Personal e-mail, such as Hotmail accounts, can bypass network firewalls leaving organisations vulnerable to attack and follows similar moves by other Federal agencies.
Bernard Hill, senior manager corporate services for government security provider 90East (Asia Pacific), said a lot of money is spent by the government keeping hackers at bay and protecting networks.
"The ADF employing this tactic is no different to any other employer doing the same. Most reasonable-size companies have intellectual property issues and (there's a) risk that employees could use their personal e-mail accounts to forward information," Hill said.
Patrick Hannan, defence information systems head for the ADF, said Web-based e-mail sites will be "blocked" at the firewall once a formal notice is issued to all personnel.
"We are not banning the use of Hotmail (-like accounts) by Defence personnel, but within the organisation personnel should use the standard e-mail client. This action is about firewall protection -- obviously there is also an element of national security as well," he said.
Hannan said receiving e-mail from such accounts was fine, as well as the use of them outside the confines of the organisation.
"But the opening up, downloading of mail and sending of this mail on computers connected to the Defence server, would be regarded as a security breach," he said.
"It would be impractical to ban all sites that have Web-based e-mail as some are a valid resource. We will simply monitor the use of these sites."
Hannan said possible penalties for Defence personnel who refuse to abide be the directive, or continue to use these sites, may include loss of Internet privileges.
Currently, all outgoing Defence e-mail has to include 'sec: unclassified' in the subject line to pass through the firewall, otherwise it is rejected. Hannan said with Internet-based e-mail accounts there is no firewall for e-mail to pass through as all traffic is read as 'HTTP'.
Hill said a directive of this kind within Defence will not have much impact as all personnel have access to a Defence e-mail address.
"A directive of this nature means that Defence personnel would be less likely to send their CVs out," he said.
A spokesperson for the Department of Immigration and Multicultural Affairs said Web access within the agency is open, however security protocols are in place for information which does not pass through the firewall, such as the use of Hotmail-like accounts.
"We have banned the protocol that Hotmail is using," the spokesperson said. An internal administrative instruction on the protocol of e-mail use and abuse has been circulated within the department.
Although the Department of Treasury does not block the use of Web-based e-mail accounts, a spokesperson said there is a policy that the Internet is for 'work use only', and that usage is monitored and tracked.
Story courtesy of Computerworld