Do you have a cyber security checklist?

  • Published
  • By Cecily A. Odom
  • 71st Communications Squadron director
VANCE AIR FORCE BASE, Okla. --  Last March, Gen. Stephen Lorenz, commander of the Air Education and Training Command, directed bases throughout the command to hold a network focus day specifically dedicated to covering key aspects of network security and information assurance.

Here we are a year later and the message is still the same -- maintaining the network's security and health is paramount to successful mission accomplishment at Vance AFB and throughout the Air Force and Department of Defense.

There are so many different venues important to maintaining that security, but the first line of defense is to go back to the basics. Every military member, government civilian and contracting partner needs to create a cyber security checklist to guide them before they attempt to log on to the network or access a computer system.

The first item on the checklist should be to complete the mandatory Information Protection training. Do some refresher training with your unit. This training not only provides each user with the basics on how to protect information, but also the steps required to deny enemy access to critical infrastructure. The training also provides a level of awareness about cyber threats, vulnerabilities and an understanding of the network as a target of opportunity for known and unknown enemies, near and far, who seek to inflict harm.

Our network -- our e-mail, our shared drives, our operating systems -- enable our teams to work on the Air Force chief of staff's top five priorities. How can protecting those systems not play a central role in addressing those priorities? An organized network attack has the potential of disrupting and crippling the entire Defense Department operation.

The second item on our check list should be to routinely and systematically scan all documents received with the latest anti-virus software, both at work and at home. Thirdly, do not use thumb drives or other flash memory devices to transfer data to government computers.

Next, as each of us go through our daily work, be suspicious of "phishing" e-mails which attempt to acquire sensitive information like names, Social Security numbers or bank account information. Never open an e-mail from someone you don't know and even be on your guard against forwarded attachments from people you do know. They may have unsuspectingly forwarded malicious code or viruses.

Finally, one of the fundamental procedures required to maintain network security involves the careful treatment of passwords. Don't use words from the dictionary and don't use the same password multiple times. It may be difficult returning from a deployment or extended leave of absence and remembering all of those accounts, usernames and passwords, but the safety of those combinations really means the safety of our nation from those who wish us terrible harm.

Imagine a corrupted emergency management communications system just waiting to fail during the next natural disaster. Cyber attacks may be combined with other means to inflict paralyzing damage to our nation's critical infrastructure as well as psychological operations designed to create fear, uncertainty and doubt.

Each of us has a responsibility to maintain network security focus on a daily, weekly and monthly basis. By referencing a checklist of the bare essentials -- regularly taking the information protection training, consistently assessing the cyber threats and vulnerabilities and keeping a strong set of passwords -- we remove the cyber criminal's ability to gain access to the information they can use to initiate a cyber attack.