In preparation for the Department of Defense Cybersecurity Command CCRI, U.S. Army Tank-automotive and Armaments Command will conduct a Detroit Arsenal-wide security standdown on Sept. 18.
The standdown will emphasize document and media labelling, clean-up, and shredding. Individuals should ensure they clean up their desks and files to ensure documents are properly marked and secure, and shred any documents that are no longer needed.
The Shred-It Truck will be available to shred For Official Use Only and Personally Identifiable Information. They will not accept CDs, DVDs, hard drives, flash drives, cardboard, plastic, metal, personal documents or media, or any classified documents or media.
TACOM's Cybersecurity Project Lead, Darren Lisow, said, "The biggest concern with the inspection is unprotected PII and FOUO documents lying on people's desks and unattended CAC cards."
According to Lisow, other areas of concern are controlled unclassified information documents and CDs and DVDs that are not properly marked near secure areas. CDs and DVDs must be marked and stored properly regardless of their classification.
Lisow went on to say that the purpose behind the security stand down is to change mindsets and behaviors in how individuals treat sensitive material prior to the CCRI. "Anyone may be an inside threat…we have to protect our data and protect our information," he said.
For the most part, the stand-down day is a self-inspection of work areas to look at what type of information people are leaving unprotected. Lisow encourages supervisors to check their sections to make sure documents aren't left lying around.
"For the most part security is adhered to," Lisow said, "but can become lax at times."
A CCRI is a DoD-led formal inspection intended to increase the accountability within the DoD information networks and help improve the overall security posture within the installation Detroit Arsenal's CCRI takes place Sept. 23-27.
"If there are enough violations they can shut down the network. If you lose accreditation, if there's more risk than benefit, they can and have shut down networks until things are corrected," said Lisow.