USAFE kicks off command-wide Information Assurance campaign

  • Published
  • By Senior Master Sgt. Stefan Alford
  • HQ USAFE Public Affairs
RAMSTEIN AIR BASE, Germany --  Did you know that the DoD has directed the validation of all file and folder permissions on your government computer? You should - it's been a part of each network computer user's login screen as a pop-up system information box for several weeks now. 

Still doesn't ring a bell? It's that bright yellow text that begins in all caps "ATTENTION ALL USERS" and ends with "Press any key to acknowledge this message..." 

Unfortunately, those two lines are usually the only ones that most people actually register as they zip through their morning login routines. The block of text in between goes largely unnoticed as folks press their enter keys or space bars to move to the next screen. 

That's one reason that U.S. Air Forces in Europe starts an intensive Information Assurance campaign this week for all USAFE locations. And while that means an increase in pop-ups at login, with IA tips of the day or other pertinent network security information, the USAFE cyber surety program manager hopes that users will pay a little more attention. 

"It's all about education," said Master Sgt. Dustin Ruland. "People need to be reminded how their government systems are authorized for official use, especially with increased IA discrepancies and real-world threats to our information systems." 

Sergeant Ruland points to the recent DoD policy prohibiting the use of thumb drives and removable flash media in government computers as an example of how the military is starting to take a stronger stance on vulnerabilities that could affect its networks. 

The IA campaign looks to further emphasize some of those areas by targeting computer security, emission security, communications security, public key infrastructure, and certification and accreditation. 

While the pop-ups will be the first noticeable sign of the campaign, there will be other avenues to get the message out to users as well, such as commander's briefs, and planned radio spots and TV commercials. 

In the next few months, users can expect to see unusual computer "glitches" or attempts to garner personal information through "phishing." 

Phishing is one of the most common computer security threats, said Sergeant Ruland. 

"People may get what looks like an official e-mail from their bank or another agency that directs them to what looks like that organization's web site and then asks them to verify their identities by entering birthdays, social security numbers, account numbers, or even passwords," he explained. 

In a recent phishing exercise conducted by Ramstein's 86th Airlift Wing, 49 users in the wing responded by providing just such personal information, said Sergeant Ruland.
Another tactic that communications personnel have used to test computer security is dropping thumb drives in public places. 

"You'd be surprised how many people pick them up and actually insert them into their computers," he said. "This is an easy way for somebody to introduce a virus, worm or other malicious code into a system." 

"Another common virus danger is through any kind of unauthorized software or downloaded files," added Master Sgt. Jerry Wright, USAFE circuits manager. "We've seen people who downloaded MP3 music files at home and then brought them to the office so they could listen to their favorite songs at work. First of all, those might be illegal downloads of copyright material that they are then introducing on a government system, and secondly, they could contain all kinds of malicious code embedded within that file that is now on the network." 

That kind of danger exists within any unknown file, added Technical Sgt. Paul Berry, USAFE communications security program manager. "Think before you open an attachment, don't just click on it," he said. "These e-mailed attachments feed on people's natural curiosity, but it's best to delete a file if it's from someone you don't even know." 

"If users feel they are the victim of a network or computer security incident, they need to contact their information assurance officer or wing IA office immediately," said Sergeant Ruland. 

The bottom line is finding a balance between computer security and user ease, he said. 

"We all need to protect the network," Sergeant Ruland explained. "What happens when the network or your computer goes down? A lot of organizations would be at work stoppage, so it's a mission critical asset and hopefully the IA campaign will remind users of that."