Information assurance remains top priority

  • Published
  • By Tyler Hemstreet
  • Staff writer
MCCHORD AIR FORCE BASE, Wash. --  Each day McChord's critical networks are constantly probed for weaknesses -- the enemy is always looking for new ways to exploit weaknesses, according to base officials. To further improve the base's security posture, base officials want to provide all personnel with education and awareness of the ever increasing threats to the base's information, assets and base networks.

Three major security programs that most of the base personnel deal with on a day-to-day basis are Computer Security (COMPUSEC), Information Security (INFOSEC) and Operational Security (OPSEC).

"Protecting our computers and the network they connect to is critical today with the advance of technology and the amount of information traversing through the system each and every day," said Ms. Audrey Dubay, the wing's information assurance officer with the 62nd Communications Squadron. 

"Phishing is one of the primary means that hackers use to gain access to our networks, she said. "Hackers pose as legitimate e-mailers then get you to divulge information or they get you to "click" on a site which allows them to get into your computer and wreak havoc."

To protect vital assets, Ms. Dubay said it's very important to only open e-mails from known sources and to be suspicious of e-mails that seem odd. It is also very important to encrypt all e-mail that contains privacy information or information that is classified as "For Official Use Only," she added.

Furthermore, with the advance of technology the ability to download data onto very small devices has become available. 

"The use of USB Storage Devices (thumb drives) have recently become a serious issue due to their small size and the amount of data they store," Ms. Dubay said. "It is imperative that strong controls be in place to prevent these devices from falling into the wrong hands." 

According to base protocol, all thumb drives must be labeled with the appropriate classification; Secret, Confidential, Unclassified. If the device contains personal information, it must be signed out of the office and controlled by the information assurance officer in the unit. If the device contains classified information it must be locked in a safe, inventoried when not in use and controlled as all classified information, according to base protocol.

Finally, the ability to protect critical information; whether via phone, e-mail, or wireless communications, determines how successful our missions and military operations are, Ms. Dubay said.

"It is imperative that when we communicate about sensitive information that we do it by secure means and that the data is encrypted so the enemy cannot intercept it," she said. "There are secure phones and encrypted e-mail to help to protect vital information but it is also just as important to not divulge potential critical information to family members or on YouTube and MySpace. We would not tell Osama Bin Laden about our military strengths, movements, or plans on purpose, but if we fail to protect our information that is exactly what we are doing."