NEWS | Aug. 10, 2011

Cyber security keeps cyberspace safe

By Airman 1st Class Jared Trimarchi Joint Base Charleston Public Affairs

In today's age of Internet media, Airmen have access to new Internet-based capabilities which allow them to easily and quickly share information with people throughout the world.

On April 26, 2010, Joint Base Charleston computers were allowed access to 30 social networking sites. However, with these great new capabilities came an even greater personal and professional responsibility.

Cyber security, a program designed to keep cyberspace safe, was introduced to protect critical, sensitive or classified information about Air Force programs or activities from going online.

Andy Gancarz, Joint Base Charleston chief of information protection and Installation Security Advisory Group chair, said, "Cyber security involves protecting or denying critical, sensitive or classified information to adversaries. Adversaries in possession of critical information can prevent friendly mission accomplishment. Essential secrecy is a necessary prerequisite for effective operations."

With advances in technology come vulnerabilities. The Internet provides intruders many opportunities to break into any computer system. Intruders have historically managed to destroy data, modify software, steal data, shut-down hosts and networks, steal software and modify data.

Intruders try to gain access through a variety of techniques. All forms of communications can be and are monitored for useful information. Any webpage can be hacked.

"Even cell phones operate on radio frequencies that are easily captured," Gancarz said. "Emails are very vulnerable. Even mail can be intercepted, read and resealed without detection. If you communicate through mail or email, both can be exploited for hostile purposes."

Social engineering is an attempt to gather personal and professional information through surreptitious means using social networking sites, social media, social software, email and instant messaging.

Official sources will never ask for your password or any other identification through email or phone contact. Spammers may pose as official sources requesting password and other data.

"Basically, the program intends to safeguard military and personal critical information from those that have no need to know," Gancarz said. "If someone you don't know asks you for information, be very suspicious of them, even if they appear to be legitimate.

"Ask yourself these questions before you answer; Who are you? What will you do with this information? Who else will you tell? Any information you choose to share, no matter how minor you think it may be, can be combined with other data and used against us."

There are many risks involved with today's tools of communication, some more serious than others. Among these dangers are viruses erasing your entire system, someone breaking into your system and altering files, someone using your computer to attack others or someone stealing your credit card information and making unauthorized purchases.

"Unfortunately, there's no 100 percent guarantee that even with the best precautions some of these things won't happen to you, but there are steps you can take to minimize the chances," Gancarz said. "To be safe: update your antivirus regularly, apply software patches, be wary of suspicious emails and websites, protect your personal information online, be aware of your family's online activities and most important, to use strong passwords; be sure that you don't give them to anyone else."

Everyday people rely on computers and the internet for communication, entertainment, transportation, shopping, medicine and the list goes on.

"How much of your daily life relies on computers?" Gancraz said. "How much of your personal information is stored either on your own computer or on someone else's system?"

Information which can be used to distinguish or trace an individual's identity, such as their name, alone, or when combined with other personal or identifying information, which is linked or linkable to a specified individual such as a place of birth, can lead to an individual's identity stolen for criminal activity.

Gancarz recommends a 'think before posting' attitude. Information could become public at any time due to hacking, configuration errors, social engineering or the business practice of selling or sharing user data, he said.

Although there are no new changes regarding Cyber Security since the unblocking of social sites, the education and training of personnel needs to continue to identify what should or should not be done on social media sites.

Here is a checklist everyone should review when logging on.

Checklist pertaining to Personal Information - Do you:
 Keep sensitive, work-related information off your profile
 Keep your plans, schedules and location data to yourself
 Protect the names and information of coworkers, friends, and family members
 Tell friends to be careful when posting photos and information about you and your family

Checklist pertaining to Posted Data - Before posting, did you:
 Check all photos for indicators in the background or reflective surfaces
 Check filenames and file tags for sensitive data (your name, organization or other details)

Passwords - Are they:
 Unique from your other online passwords
 Sufficiently hard to guess
 Adequately protected (not shared or given away)

Settings and Privacy - Did you:
 Carefully look for and set all your privacy and security options
 Determine both your profile and search visibility
 Sort "friends" into groups and networks, and set access permissions accordingly
 Verify through other channels that a "friend" request was actually from your friend
 Add "untrusted" people to the group with the lowest permissions and accesses

Security - Remember to:
 Keep your anti-virus software updated
 Beware of links, downloads, and attachments just as you would in e-mails
 Beware of "apps" or plugins, which are often written by unknown third parties who might use them to access your data and friends
 Look for HTTPS and the lock icon that indicate active transmission security before logging in or entering sensitive data (especially when using wi-fi hotspots)

Ensure the base critical information list is required to be placed by each government communication system. It is a requirement.

Mark Diamond contributed to this story.