“The term ‘asymetric’ comes from information warfare and guerilla warfare. You have a major force, a big army with tanks, airplanes and what have you, and then you have a bunch of guerillas behind bushes. . . . [Facebook and Twitter] and all of those services — all of those media — are giant leaks.”
The hazards posed to DoD as the result of Web 2.0 technologies does not mean they should not be used by Defense officials, though. Strassmann says there should be policies in place that ensure certain precautions and measures are taken.
He is currently working with an agency in DoD to write that agency’s Web 2.0 policy.
“Specifically, there are provisions available in the policy which require that outgoing traffic be recorded and kept for forensic purposes. I’m recommending that — sure, you should allow people to go out, but you should put safeguards so that, in the event you have exfiltration of information, you can prosecute the people.”
Of the two risks — incoming and outgoing — Strassman stresses the need for balance because of the way attackers think.
“From the standpoint of an attacker, the ability to extricate intelligence through data mining through outbound traffic is more rewarding than what they can get by trying to pierce through increasingly onerus defenses and protection devices like virus protection and firewalls.”