Fort Meade cyber training exercise focuses on security threats
December 8, 2011
FORT GEORGE G. MEADE, Md. -- Representatives of garrison and partner commands on Fort Meade participated in the installation's first cyber-training table top exercise on Friday at McGill Training Center.
The exercise, Operation Kill Switch, was designed to build awareness about cyber threats and to discuss ways to deal with them, Mary Staab, director of the Directorate of Plans, Training, Mobilization and Security, told participants.
Subject matter experts from U.S. Army Cyber Command, the 70th Intelligence, Surveillance, and Reconnaissance Wing and the installation's Network Enterprise Center facilitated discussions at the three-hour training event.
"The cyber world is forever evolving and it is trying to get in front of the ball, which is the key most important task for us," said Staff Sgt. Lamar Allen, an intelligence analyst who is stationed at Fort Belvoir, Va., with U.S. Army Cyber Command.
Awareness and education about the evolving threats was a common theme for the speakers. Some threats may initially appear to be nonthreatning, but the likelihood of being compromised can be decreased by knowing about how a hacker may operate.
For example, an Army Knowledge Online phishing attack uses a link in an email to send the recipient to a website that looks very similar to AKO to gather the individual's credentials such as the user name and password, Allen said.
"You've pretty much just gave them full access because from their network they're going into AKO, and that's where they're getting into the files that are posted, which are seemingly harmless in nature," he said.
The process allows all source analysts to piece together less valuable chunks of information like a puzzle to create a more valuable intelligence assessment.
The countermeasure to a phishing attack is straightforward -- "just go to AKO the regular way [since] you wouldn't utilize an email," Allen said.
Phishing attacks are not limited to AKO; any portal-based website such as an online bank or webmail service can be spoofed. A minor difference in a website's address can be overlooked.
Fort Meade users who believe one of their official work accounts might have been compromised should contact their organization's information assurance management officer who can notify the installation's NEC, which regularly updates software vulnerabilities on Fort Meade's network. Users need to log off of their computer instead of shutting it down at the end of their work day to allow the computer to be patched, said Bill Craft, the NEC's information assurance manager.
Traditional computers are not the only potential target. Laptops, smartphones and tablet computers also can be exploited by hackers. There has been a 273 percent increase in malicious software called malware on smartphones in the first half of this year, compared to the same period last year, said Senior Airman James Inhof, an information assurance technician with the 70th ISRW.
"Consumers use their smartphones without having any perception of the risks involved, and hackers know this," he said.
As smartphones become more advanced, they're able to perform more complex tasks, which makes them more vulnerable to being exploited until the software developer fixes their program, said Inhof. He recommends users educate themselves about threats such as malware; use a password and enable the device to erase itself after repeated failed attempts to unlock it; use only approved app stores; and limit the sensitive information they put on their phone.
Private information is not the only risk.
Sharing too much information can put the person who posted the information and other people at unnecessary risk, said Inhof. These risks include accepting numerous friend requests from acquaintances, making a password hint something on your page, and sharing too detailed or private posts such as when someone leaves on vacation or the user's address, phone number and date of birth.
"You can't guard against everything," Craft said. "[Information assurance] and security is just doing the best we can to make it so secure that the bad guy wants to go somewhere else."