On Cyber Patrol
This was a conversation overheard recently between a Sergeant First Class and a Private First Class. The Private needed some training support.
October is Cyber Awareness Month. This is an excellent effort to spread the word about cyber safety and to reinforce the policies, procedures and best business practices that support sound information assurance (IA). Given the consequences of compromised military networks or the loss of Personally Identifying Information (PII), any program that helps get the message across is worth the time and effort.
There is a quote used by countless writing teachers worldwide, and credited to almost as many writers, which reads, “I would have written a shorter letter, but didn't have time.” It’s time to bring that quote up to date given the way we fire off messages in a split second via email, instant messages (IMs) and “Tweets” (Twitter message). Today’s version should read, “I’m sorry that message was so dumb; I didn’t have time to make it smarter.”
Once of the most distinguishing characteristics of cyber warfare is that it is not fought on land, at sea or in the air. Cyber space is not an operational theatre that any military branch or relevant agency can lay claim to dominating. The necessities and challenges of defending the nation in the Information Age require a team approach. They also demand the ongoing sharing of ideas, best business practices and lessons learned.
Making sure your computer system satisfactorily goes through Information Assurance (IA) Certification and Accreditation (C&A) is the same as getting your car inspected. It ensures your system meets the official minimum security and IA maintenance standards. It also prevents equipment failures and crashes on the vital and very congested Army information superhighway, the LandWarNet.
- I will always be vigilant about my hardware, data and network access, even among fellow soldiers and coworkers, because stuff happens.
- I will stop putting the firewall in the safe at night because it works a lot better when left hooked to the system.
- I will implement all IAVAs in a timely manner because the word vulnerability is in IAVA for a reason.
Armed conflicts throughout the ages have had days when no spear was thrown, no bullet fired, no missile launched. Even the Hundred Years War (
How many times have you seen this scene? A very nervous individual is at an airport’s lost and found asking if anyone has turned in a thumb drive. When asked what it looks like, he replies, “I think it was blue and the size of my thumb. The person behind the counter just shakes his or her head regretfully. Or possibly worse, the person pulls out a box of drives that all look the same. The number of scenarios for disaster here are almost endless.
Now where did you put that laptop? You’d better look harder. A soon-to-be published HQDA Execution Order will direct the Army to locate, identify and categorize its information technology (IT) assets as part of an overall strategy to optimize resources and increase force protection.
Do you sleep well at night knowing your house and everything in it is safe? Have you installed the best door locks, burglar alarms and motion sensitive lights available? Is Spot, your Doberman/pit bull/wolf family pet awake, alert and a little hungry? Does your exterior resemble a bunker with siding that could withstand a category five hurricane? Then what’s that sound of something destroying your home? A possible answer: termites, the threat from within. Your mission critical data could be at as much risk.
Watching my Cousin Billy in my backyard lying in a hammock as I prepared for my 4th of July barbecue reminded me why protecting Data at the Rest (DAR) is so important. Data at rest is a lot like Billy. Most of the time it just sits around not doing much, but it will move and work if you prod it. But, it isn’t the lack of initiative that bothers me. It’s the potential for the loss of information that keeps me up at night.
Cyber threats are like rust—they never sleep. Somewhere, whether here at home or in some far-flung corner of the world, people ranging from thrill-seeking hackers to state-sponsored terrorists are cooking up new, more powerful, more insidious attacks. Some—far too many—of these will be successful. A typical reaction to such frightening news is … a yawn.