Digital threats detected by digital warriors
By Senior Airman Michael Washburn, 355th Fighter Wing Public Affairs
/ Published February 06, 2013
DAVIS-MONTHAN AIR FORCE BASE, Ariz. -- As Senior Airman Ryan Brock, 355th Communications Squadron information assurance technician, sits at his desk, the glow of the computer screen illuminates on his face. He's looking for perpetrators of the digital kind. Those who unknowingly put D-M's computer network systems at risk.
Most Airmen clearly know the Air Force Instruction not to plug in anything to a government computer that is not authorized. For others though, the AFI is a little murky. Network security goes sour when Airmen start plugging their personal equipment into government computers. Small things like hard drives and thumb drives can cause large headaches.
"If someone were to take an external hard drive home and plug it in to their computer which doesn't have proper virus definitions, when they plug it back into our network, our computers will have what the individual had," Brock said. "This could be potentially anything including a trojan, a worm or it could be spybots that were placed there by the Russian government."
If an individual needs to get a hard drive for their office, they can't just go to the store and buy one. They need to go to their information assurance officer and let them know they need one. They can have one purchased using their unit's funds. The hard drive needs to have a 355th CS certification letter on it with the date, drive name, device serial number and approval number. It also needs to have the information assurance approval signature. Only then would it become an authorized hard drive.
Along with computer equipment, cell phones are also posing a problem.
"Most phones can basically act as a hard drive and they're usually always connected to the internet," Brock said. "So, if someone plugs their phone into a computer, they just bypassed all the firewall security we have in place by introducing a straight internet source into the computer. That can be devastating from a network security standpoint."
Brock states that people tend not to think about risks associated with phones.
"People don't have the same mindset when they're surfing the net on their phone like when they're on the computer," Brock said. "On a computer, they're mindful of risks, but on a phone they don't think about it. It's really easy to get things introduced that way."
Just as police officers keep crime at bay, Brock is primed to lay down the electronic law on those who put our system at risk.
"We have a script on our computers that will detect if anyone has anything plugged into the USB ports of their computer," Brock said. "We're not looking for authorized items; we want to find unauthorized items."
If the script picks up anything, Brock takes action ... disciplinary action.
"An email gets sent off to the communication squadron commander, the individual's supervisor and IAO," Brock said. "I let them know who the violator was and what happened. The user will have their account disabled, and won't be able to unlock it until after they've completed the information assurance computer based training course. They have to come into the communication squadron building and retake it on a stand-alone computer. After that, they have to meet with the commander along with the individual's supervisor to explain what they did and why."
The idea is to discourage other individuals in that Airman's office from doing the same thing.
"Even if they're rushing, it's still going to be at least a day of down time," Brock said. "We're not doing this to be mean. We're doing this because it's a serious problem that has shut down the system in the past. It may be embarrassing and frustrating, but it gets the point across."
The advice Brock gives is the same information they brief during rightstart.
"The thing we brief is to remember that every time someone is logged in, they are responsible for anything that happens on that system," Brock said. "People need to know what's plugged into their computer. Don't plug in anything that isn't authorized, period."