By Eric Pilgrim | Fort Knox NewsMarch 15, 2019
Fort Knox security officials are a little more than a month away from a planned weeklong installation-wide inspection that will test every aspect of security.
Known as a command cyber readiness inspection, or CCRI, about 12 officials from U.S. Army Cyber Command at Fort Gordon, Georgia, will be on post the week of April 22 to check on more than just cyber security.
"It's not just a cyber security inspection; it's much more," said Richard Chism, director of Fort Knox's Network Enterprise Center. "It's traditional security as well, which means building security, tech security, the [Secret Internet Protocol Router Network], and the other networks.
"It's really a command inspection."
In the meantime, Chism is getting the word out to members of the Fort Knox community to remain focused on their part of the security equation.
"We've got to make sure people are vigilant; they're not leaving their [Command Access Cards] unattended, they're not plugging in their USB devices and their personal phones to be charged on SIPRNet devices," said Chism. "We've got to make sure that all of our conduit [physical infrastructure] that feeds our SIPR systems is intact, has been inspected, and is up to code and meets regulations."
As part of the awareness campaign, officials have emailed network users two digital trifolds they can use as a refresher: a CCRI explanation brochure, and an Incident Response Checklist. The checklist offers five cybersecurity tips for users to be aware of:
• Do not reply to spam emails or reveal personal identifiable information (PII), such as date of birth, social security number or credit card information, to unknown sources. This could result in identity theft, with PII used for illegal purposes. Always encrypt and digitally sign all PII, medical, and/or contract-sensitive data.
• Refresh your knowledge of Information Assurance (IA) by completing the annual IA Awareness training at the Fort Gordon Information Assurance Website. Review and maintain an updated Acceptable Use Policy.
• Do not connect any removable media (e.g. personal/DoD mobile devices, personal or contractor-issued systems, thumb drives or other personal electronic devices) to the DOD network.
• Downloading unauthorized software on the DOD network is strictly prohibited.
• Keep Common Access Cards (CACs)/Alternate Smart Card Logon (ASCL) tokens in possession at all times. When leaving a system unattended, the CAC/ASCL token must be removed.
Chism said inspectors try to conduct a planned inspection at each installation at least once every two years. However, they can and do also show up for unplanned inspections. The April visit is a planned inspection.
Department of Army officials have touted the Fort Knox security program as an industry standard for military networks. Chism said that praise won't be something for them to get complacent about.
"I think Fort Knox is prepared all the time," said Chism, "but this keeps us on our toes; makes sure we're crossing the T's and dotting the I's, doing things right, and that we keep the users on the Fort Knox network informed and trained to do the right thing when things do come up."
Chism said all of these efforts serve a serious, authentic purpose.
"There are thousands of attempts into our network every day," said Chism. "There are also insider threats, which means people aren't vigilant and doing the right thing from a physical security standpoint. That also leaves risks to our network."
An important remedy for these threats? Users, according to Chism.
"Be aware of what's going on," said Chism. "Follow the basic principles and rules of cyber security. Don't try to download unauthorized software; stay away from gaming and peer-to-peer software."