Showing posts with label NATIONAL CYBER SECURITY AWARENESS MONTH. Show all posts
Showing posts with label NATIONAL CYBER SECURITY AWARENESS MONTH. Show all posts

Saturday, October 20, 2012

NATIONAL CYBER SECURITY AWARENESS MONTH


JOINT BASE SAN ANTONIO-LACKLAND, Texas -- The Bureau of Justice Website says that in 2010, seven percent of households in the United States (about 8.6 million households) had at least one member age 12 or older who experienced one or more types of identity theft victimization. (U.S. Air Force graphic illustration by William Parks.)

FROM: U.S.  DEPARTMENT OF DEFENSE


National Cyber Security Awareness Month: Protecting PII everyone's responsibility

by Tech. Sgt. Scott McNabb
24th Air Force Public Affairs

10/16/2012 - JOINT BASE SAN ANTONIO-LACKLAND, Texas -- Safeguarding information is a way of life in the Air Force and the service trains military members, Department of Defense and contract civilians alike to avoid releasing personally identifiable information about themselves or others.

A letter from the secretary of defense defined PII as information which can be used to distinguish or trace an individual's identity, such as their name, social security number, date and place of birth, mother's maiden name, and biometric records, including any other personal information which is linked or linkable to a specified individual.

"I would agree that DoD community members have access to, and use, PII on a near daily basis," said David Swartwood, Joint Information Operations Warfare Center operations security analyst. "PII is embedded in nearly every aspect of what we do: military pay, travel orders, permanent change of station orders, medical, appraisals, record keeping, training, etc. For example, an identify thief can take your name, SSN and address and potentially open up fake banking accounts or obtain fraudulent credit cards. When we mishandle and improperly release PII it is like we're handing our exploitable information straight to the bad guy - we might as well put a bow on it."

The
Bureau of Justice Website says that in 2010, seven percent of households in the United States (about 8.6 million households) had at least one member age 12 or older who experienced one or more types of identity theft victimization.

Swartwood said the Department of Defense has provided clear guidance on how to handle and protect PII and it's up to those who work for the department to recognize and protect PII.

"Mishandling PII places the individuals at risk and jeopardizes our mission," he said. "If my military member is distracted or harmed by a loss of their PII, then they're not focused on the mission and we're losing valuable time and resources resolving the issue. People need to understand there are adversaries out there who want to get a hold of their information and use it to harm them. When handling someone else's personal info, people should think, 'How would I want my information handled and protected?'"

Swartwood said JIOWC teams conduct OPSEC surveys around the world in support of combatant commands and they often find more PII than they should by monitoring communications and digging through trash and recycle containers.

"In a recent OPSEC survey our team recovered a small stack of improperly discarded personal paperwork in a recycle container," he explained. "It provided the service member's name, unit and SSN."

The OPSEC team did what most people do when they're looking for information. They went online.

"We did a quick 30 minute search online for the member's name and found: date of birth, phone number, personal e-mail address, social media profile, child's name, child's date of birth, child's school, child's age, school address and spouse's name," he said. "This military member had recently deployed overseas while their family remained at home. How effective do you think they would be if someone targeted their family while they were deployed? How easy do you think it would be to steal their identity and ruin their finances?"

That much information in just 30 minutes shows how easy it would have been, but there are ways to avoid such a breach of PII.

Do not leave items such as performance reports, recall rosters, social rosters or alpha rosters in an area that could result in their loss or theft. Do not place PII on public websites or SharePoint. Encrypt all emails that contain PII, put (FOUO) at the beginning of the subject line, and apply the following statement at the beginning of the e-mail:

"The information herein is For Official Use Only (FOUO) which must be protected under the Privacy Act of 1974, as amended. Unauthorized disclosure or misuse of this personal information may result in criminal and/or civil penalties."

