• United States



To Ban or Not To Ban?

Feb 08, 20084 mins
CareersIdentity Management SolutionsIT Leadership

  Should the Department of Defense (DoD) ban the personal use of their networks? Federal Computer Week (FCW) recently ran several stories stating that they are seriously considering it. But the ramifications go much further than just the DoD.

The first article by FCW entitled: DOD considers prohibiting personal use of networks stated the facts as presented at the Institute for Defense and Government Advancement’s Network Centric Warfare 2008 conference in Washington. According to that report, Lt. Gen. Charles Croom, director of the Defense Information Systems Agency, said,

“The Defense Department is considering a policy that would banish all traffic not proven to be purely official DOD business from its networks…. Unofficial early estimates, however, are that 70 percent of the traffic on DOD networks today is unofficial and would be banned, said sources close to the department.”

A few days later, another report was issued by FCW entitled: Should DOD ban personal use of its nets?

This report was fairly skeptical of the concept and listed many concerns with the potential plan. “It is nearly always impossible for a policy-maker in any organization to be able to specify exactly what network traffic is “legitimate” and what is not because the work environment is rarely simple enough to submit to high-level heuristics.”

 The FCW report prompted forum comments like this:  “I am already seeing a reduction of outside work related email and web site access. If it is reduced any more then I will not be able to perform my job without working from home to perform research. Also, as someone suggested moving to Firefox, I would love that, but move me to Thunderbird too since my current email tool does not work well and even though our admin people have heavy filtering on, all it’s doing is allowing >100 suspected spam emails per day to get through (marked as spam though), and about 80% of outside vendors I deal with cannot get any email through. Go figure…”

TechNews World  lays out some legitimate concerns regarding current social networking policies: “To be sure, bandwidth requirements pose a legitimate concern that is not limited to the U.S. military. Large corporations, for instance, have taken to locking employees out of popular streaming video sites at the workplace in order to ensure that their networks can run at full capacity.

Sharing videos, swapping photos and other popular Web 2.0 activities can easily eat up a lot of bandwidth, said Jeff Stibel, CEO of, which provides military families with tools to create multimedia sites.

Even the New York Post ran an article in January about employees wasting time online at work . The article Net Losses strikes a balanced approach with an emphasis on good, specific policies.

* Put your policy in writing, says Nancy Flynn of the ePolicy Institute, “and I mean physically in an employee manual or something separate that the employee signs.”

* Be specific, says attorney Debra Guzov. It’s no good to say employees are allowed a “reasonable amount” of Web time – “to a CEO, that might be 20 minutes on lunch break; for an employee, it might be four hours.”

* TELL WORKERS if you’re monitoring them.

* Don’t go overboard, advises Guzov, who doesn’t recommend a complete ban on personal surfing. “People are working increasingly long hours, and sometimes it’s the only way they can get personal business taken care of.”

 Finally, Cyber ran a good piece on a blogger who lost a battle to keep blogging  about work .

 “We bloggers cry about Big Business usurping the First Amendment and stifling what they regard as the only voices of truth in the wilderness. Maybe that’s true some of the time. I would worry very much about it if it were true now. But this time around, the dispute isn’t about using an atomic flyswatter to squash a tiny buzzing of opinion. It’s about making sure an employee is doing the job he was hired to do, not getting caught up in some overgrown, overly opinionated diary/hobby that unfairly treads on his association with his employer and has the potential to damage his employer’s reputation.”

Not a lot of answers out there, but many, many questions.

I doubt that the DoD wants my opinion, but here it is anyway (from a former DoD employee). Be very careful about a total ban for all employees on personal use. My prediction: if the DoD goes that way, someone will rescind the ban within 2 years – probably sooner when a new administration arrives.  


Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist and author. During his distinguished career, Dan has served global organizations in the public and private sectors in a variety of executive leadership capacities, including enterprise-wide Chief Security Officer (CSO), Chief Technology Officer (CTO) and Chief Information Security Officer (CISO) roles in Michigan State Government. Dan was named: "CSO of the Year," "Public Official of the Year," and a Computerworld "Premier 100 IT Leader." Dan is the co-author of the Wiley book, “Cyber Mayday and the Day After: A Leader’s Guide to Preparing, Managing and Recovering From Inevitable Business Disruptions.” Dan Lohrmann joined Presidio in November 2021 as an advisory CISO supporting mainly public sector clients. He formerly served as the Chief Strategist and Chief Security Officer for Security Mentor, Inc. Dan started his career at the National Security Agency (NSA). He worked for three years in England as a senior network engineer for Lockheed Martin (formerly Loral Aerospace) and for four years as a technical director for ManTech International in a US / UK military facility. Lohrmann is on the advisory board for four university information assurance (IA) programs, including Norwich University, University of Detroit Mercy (UDM), Valparaiso University and Walsh College. Earlier in his career he authored two books - Virtual Integrity: Faithfully Navigating the Brave New Web and BYOD For You: The Guide to Bring Your Own Device to Work. Mr. Lohrmann holds a Master's Degree in Computer Science (CS) from Johns Hopkins University in Baltimore, Maryland, and a Bachelor's Degree in CS from Valparaiso University in Indiana.

More from this author