Securing the network

Published Jan. 9, 2009
By Master Sgt. Adam Skinner
460th Space Communications Squadron

BUCKLEY AIR FORCE BASE, Colo. -- In the 1960s, the Pentagon looked for a secure way to keep its lines of communication going in the event of war. The interlinked packet networks of computers became the Internet.

Fast-forward to today and that system of open protocols brings the enormous benefits of the Web to civilian life. But, the Web has also become an open field for cyber warriors seeking to harm the U.S.

We're only now realizing that many of these attacks have happened, as evidence mounts that outsiders accessed sensitive government networks and other databases. Reports based on closed-door information about cyber attacks point to a sobering conclusion: Foreign governments and terrorist groups are focused on cyber offensives in a battle we are losing. Network users may not be deployed or fighting with bullets, but they have a role in the battle to secure our networks.

Information Assurance, or IA, is the practice of managing information-related risks. Issuing a user login is a risk to the network. Each account increases the risk to the network. We mitigate some of that risk by requiring a complex password. The Air Force also requires Information Protection Computer Based Training annually.

By signing the Network Access Request, users acknowledge they understand and will follow network security policies.

Each unit commander is required to assign an Information Assurance Officer to their unit. Two of the duties of an IAO are to continue to educate the user and identify information security violations.

All of these IA controls are designed to cut down the risks of you having a network account. And all of these controls will and do fail on a daily basis without Integrity.

Integrity is the key to Information Assurance. Integrity is doing the right thing when no one is looking.

The Wing Information Assurance Office here visits each unit to inspect their Information Assurance programs. The programs include: Communications Security, Computer Security and Emission Security. The visits are usually scheduled. What happens the other 363 days of the year? That is when our integrity is tested.

As we go about our business we notice IA violations just as I am sure an off-duty security forces member notices someone rolling through a stop sign. We notice Airmen using another Airman's Command Access Card. Not just sitting down at the computer after the Airman logs in, but knowing the other Airman's personal identification number. We have seen an Airman talking on a cell phone while sitting in front of a classified system. There have also been instances of removable media -- floppy disks, compact discs, removable hard drives -- not being labeled with the correct classification.

All of these violations chip away at the security of our network. We correct the discrepancies on the spot, but the eight-member WIAO can not be everywhere. Members of Team Buckley need to do the right thing when no one is watching. They need to be a good Wingman and correct others when they are violating policies. The best thing they can do is lead by example. Nothing will influence Airmen more, than the example being set.

The broader point is that it's about time we know the extent of the cyberwarring against us. The first step to fighting back is to admit that there is a fight. Every Team Buckley user is a warrior who can help win this war.