Blog: Oh, What a Tangled Web They Weave...
...When website spoofers do deceive-especially when the legitimate sites belong to the U.S. military. Untold damage could result should hackers glean crucial data, whether it involves service personnel, missions or daily operations. Earlier in the year, the U.S. Air Force faced this very scenario when its portal was spoofed. The best defense, in addition to the 24/7 protection provided by military cyberspace operators worldwide, is vigilance by every service member from the top echelons all the way down. In this issue of SIGNAL Magazine, Rita Boland talks to military and government cyber experts in her article, "Military Website Spoofing Is No Laughing Matter," beginning with a look at the Air Force's experience. An Air Force member first spotted the spoofed portal and reported it up the chain of command so the 624th Operations Center, which provides that service with full-spectrum, integrated cyberops capability, could address the issue. It's not known how much personnel info the spoofers obtained, but to date, no intrusion attempts have been detected as a result of the incident. The National Security Agency has published a guide called Best Practices for Keeping Your Home Network Secure, which outlines safety measures ranging from the simplest security guidelines to little-known tips that make network protection easier and more understandable at all levels. The Army is also on the cyber front lines, after a previous spoof of its Army Knowledge Online site. According to Army officials, the biggest danger bogus sites pose to soldiers is the capture of log-on credentials and passwords. This could enable threat actors to impersonate soldiers or civilian employees on Army or defense networks-including sites dedicated to paycheck information-or to steal someone's identity. For the Marine Corps, the overarching desire is to increase its cybercapability and capacity in planning guidance. Marines are encouraged to approach cyberspace as they would any operational domain. Lt. Col. Dave DiEugenio, USMC, executive officer, Marine Corps Network Operations and Security Center, believes the best practice is not to discuss potential advantages or disadvantages of threats. The focus instead should remain on staying sharp individually and collectively to ensure that people, processes and tools mitigate risks. According to Col. DiEugenio, cooperation is key:
We actively collaborate with the other services, U.S. Cyber Command and other partners to successfully operate and defend the Marine Corps Enterprise Network.
In the U.S. military's defense of its cyber borders, what is being done right; what can be done better; and what unforeseen challenges may still lie ahead? Share your observations here.