Ten things every Airman must know for National Cyber Security Awareness Month

  • Published
  • By Col. Donovan L. Routsis
OFFUTT AIR FORCE BASE, Neb. --  Cyberspace and information technology has changed nearly every aspect of our lives, both inside and outside the Air Force. It has positively revolutionized how we communicate, collaborate, command and control, socialize, shop, bank, entertain and the list could go on. But as with most good things, there is a negative side to cyberspace that comes with our increased dependency on technology and the ever growing risk of adversaries who work to deny, disrupt and degrade our ability to use cyber to improve our lives and execute the Air Force Mission.

October 2012 ushers in the ninth annual National Cyber Security Awareness Month which is sponsored by the Department of Homeland Security, National Cyber Security Alliance and Multi-State Information Sharing and Analysis Center. Its motto, "Stop.Think.Connect," offers us an opportunity to stop and think about how far the Air Force has come in cyberspace, while realizing how far we still need to go to ensure that every time we connect to this man-made domain it is safe and secure.

On Dec. 7, 2005, Secretary of the Air Force Wynne and Air Force Chief of Staff General Moseley penned a new mission statement for the world's best air force that acknowledged for the first time cyberspace as a domain with air and space in which the Air Force will fly and fight.

Within a few years, Air Force leadership designated Air Force Space Command as the lead command for Air Force Cyber activities, and on Aug. 18, 2009 stood up the 24th Air Force as the command which conducts and oversees Air Force operations in, from and through cyberspace.

By July 2010, the Secretary of the Air Force published Air Force Doctrine Document 3-12, Cyberspace Operations, which included then Air Force Chief of Staff General Schwartz' "Ten Things Every Airman Must Know (about cyberspace)." Below are these ten things along with some practical advice for how you can take this ninth annual National Cyber Security Awareness Month to improve your cyber security.
  • The United States is vulnerable to cyberspace attacks by relentless adversaries attempting to infiltrate our networks at work and at home - millions of times a day, 24/7. The range of adversaries attempting to access your information spans from "script kiddies" who are taking a thrill ride through networks, to thieves who want to steal your identity and banking information for financial gain, to organized crime seeking our credit card numbers to sell on internet black markets, and to nation-state and non-nation-state professionals who are seeking Air Force equipment design specifications and operational plans. It is important to realize these attacks can be as simple as mass phishing emails attempting to get anyone to take the bait, to specifically target attacks against individuals because of the information they or their organization may have. The 24th Air Force Commander, Maj. Gen. Suzan Vautrinot, points out that the command thwarts roughly two billion threats and stops two million phishing or spam emails every week.

  • Our adversaries plant malicious code, worms, botnets, and hooks in common websites, software and hardware such as thumb drives, printers, etc. While it is extremely tempting to download the latest app or use some free software offered online, it is even more important that you verify the source and developer is reputable and trust worthy. All software loaded on Air Force computers must be coordinated through the communications squadron and most antivirus vendors, operating system providers or reputable software review sites can provide advice on the legitimacy of software you are interested in using.

  • Once implanted, this code begins to distort, destroy and manipulate information, or "phone" it home. Certain code allows our adversaries to obtain higher levels of credentials to access highly sensitive information. This seemingly innocent software you might be interested in downloading can have malicious code that can pass viruses from user to user through .pdf or .jpg files or generate worms that can automatically spread from computer to computer without you even knowing it. This code can then give an adversary complete access to your computer and files or possibly lie dormant in your machine until activated as part of a larger botnet designed to initiate a denial of service attack against a site or device by sending millions of emails or web site requests from your computer along with millions of others. A good practice for surfing the web on your home computer is to establish a user account that does not have full administrative permissions to your entire computer and home network. Regardless, ensure you validate the source of your app or software before loading.

  • The adversary attacks your computers at work and at home knowing you communicate with the Air Force network by email or by transferring information from one system to another. Sending work to your home email account might be very convenient, but it is also very risky. Many email service providers scan all of your email in order to provide targeted advertising through their service. This information can be sold or possibly stolen from these service providers making you an easy and valuable target for adversaries. If you have to do email at home, utilize a smart card reader and download the latest smart card reader software from the Air Force Portal. These readers will not only allow you access to email but provide access to many other services such as SharePoint and the portal.

  • As cyber wingmen, you have a critical role in defending your networks, your information, your security, your teammates and your country. The Air Force Wingman program grows its roots from the time-honored tradition of a lead pilot never losing his or her wingman. Cyber wingmen need to realize the importance of their role in protecting our Air Force networks and information. While attackers may be after someone else, they target the weakest link to obtain access to networks or information they seek. Sending information to home networks or email discussions that talk around classified information provide adversaries critical pieces to the puzzle that makes up our Air Force operations. "Loose Emails Sink Ships" may not have the same ring as the famous World War II adage "Loose Lips Sink Ships," but it is equally important that you keep operational security in mind when using cyber technologies.

  • You significantly decrease our adversaries' access to our networks, critical Air Force information, and even your personal identity by taking simple action. Using strong passwords, locking down your social networking services from anonymous access, and enabling "do not track" on our web browser may be inconvenient, but these are some simple things you can do to discourage an attacker from targeting your information. Like a thief who might want to steal a car by walking through a parking lot looking for unlocked cars, network attackers use simple password cracking programs to randomly probe your email and social networking accounts. Once they have access, they can then use your information to steal your identity, break into your bank accounts, or gain access to people with whom you regularly communicate.

  • Do not open attachments or click on links unless the email is digitally signed, or you can directly verify the source-even if it appears to be from someone you know. Although Air Force networks utilize digital security enforcement tools to mandate that you digitally sign emails with web links or attachments, you can still receive emails from non-Department of Defense sites that may have links to malicious sites or potentially harmful attachments. Always validate senders before clicking on a link or opening an attachment. When in doubt, contact the communications squadron for assistance.

  • Do not connect any hardware or download any software, applications, music or information onto our networks without approval. As former Undersecretary of Defense William Lynn pointed out in a September / October 2010 Foreign Affairs article, Operation Buckshot Yankee marked one of the most successful attacks on defense networks through the use of flash media. While thumb drives and SD cards are obviously banned devices, many people do not realize that many other devices such as smart phones and iPods also contain flash technology and attempt to connect these devices to Air Force networks to simply charge the device. Always contact the communications squadron before downloading or connecting any device to an Air Force computer.

  • Encrypt sensitive but unclassified and/or critical information. Although encryption provides additional security for critical information, classified information should always be sent on the appropriately classified network for that information. With that said, Air Force Manual 33-152 for Communications and Information provides details on which information should be encrypted. This includes For Official Use Only, Privacy Act, Personally Identifiable Information and contract-related information. Reference Air Force Instruction 10-701 for details on encrypting operations security information.

  • Install the free Department of Defense anti-virus software on your home computer. The Defense Information Systems Agency (DISA) provides free Symantec (Norton) and McAffee antivirus for your home systems. Simply visit the site below from an Air Force computer, download the software, burn it to a disk, and install on your home machines. These programs will automatically receive updates to ensure your computers are protected from the latest known threats for a great price. FREE! http://www.disa.mil/Services/Information-Assurance/HBS/Antivirus/Home-Use  

Taking a few moments to become familiar with these ten things every Airman must know will take you a long way towards helping secure your cyber experience throughout the year. You can find our more on National Cyber Security Awareness Month by visiting http://www.dhs.gov/national-cyber-security-awareness-month or contacting the communications squadron.