Cybersecurity: End user vigilance key to keeping network safe, passing inspection

By David Agan, Fort Rucker Public AffairsNovember 7, 2014

Cybersecurity: End user vigilance key to keeping network safe, passing inspection
(Photo Credit: U.S. Army) VIEW ORIGINAL

FORT RUCKER, Ala. (November 7, 2014) -- Threats to Army information systems are constant, sophisticated and ever-changing, which is why officials say it's important that all computer users on Fort Rucker recognize their essential role in keeping the network safe.

Defense in depth is a layered approach to protecting a network from top to bottom and the end-user is an important part of the process, said Tom Barrett, director, Network Enterprise Center.

"Defense in depth is the concept of defending the entire network, from the end-user all the way up to our interface to the cloud. You want to have those layered defenses all the way down to the end-user, who is part and parcel to that entire plan," said Barrett. "If any one of those fail, the entire network is at risk."

There are steps that everyone using a computer or mobile device on Fort Rucker should take in the course of their daily duties to ensure that the network remains protected from cyber threats and malicious actors, said Shawn Foist, installation information assurance manager, NEC.

"The security of the network is a daily thing," said Foist. "These (daily) steps and procedures help to thwart exploits and keep them from happening," he said.

Users should always lock their computers and remove their common access card anytime they leave their desk, even if only for a minute, and never share their password or PIN with anyone. People should also never open email attachments that arrive from unknown or unverified senders, as they could contain viruses, malware or other malicious code.

Personal mobile devices, such as cellular phones, iPods, iPads or Blackberries, or any other unapproved USB device should never be connected to government systems.

If end-users do not remain vigilant or become complacent when it comes to following these simple guidelines, it can leave the network vulnerable, according to Foist.

"When we get lax in those, that's when those types of occurrences can occur," he said.

One of the most prevalent threats to information systems comes from within an organization, and it's also one of the most difficult types of threats to prevent, said Foist.

"The biggest threat in information technology comes from within. Cyber security professionals estimate that 80 percent of exploitations are insider threats, so it could be the person sitting next to you that might have decided they can sell resources," he said.

Taking steps daily and staying vigilant can help prevent these kinds of threats from endangering Army networks.

"By removing your CAC card and taking it with you, locking your computer when you're gone, you're keeping insider threats away from the resources you're working on that they might be able to exploit and cause the government problems with," said Foist.

It's a process that can protect the network from top to bottom, according to Foist.

"It's the everyday things that you can do to help keep them from occurring. Checking your secret workspace, checking your unclassified and for official use only information and keeping it where it's supposed to go, ensuring media is destroyed properly when it's of no further use ... it's a process -- an everyday process."

Not only are these efforts important in order to keep Army systems safe from hackers and insider threats, they also ensure that the network remains in service. The upcoming Command Cyber Readiness Inspection to be conducted on the Fort Rucker network by the Defense Information Systems Agency will ensure the cyber readiness of the network infrastructure at Fort Rucker.

"[CCRI] is a periodic inspection set forth by United States Cyber Command that covers all Department of Defense components, active, Reserve and National Guard, so you can see it's a wide-reaching program," said Foist.

Fort Rucker's network has been through inspections before, but this is the first time the CCRI has been conducted on the infrastructure at the post.

"We go through other validation and inspection programs periodically. In fact, this is our fourth this year. This inspection has a specific focus on the configuration of the network and the equipment attached to it. That's its specific focus," said Foist.

"It's important for everybody here at Fort Rucker to understand that this is not a NEC inspection. This is inspecting all of Fort Rucker, and everybody needs to be engaged and cooperative," added Barrett.

Related Links:

USAACE and Fort Rucker on Twitter

USAACE and Fort Rucker on Facebook

Fort Rucker, Ala.

U.S. Army Aviation Center of Excellence