The recent data security breaches involving such companies as Home Depot and Target, as well as the WikiLeaks site that aims to post sensitive government information are examples that highlight the difficulty in maintaining sound information security.
But, Fort Knox hasn't experienced these problems.
Luke Hill, the director of the Fort Knox Network Enterprise Center, said from Sept. 15-19 Defense Information Security Agency and the Army Cyber Command were on hand to inspect the post's security posture.
Not only was Fort Knox up to standards Hill said, its vulnerabilities were almost nonexistent and the post was recognized for its efforts by receiving a score of 87.3 and 86.1 respectively out of a 100, which were the highest in the continental United States and second highest outside the United States.
Some installations received scores in the 60s and 70s, said Hill. If an installation fails, the inspection team returns and re-inspects their security measures.
"We are very fortunate and blessed that we have a team that makes sure we protect the GIG (Global Information Grid)," said Hill. "The inspection solely focused on NEC (from an IT security perspective) on the installation's security posture. FKNEC takes the lead for the installation (and) the bulk of the inspection (looked) at IT type stuff on how we're postured (and) how we secure our network. There's a huge piece called traditional security (which) looks at locks, the physical security of buildings, safes (and) making sure individuals sign (a Standard Form) 702, (the security container check sheet).
"We can do very well from an IT perspective (but could have) failed the inspection (if) the installation mission partners didn't do their part. They rose to the occasion and did an outstanding job. Aaron Ford, (the chief of Information Assurance Division), took the lead for the NEC and rallied around my guys ... HRC (Human Resources Command) played a major role because they are probably my biggest customers on the installation. The Garrison (Command is) second to them with the MICC (Mission and Installation Contracting Command)."
The post has different levels of security and the Department of Defense is serious about security. For example it could be catastrophic to the Army if there was a breach at any tenant organization due to critical personal identifiable information of Soldiers and civilians in the Army.
Hill added that Fort Knox's security is at a state of readiness that's not easily accessed from the outside and the vulnerabilities are very minute, which is a way of determining how easy a network can be accessed from the outside. But, he said, this couldn't be done without a team effort such as making sure individuals take their common access card with them when they step away from the computer.
"A lot is done through training and the installation security manager, the S-2s and G-2s are doing their part to make sure people are not coming into secure areas or (if they do, they) ask a lot of questions … (they are) making sure (we are) at a constant state of readiness," said Hill.
He pointed out that Fort Knox is a small piece of the GIG which is connected to the Installation Campus Area Network.
"Our ICAN ties into the land war net, which is the Army's portion of the GIG," he said, "That GIG ties Army, Air Force, Navy, Marines, Coast Guard and other DOD agencies across CONUS and OCONUS. So our piece has to be secure to make sure nobody gets in.
(If that happens) then they could get into the whole big GIG network and there (would be) vulnerability with hackers stealing data," Hill added.
"From a Fort Knox perspective (there were) very few vulnerabilities. My guys do an outstanding job in posturing the network so the bad guys are not allowed in. We also have to be concerned about insider threats."
Hill said an insider threat would be a DOD worker who is upset because they aren't getting what they want and then they do things on the network which allows the bad guy to get in, become a bad guy themselves or steal data.
"We make (sure) people are trained properly," Hill said. "(If) someone is doing something bad on the network we monitor those things."
Hill added that they can tell if someone is on a site transferring data to an outside entity, for example WikiLeaks.
"If you (have) somebody that's accessing WikiLeaks and passing secure data to WikiLeaks we make sure our secure network is totally separate from our unsecure network so that they can't transfer data from a classified network SIPRNET (Secure Internet Protocol Router Network), which is up to top secret, and pass that data to an unclassified network and send (information) out to the world," Hill said.
"We make sure those networks are separate and procedures put in place that won't allow them to transfer data from one network to the next. The DISA team said we are one of the best in DOD at what we do and wanted to take away some of our policies and procedures to implement across DOD. I feel we are doing very well making sure we secure our networks, and making sure we are eliminating any vulnerability that could occur throughout the networks. It's so critical users understand we take security serious."
Social Sharing