mobilized personnel from the Reserve Component will allow the G-6 to properly
execute this directive.
b. The Army Web Risk Assessment Cell is responsible for reviewing the content of the Army's publicly-
accessible web sites. The Army Web Risk Assessment Cell conducts ongoing operational security and threat
assessments of Army websites utilizing Army Reserve and National Guard soldiers, and uses weekend drills
and annual training to support its mission. The CSA message (DTG: 200001Z Aug 05) has tasked the HQDA G-
6 (in coordination with the G2) to track and report, on a quarterly basis, open source OPSEC violations and
expanded the Army Web Risk Assessment Cell mission to include review of Army-related web-logs (blogs),
video logs, photo-sharing sites and unofficial websites posted by service members for OPSEC concerns.
:
9. HQDA STAI F COORDINATI 3N
CONCUR NONCONCUR tIGENCY NAME (RANIC, LAST NAME) PHONE DATE REMAR K
• • Phone Numbe r
• • Phone Number
*
• • Phone Numbe r
• • Phone Numbe r
• • Phone Numbe r
D • Phone Numbe
• • Phone Numbe
• • Phone Numbe •
• • Phone Numbei
• • Phone Numbei
• • Phone Number
10. REMARK SBYE CC/SACO C RETURNEDR :QUEST1NG ADCIITIONAL INFOF MAT10N/CLARIFIC ATTON "^k- .L .".v. til, ' .r' - ' - :• ! •
J
;\.':., -.v.
& •">"' afej
§M j
• • : • • ! | :•
31 .
• • ' • - • • ' . - ' • • • • > : • . . .
:
- ' ;•
• - ' - . " • . .
A1
,'- -' "
: ' • - • • • . : . " :
ll.l
•
3? " . •
NETC-EST-CG
1. The purpose of this memorandum is to request HQDA G-3 approve and direct the 365 day
mobilization of ten total Information Operations (IO) personnel. These personnel will be utilized
by the G-6 as two-five person teams "to track and report, on a quarterly basis, open source
OPSEC violations" as directed by the Chief of Staff of the Army (CSA).
2. These OPSEC compromises are mainly derived from our continued operations in both OJJF
and OEF. According to Al-Qaeda in their own terrorist handbook, they find 80% of the
information they use against us from open sources. The CSA reinforces this by stating that "the
enemy aggressively reads our open sources and continues to exploit such information for use
against our forces such OPSEC violations needlessly place lives at risk and degrade the
effectiveness of our operations."
3. The G-6 does not have the requisite personnel to perform this directive from the CSA,
additional personnel are required. Ten mobilized personnel from the Reserve Component will
allow the G-6 to properly execute this directive.
4. These ten personnel should come from the US AR and ARNG. They will be assigned to
NETCOM's Office of Information Assurance & Compliance, Army Web Risk Assessment Cell
(AWRAC) and perform duties in Crystal City, Arlington, VA.
5. If this mobilization request is not approved it will significantly impact the ability of the G-6 to
continue executing this directive. Properly executing this directive is essential to helping
safeguard our sensitive information and protecting the lives of our force.
NETC-EST-CG
SUBJECT: Request for 365-Day Mobilization of Two-Five Person Reserve Component
Information Operations Teams in Support of Chief of Staff of the Army Directive on OPSEC
6. Operational information:
7. This request has been coordinated with the Army OPSEC Officer in DAMO-ODI,
at 703-614-6558.
CARROLL F. POLLETT
Brigadier General, USA
Commanding
NETC-EST-I 16 MAR 06
1. FOR: Signature.
2. PURPOSE: To obtain the Commanding General's signature on a request for the 365-day
mobilization of two five-person Reserve Component Information Operations teams in support of
the Chief of Staff of the Army's directive on OPSEC and the World Wide Web.
4. ASSUMPTIONS: None.
5. FACTS:
a. Background. The Army Web Risk Assessment Cell (AWRAC) is responsible for
reviewing the content of the Army's publicly-accessible web sites. AWRAC conducts ongoing
operational security and threat assessments of Army websites. AWRAC is made up of Army
Reserve and National Guard soldiers, and uses weekend drills and annual training to support its
mission.
b. Facts. CSA message (DTG: 200001Z Aug 05) has expanded the AWRAC mission to"
include review of Army-related web-logs (blogs), video logs, photo-sharing sites and unofficial
websites posted by service members for OPSEC concerns.
CSA SENDS:
2. (U//FOUO) THIS IS NOT THE FIRST TIME THIS ISSUE HAS SURFACED. THE
VICE CHIEF OF STAFF OF THE ARMY PREVIOUSLY ADDRESSED THIS VIA MESSAGE
IN FEBRUARY 2005. TAKE A HARD LOOK AT HIS GUIDANCE.
3. (U//FOUO) LEADERS AT ALL LEVELS MUST TAKE CHARGE OF THIS ISSUE AND
GET THE MESSAGE DOWN TO THE LOWEST LEVELS. TO ASSIST YOU, THE HQDA
G-2 AND THE OPSEC SUPPORT ELEMENT ARE DEVELOPING A TRAINING MODULE AND
ARE FORMING A MOBILE TRAINING TEAM TO ASSIST IN TRAINING YOUR
SOLDIERS. DETAILS WILL BE PROVIDED NLT 2 SEPTEMBER 2005. HQDA G-6
(IN COORDINATION WITH G-2) IS DIRECTED TO TRACK AND REPORT, ON A
QUARTERLY BASIS, OPEN SOURCE OPSEC VIOLATIONS. AN INTERIM CHANGE TO
AR 53 0-1, OPERATIONS SECURITY, WILL BE PUBLISHED VIA MESSAGE WITHIN 3 0
DAYS WHICH WILL CONTAIN CLEAR POLICY CONCERNING THE POSTING OF
SENSITIVE PHOTOS AND INFORMATION ON THE INTERNET.
4. (U//FOUO) GET THE WORD OUT AND FOCUS ON THIS ISSUE NOW. I EXPECT
TO SEE IMMEDIATE IMPROVEMENT.
APPROVED BY