Semper Fi: Why the Marine Social Media Ban May Not Go Far Enough

An immediate ban on commercial social media sites such as Facebook, Twitter, and MySpace went into effect for all Marine Corps personnel using the unclassified Marine Corps Enterprise Network (MCEN) NIPRNET this past Monday. This ban does not affect the personal use of social media by Marines on their own private computers or wired devices.

But perhaps it should.

The ban went into effect -- according to the memo -- because the "very nature of social networking sites creates a larger attack and exploitation window, exposes unnecessary information to adversaries and provides an easy conduit for information leakage." The stated concern is that Marines accessing these open social networks from Marine Corps computers could expose the MCEN to security breaches and attacks that could threaten to disrupt or intercept Marine communications. Further, that information data-mined from social networks could also be used to compromise both operational security and personal security is also a possibility.

While this may be an accurate claim, MCEN security already effectively blocks social network access according to officials. The reason for the ban is to put a waiver system in place to grant access to Marines who may need specific access to social media sites to perform their duties. Examples of those exceptions would include the Marines that operate the USMC Twitter site, the Marine Corps Facebook site, and the Marine Corps MySpace site.

But if a ban on social media on official Marine computer systems is essential for hardening network security and limiting potential intrusion and infiltration, wouldn't a complete ban including personal computers and wireless devices also make a great deal of sense?

The use of social networks puts individual Marines -- or for that matter, other servicemen -- at risk for compromising the operational security of their units and possibly even their own personal security.

Data-mining software and techniques in the hands of adversaries (or for that matter, allies) can potentially be configured to scour social media networks and selectively filter servicemen by information they submit. This includes not only individual personal information (which we'll examine in more detail in a moment), but also information that can indicate unit status, deployment orders, morale, and even the result of enemy contacts.

While the scandal over his articles in the New Republic made U.S. Army soldier Scott Beauchamp the center of a military investigation that eventually led to his articles losing the support of the magazine, the first punishment the private received for his online activity was the result of his breaking operational security and announcing his unit's exact deployment date to Iraq on his personal blog.