Cyber Readiness Is Everyone’s Responsibility…and an Inspection Is Coming July 9th

EIELSON AIR FORCE BASE, Alaska -- Air Force Chief of Staff, General Norton Schwartz, emailed everyone in the Air Force on May 27th, 2009, "...in the past, we've regarded network protection and security as the 'comm guy's job,' and as a user inconvenience. This must no longer be the case. As Airmen, civilians and contractors, you must understand your responsibility in this cultural change. Each time you use a networked device, you are on patrol for our Nation." This commentary helps to define your responsibility.

What instinctively conjures in your mind when you hear, "cyber"? Common thoughts are computers and the Internet, seen as the central theme or key enabler in movies and real-world events. Science-fiction movies such as "The Lawnmower Man," "The Matrix" and "TRON" depict virtual realities and electronic worlds that co-exist with the real world. Real-world events such as web-based purchasing and conversation, one country claiming a computer-based attack from another and real-time social networking down to your mobile smartphone are some of what's becoming the new societal norm for cyber.

However, cyber is more than just computers and "the network"--it's anything where digital 0's and 1's pass over physical media (wire) or the electromagnetic spectrum (wireless). This introduces devices that Eielson personnel use and must guard daily, such as non-secure and secure telephones and radios, Common Access Card-enabled devices, wireless BlackBerrys, data collaboration environments such as share drives, SharePoint and the Air Force Electronic Records Management database, airfield systems and more. Because these capabilities, or programs, are commonly used by virtually all units on Eielson, each unit has established 13, "wing-managed cyber program," monitors for these programs, with the host Communications Squadron being the base-level program managers. These unit monitors are responsible to ensure their respective program is fully compliant, and that all members of their unit are knowledgeable in how to react to a program breach, such as Privacy Act or Personally Identifiable Information being found unprotected.

From July 9 to 13, US Cyber Command is sending a 5-person, "Command Cyber Readiness Inspection," team to Eielson to measure the base's cyber security posture, both in compliance and user knowledge. Specifically, the above-mentioned cyber programs, physical and industrial security, information assurance, your computer's compliance level and classified processing areas. They may test your cyber security culture, looking for orphaned CACs left in unclassified systems, written-down passwords, incomplete Entry Authorization Lists, classified monitors facing windows and hallways, unauthorized wireless keyboards and mice, telephones and Land Mobile Radios missing the, "Do Not Discuss Classified," red sticker, multi-function devices (e.g., digital scanners) not CAC-enabled, unlabeled removable media, foreign objects in comm closets and personal wireless devices in classified areas. They may test your knowledge, asking what you would do if you see unprotected classified material, an orphaned unsecure safe or classified information in an unclassified email you just opened. They are even grading commander and senior leader active involvement in these programs. This method of inspection differs little from how the PACAF Inspector General communications functional team inspected units' cyber programs during Eielson's November 2011 Comprehensive Unit Inspection.

So as you can see, today's cyber inspections involve all units on a Defense Department installation. The host Communications Squadron is the quarterback, and you are the defensive line, where we work as a team to cooperate and succeed. You, as a user, are a sensor, expected to do your part to keep the network secure through your various cyber-related training (e.g., the annual Information Assurance computer based test), allowing computer patches to be immediately installed on your computer, rebooting before you go home each night, logging into your SIPRNet computers at least weekly, taking your CAC card with you wherever you go and following the recently-updated 354 FW/IA's, "Network Incident Reporting Aid," for viruses, classified message incidents, phishing e-mails and PII breaches.

It takes all of us, working as a team, to ensure cyber readiness and cyberspace superiority, which is paramount to maintaining Eielson's mission assurance: prepare, deploy and enable combat-ready forces.