WASHINGTON (Sept. 30, 2015) -- In recent months, headlines about cybersecurity incidents have captured national attention. From the Office of Personnel Management to the Sony Pictures intrusion, it has become clear that a single cyber intrusion can affect large numbers of people and cost millions of dollars in damage.
While these incidents garnered significant media attention, they represent a very small piece of a much larger picture, akin to individual pixels in a high-resolution image.
"It only takes one careless or malicious act anywhere on our networks to threaten Army operations," said Lt. Gen. Edward C. Cardon, commander of Army Cyber Command and Second Army.
There are two assumptions the Army operates on each day: networks will become more and more vital to operations, and networks and the systems on those networks are constantly at risk.
To help stem the tide of malicious acts by hackers, non-state actors, nation states and insider threats, the Army must be able to count on a third assumption: individual users will remain vigilant when operating on Army networks. That's why the Army's third Cybersecurity Awareness Month observance this month focuses on risk management at the user level, the first line of defense against attacks in cyberspace.
"Cybersecurity is everyone's mission," Cardon said. "Most vulnerabilities and malicious acts against Army systems could be prevented by following and enforcing cybersecurity standards and policies."
The 2015 theme, "Stay Protected While Connected," stresses that vigilance and good online habits by individuals and organizations are critical to keeping Army networks, information and personnel safe.
Beyond educating the workforce, the Army has chosen Cybersecurity Awareness Month to launch a requirement tasking organizations to develop plans that integrate cybersecurity risk assessment, management and mitigation into all phases of operations.
"This year the Army will focus on the measures all commanders, leaders and supervisors must understand to assess and manage risk, as well as techniques to effectively and continuously monitor people, processes and technologies necessary to identify, evaluate and respond to insider threats," wrote Army Secretary John M. McHugh in a memorandum outlining the priorities of this year's observance.
Those plans, measures and techniques include identifying and routinely reviewing the status of privileged users and ensuring they meet all access requirements; assessing personnel for insider threat indicators; minimizing system administrative privileges; completing necessary training; developing processes to monitor user accounts and activities and control access; identifying sensitive information the organization creates or handles and certifying that it is properly protected; ensuring that personnel and physical security measures to safeguard systems are adequate, and promoting a culture that embraces the belief that online misconduct is not in keeping with the Army values.
"The Army must create a culture of awareness at every echelon," McHugh wrote. "Proactive measures can help the Army safeguard the integrity of Army networks and systems, and protect information and personal data."
ABOUT US: Army Cyber Command and Second Army directs and conducts cyberspace and information operations as authorized or directed, to ensure freedom of action in and through cyberspace, and to deny the same to our adversaries