New DOD social media policy highlights threat of imposter accounts
The Pentagon’s new departmentwide social media policy spells out the need for public affairs officers and other personnel to combat adversaries’ efforts to impersonate DOD officials or hijack their accounts.
The wide-ranging policy document, released Monday, comes amid growing concerns about the threat posed by online disinformation and misinformation.
“Users, malign actors, and adversaries on social media platforms may attempt to impersonate DoD employees and Service members to disrupt online activity, distract audiences from official accounts, discredit DoD information, or manipulate audiences through disinformation campaigns. PA offices managing an [official DOD social media account] must address fake or imposter accounts,” the guidance states.
Steps that public affairs chiefs and social media managers are directed to take include reporting fake or imposter accounts through the social media platform’s reporting system; establishing local procedures to identify, review, and report fake or imposter accounts; and notifying operations security officials of fake or imposter accounts, as well as cyber operations, counterintelligence elements, and Military Department Counterintelligence Organization in accordance with DoDD 5240.06.
“PA chiefs and social media managers must record the reporting of fake or imposter accounts,” the policy states. “PA chiefs or social media managers may need to provide additional information as evidence that the identified account is fake or impersonating a DoD official.”
According to the Pentagon, telltale signs of an imposter account include, but are not limited to: the account is not registered as an official DOD account; it has very few photos that were recently uploaded and reflect the same date range; it has very few followers and comments; it sends friend requests to individual users on the platform; the account name and photos do not match; there are obvious grammatical or spelling errors; or key information is missing.
Many official DOD social media accounts include markings indicating that they have been verified, but some don’t. Notably, the new policy does not mandate that all accounts be verified going forward.
“While PA chiefs and social media managers should attempt to have an [official DOD account] recognized as a verified account by the social media platform for all account types, they are not required to do so,” the guidance states.
Another threat highlighted in the new policy is cyber vandalism, a tactic that adversaries could use to hijack an official social media account for nefarious purposes.
The warning comes as the military services, other DOD organizations and high-ranking Pentagon officials such as the secretary of defense, increasingly use social media platforms like Twitter to provide information to the public and get their messages out to a global audience. But their accounts can be hacked.
“Cyber-vandalism occurs when an outside party, regardless of identity or motive, takes control of an agency communication channel and misdirects it. Incidents may contain information misleading to the public or threatening to an agent of the United States,” according to a U.S. government cyber-vandalism response toolkit posted on Digital.gov.
For example, in 2015, people claiming to be affiliated with ISIS hacked into the social media accounts of U.S. Central Command and posted threatening messages and propaganda videos.
Responding to cyber-vandalism events involving official social media accounts is now the responsibility of multiple officials, according to the new DOD policy, including, but not limited to, public affairs officials, social media account managers, legal advisors, and IT security personnel.
“These key personnel form the response team that must establish incident response procedures, consistent with DoDIs 8500.01 and 8170.01. The response team must exercise and rehearse various scenarios to quickly assess, recover, and respond to an incident. The response team manages the process to ensure all elements of the incident are reported and addressed,” the guidance states.
The response team should deliver an after-action report and conduct an assessment to review, update, or draft procedural tasks, regulations, or policy, it added.