Information Assurance Protects From Inside
November 2, 2006
TIKRIT, Iraq - Three simple keys, when struck in unison, open an entire world of information with a password.
However, the user who has logged on isn't always the only one privileged to this wealth of information. Some outsiders seek to intercept vital information and use it against coalition forces (CF) in the global war on terrorism (GWOT).
Enter information assurance (IA). The ever-changing war of information technology can provide challenges to any organization. Imagine being responsible for the overall safety and security of a network for thousands of Soldiers; the G-6 IA is responsible for just that.
IA, along with operational security (OPSEC) and physical security, protects the Army's critical flow of information from individuals, both internally and externally, that wish to use it to derail CF efforts of achieving the ultimate goal of a safe, terror-free Iraq.
The G-6 IA is sometimes referred to as "watchdogs" because of their vigilant approach to safeguarding Task Force Lightning's information systems.
"It's funny because people automatically think that we are trying to make their life harder," said Capt. Heather Roszkowski, G-6 IA manager for Task Force Lightning. "Our job is to secure the network. ... We are the gate guards for the network."
"The enemy's getting smarter. They're figuring ways to break into our network and get our information," said Roszkowski, a native of Weymouth, Mass.
Soldiers tend to forget that the equipment they work on each day, and sometimes take home, ultimately doesn't belong to them.
"It's understanding that it's a government computer system - not a personally owned computer," said Sgt. 1st Class Catalina Lacuesta, G-6 IA noncommissioned officer in charge (NCOIC) for Task Force Lightning.
Lacuesta, a native of Albany, N.Y., pointed out that by the time a product gets to the consumer, there are often two or three upgrades already available, and maybe 10 different security upgrades to go along with it.
"We're always playing the catch up game as far as the security aspect," she said. "The hackers out there are always looking for a better mousetrap."
However, to help thwart the efforts of would-be hackers, G-6 IA uses an approach that proves sometimes simplicity is better.
"IA is searching 24 hours a day. We'll find the anomalies and intruders and shut them down," said Staff Sgt. Henry Freay, G-6 IA staff NCO, and Ft. Lauderdale, Fla., native.
IA monitors systems throughout the task force by receiving "health" reports from each brigade, which are mandated, created and pushed down by the Department of Defense (DoD), Central Command (Centcom) and Multi-National Corps Iraq (MNC-I).
Incorporating these reports into the system can be a daunting task. Lacuesta consolidates reports from all the brigades and battalions and sends them to Multi-National Corps Iraq.
Unfortunately, not all the threats to the security of the Army's information are from external sources.
"Insider threats are ... rebels. They're somewhat computer smart and because they know certain tools ... they try to circumvent the system," she said. "They also open up the system to holes. We can patch all day long ... but we can't patch humans."
"We rely quite a bit on people having discipline and doing the right thing," Roszkowski said.
The G-6 IA will hold an IA Awareness week in November. During that week they will bring guest speakers to discuss IA and computer network security, as well as the Staff Judge Advocate to speak on the consequences of misusing systems.
To further the message, the IA team uses awareness, implements software and hardware tools and an aggressive campaign; ultimately, IA is the individual's responsibility.
"Just like it's every Soldier's responsibility to be a leader, a safety officer and someone that can be responsible for themselves, every Soldier has to be responsible for information assurance," Roszkowski said.
Soldiers can do things as simple as labeling e-mails properly with the correct designations (secret, unclassified, etc.), and label the mediums.
Vigilance is also a way to contribute to IA.
"If something looks funny, question someone," Roszkowski said, and recalled an instance when she forgot to wear her badge and was stopped. "Same idea with the network."
With a task of this magnitude, the small staff is still enthusiastic about the daily challenge of protecting information and Soldiers.
"That's the biggest thing that keeps me going everyday, just knowing that what we do - securing the network - is saving people's lives," said Roszkowski.
"It's not just a job, it's an adventure," said Lacuesta with a smile.
Roszkowski summed up her IA sentiments with a rhetorical question.
"Is there any other way for me to do my mission and still maintain network security' The bottom line is that we're trying to keep Soldiers alive. Everyone has a part in it."