Are You The Vulnerability?

  • Published
  • By Senior Airman Nick Heaton
  • 460th Space Communications Squadron

If you watched the news in April 2014, it might have seemed like the information technology world was on fire. Major corporations, banks, and some governments were scrambling to secure their websites; and everywhere you turned there were talks of “Heartbleed.” Over 600,000 websites were affected and a largescale amount of damage was done. The chaos and horrendous attacks were caused by a vulnerability called OpenSSL Heartbleed (or CVE-2014-0160), an exploitable gap in security in the software that works with encryption.

There are many cyber security threats to all networks, hardware, and software the military faces just like the commercial world. While most are not nearly this extreme, the Cyber Systems Operations’ Airmen in the 460th Space Communications Squadron work daily to prevent any form of intrusion to our unclassified and classified networks.

The most common networks used by the Department of Defense are the Non-classified Internet Protocol Router and Secret Internet Protocol Router networks which are managed by the Defense Information Systems Agency. To maintain good cybersecurity posture, DISA releases and mandates security configurations and patches for all hardware and software for both networks. These configurations include the function that locks the computer when the Common Access Card is removed from the computer or the ability to allow certain users to download programs from the internet. The patches DISA sends out are to fix potential security “holes” and/or threats in programs a hacker can use to gain some form of unauthorized access to our systems like “Heartbleed.”

In short, DISA acts in a similar fashion like your internet service provider at home (i.e. CenturyLink, Xfinity, Comcast, etc.). Since they control these systems, they want them to be as secure as possible and that is why the 460th SCS is intensely inspected during the largescale network inspection referred to as the Command Cyber Readiness Inspection. With this inspection, DISA reviews multiple aspects such as the security configurations and patches aforementioned.

However, no matter how hard they work, there are always actions users can perform to maintain respectable and vigilant cyber readiness. Although many users across base often feel like they have little to no impact on the results of these inspections, there are many aspects of cyber security that are often overlooked enough by users that can significantly change the results of the inspection. One area of interest that is taken into consideration when scoring the inspection, is the promotion of a good cyber readiness culture.

What does this mean for you as the user?

Here are some tips: do not leave your CAC or SIPR token unattended or left in your workstation, know who your Unit Security Managers and Cyber Security Liaisons are, know what to do in the event of a Classified Messaging Incident or Classified Information Leakage, do not store Personally Identifiable Information on the network unprotected, and have the appropriate classification stickers on all computers and phones.

Understanding and abiding by these guidelines at a minimum can significantly contribute to an acceptable final CCRI grade. Cyber-attacks will always occur in our personal and professional lives. With your vigilance, these attacks can be minimized by utilizing good computer practices and safeguarding information.

To learn more about cyber security and how to prevent it, please visit our CCRI website located at