Once you are finished working with PII, dispose of the documents (paper or electronic) properly. Disposal methods may include: tearing, erasing, burning, melting chemical decomposition, pulping, pulverizing, shredding and mutilation. Use shredders that produce a crosscut to ensure paper pieces are indecipherable. Permanently delete electronic records.

If you discover any disclosures of PII, report it immediately through your supervisor and chain of command and contact the base Privacy Act manager. Additionally, lost, stolen or possible compromised PII must be reported to
U.S. CERT within one hour of the discovery. An investigation will be initiated and those who are found guilty of causing the breach could be charged with criminal and civil penalties.

DOD Instruction 5400.11-R, DOD Privacy Program and AFI 33-332, Air Force Privacy Program establishes the current DOD and Air Force guidance on PII.

"Education is the best countermeasure in my opinion," said Swartwood. "Letting people know they're responsible for protecting PII along with training them how to safeguard it is critical."


 

Sunday, September 30, 2012

NATIONAL CYBER SECURITY AWARENESS MONTH

FROM: U.S. DEPARTMENT OF DEFENSE

Deputy CIO: Computer Users Must Practice Cyber Security

By Claudette Roulo
American Forces Press Service


WASHINGTON, Sept. 28, 2012 - National Cyber Security Awareness Month in October lasts just 31 days, but practicing good cyber security is important 365 days a year, the Defense Department's deputy chief information officer said yesterday.

Because users engage with the network on a daily basis, good cyber security practices should be second nature, Robert J. Carey, DOD's deputy chief information officer, said during a joint American Forces Press Service and Pentagon Channel interview.

This means "changing our culture to be more mindful of the fact that the information needs to only be transmitted to those who are fit to consume it [and] who are authorized the right accesses," he said.

Specific cyber security practices vary depending on the type of users, but Carey said there is one overriding concept: everyone is responsible for protecting information.

Commanders rely on information relayed through electronic networks to make life-and-death decisions, but, Carey asked, what if they couldn't trust that information?

"What if [they] trusted it but it was wrong?" he said.

Understanding how that information traversed the network -- whether it came from the person it's supposed to have come from -- is essential to commanders, he said.

And while information technology can be a complicated subject, with an equally complicated lexicon, Carey said his office is working to ensure that DOD adopts policies and strategies that help users at all levels to understand exactly why cyber security is so important. This way, he said, they can be confident that they're taking the right steps to protect information.

"The most important link is the user. Each of us, when we engage the network, is either an asset or a vulnerability, depending on our actions," he said. "The human becomes the weakest link, and so the more we can strengthen that weakest link, the better we will be."

Responsible network access means users are aware of what they're clicking on, Carey said.

"If you click on a link that you don't know where it came from and suddenly bad things happen ... well the link has already provided the information to your computer," he said, "so now you have bypassed a lot of the protections that the system has."

The Department of Homeland Security has adopted "Stop. Think. Connect" as the motto for National Cyber Security Awareness Month. Carey said the program asks users to consider their actions and remember that what they do online may affect others.

"If you're ... cutting corners and you're doing the wrong things, you can be a vulnerability to this big thing called the network," he said. "People don't realize the extent of it. They think if my machine has a problem that that's the extent of it. It's generally not the extent of it."

Network users should ask themselves if they're doing the right things or exhibiting the right behaviors to perform risk management of the information they're going to access, he said.

This thought process should continue even when people aren't accessing the network from their workplace, Carey added.

"At home you don't think about security," he said. "When you get on your computer at home and you engage the internet, it's highly unlikely that you have a firewall [and] it's highly unlikely that you have a smart card to log on, so the layers that afford us security aren't generally present."

People may feel annoyed when security layers are added to the home experience, but, Carey said, "that operational overhead is a necessary evil to ensure that the information stays protected."

"If we can keep the information secure, the layers, they're just a necessary part of the accessing process," he added.

Carey said that every user is front and center in the battle to ensure networked information remains secure.

"It is ... a cost of doing business in the information age; you just have to be aware," he said.

Search This Blog

Translate

White House.gov Press Office Feed