Communication systems subject to monitoring, OPSEC reminders
By Staff Sgt. Christopher Gross, 460th Space Wing Public Affairs
/ Published May 06, 2013
BUCKLEY AIR FORCE BASE, Colo. -- Some of Team Buckley members have been informed of operational security violations, due to a no-notice monitoring period by the 67th Network Warfare Wing, Lackland Air Force Base, Texas.
The 67th NWW can intercept email that includes critical information list and other attachments containing personally identifiable information. Some examples of these include recall rosters, documents containing passwords and enlisted performance reports.
Violations are detected through the Telecommunications Monitoring and Assessment Program, which can scan mail for any type of attachments or key words.
"TMAP isn't something that just started," said Gretchen Myers, 460th Space Wing operation security program manager. "We've been aware of it; we just weren't getting pinged on it."
The discrepancies that are being reported aren't because of any guidance that hasn't been put in place. Sending documents or email which contains PII or CIL from a government network to a personal account has never been allowed, according to Capt. John Robinson 460th SW Plans and Programs deputy chief.
"The reason they do this, (is because personal accounts) are unprotected systems," Robinson said. "(Adversaries) can take it and use that information against you, against the government. People shouldn't be sending this stuff. That's how identities get stolen."
Violators of the policy are subject to discipline, the severity of the discipline is determined on a case-by-case basis. It can range anywhere from some refresher training to an investigation involving the member's chain of command.
Government phones, portable electronic devices and computers are all subject to being monitored at any time. Air Force Instruction 10-712, TMAP, explains in detail what is subject to monitoring.
According to Myers, members don't only need to be aware of what's being sent in email, but there are also several other preventative security measures people can do daily. This includes the bases' 100 percent shred policy. Myers said several files have been found in dumpsters containing PII.
"We continue to find stuff in the dumpsters. It's stuff with account number, social security numbers, EPRs, things people probably don't want us to see," she said.
Members should also be aware of what's being posted on social media sites. For example if someone is going on leave and the location and duration is posted to a social media site, this opens up vulnerabilities for adversaries to take advantage of.
The same applies to out-of-office replies. No exact days or location should be included in the reply. Only that the member is out of the office and a point of contact to assist the customer.