By Pfc. John Kellogg, Regional Cyber Center-Korea (RCC-K)October 26, 2015
DAEGU GARRISON --October is National Cybersecurity Awareness Month. Throughout this period, Soldiers, family members, DoD civilians, and retirees are reminded that cybersecurity is a shared responsibility. Important to also keep in mind is that cyber defense is critical to our operational mission, and how the adversary's cyber-attack have become increasingly sophisticated in recent years. While all of this is true, what's surprising is that many of the cyber-attacks from the past decade--such as phising and whaling attacks, are still very effective even now. This is because such attacks tend to appeal to the human dimension. While these emails appear innocuous, they contain malicious hyperlinks and viruses that wreak havoc on our networks.
According to Lt. Col. Joshua McCaw, Director, Regional Cyber Center-Korea (RCC-K), "A recent example was the late June 2015 phishing scam attack that attempted to lure DOD employees to a malicious website from the Office of Personnel Management (OPM) cyber breach in March 2014. The attack breached the Personally Identifiable Information (PII) of hundreds of thousands of government employees. These types of attacks are repeatedly launched against senior leadership, because they have historically, proven themselves susceptible to this type of attack."
To better mitigate these types of attacks, US Cyber Command (USCYBERCOM), Army Cyber Command (ARCYBER), as well as the Network Enterprise Technology Command (NETCOM) and the Regional Cyber Center here in South Korea, are constantly developing, refining and implementing technologies at each theater's strategic and tactical networks. For example, to decrease the possibility of a successful phishing attack, e-mail is now received in plain text form and any web links that are embedded in the e-mail body, are stripped so that the user cannot inadvertently mouse-click the link to access it. "As an added measure, a cautionary warning is provided near the web link to notify the user to check the link before accessing it, as well as to inform the recipient if the e-mail was sent from non-DOD channels. These changes, as it sure may inconvenience the end-user, aids in protecting the user's host system; thus ultimately, the network it is connected to. A good business practice is to not open embedded links in emails that come from unknown senders and should be digitally signed from known senders," said CW2 Louis Quiñones, an information protection technician at the RCC-K.
The technician further shared that another cybersecurity measure was initiated in mid-2014, when the 6th Regional Cyber Center based in Camp Walker, Korea led the Army's four other Cyber Centers as a pilot in the implementation of Application Whitelisting (AWL) security. "AWL is an effective measure that enhances a network's cybersecurity defense-in-depth posture at the client/server level. When the AWL policy is applied on a Non-classified Internet Protocol Router Network better known as NIPRNET computer system, it is an effective tool in decreasing the attack surface by limiting the amount of programs that can be executed on a computer. This implementation has led to a dramatic reduction in malware activity and even prevents legitimate programs from being installed by an end-user. Legitimate software installations can only be completed by the local Information Management Officer (IMO)," CW2 Quinones stated.
Lt. Col. McCaw went on to say that this ensures that only system administrators with elevated-privileges can make the requisite installs of government and commercial software specifically approved by NETCOM. Currently, AWL covers about 97 percent of the Korea NIPRNET and the intent is to reach 100 percent when the few technical issues are resolved. This added layer of protection had immediate and profound effects by decreasing a variety of threats over the past year alone. The RCC-K's success in its implementation has now driven the rest of the US Army to follow its lead.
In closing, Lt. Col. McCaw added, "AWL and the phishing mitigation efforts is not the know-all, be-all answer in combating cyber threats at the desktop level. What is very essential is the end-user, applying their cyber awareness training and vigilance in ensuring that threat actors cannot bypass the many layers of defense that Army networks provides. It is stressed that computer end-users understand and adhere to their computer user agreements that are read and signed prior to gaining access to a DOD system. If our computer user community uses their computing software and applications as intended and utilizing the internet for work-related purposes, we as a whole can reduce the threat vector even further."