Keeping network secure is everyone's responsibility

  • Published
  • 50th Space Communications Squadron
SCHRIEVER AIR FORCE BASE, Colo. --  This February, Schriever will undergo its second U.S. Cyber Command-directed Command Cyber Readiness Inspection. The 50th Space Communications Squadron is determined to improve the base's showing this year.

"Network security is everyone's responsibility," said Lt. Col. David Case, 50 SCS commander, "We have to rely heavily on user compliance and assistance to securely operate and defend base networks, and to fulfill our primary mission of delivering secure communication for the warfighter. Some of the more familiar efforts are the 'Comply to Connect' initiative and allowing our technicians to remotely repair vulnerable machines."

During the CCRI, a Defense Information Systems Agency Field Security Operations team will meet with Schriever' information assurance personnel.

"They will visit facilities with Secure Internet Protocol Router Network and Non-Secure Internet Protocol Router Network machines to validate accreditations, enclave/network security, perform network-based vulnerability scans, and assess compliance with Department of Defense information assurance policies," said Wardell Adams, 50 SCS Plans and Resources Flight chief.

As part of the CCRI process, the evaluators will determine the base's cyber readiness and will evaluate units' knowledge of the protocols and standards required to keep the base networks safe. To stay ahead of the curve, 50 SCS is stressing the importance of the weekly SIPRNet up days.

As part of 50th Space Wing Commander Col. Bill Liquori's "Comply to Connect" policy, all SIPRNet workstations must be powered up and connected to the network every Wednesday to receive the latest security updates. Systems that fail to be powered on and connected will be disconnected from the network.

Base users can pitch in to help keep their workstations safe for use. One of the easiest ways to help out is to restart workstations at the end of the work day to allow patches to be applied. NIPR workstations should always remain on so that they can receive the latest security updates. Additionally, users can assist the 50 SCS by remaining vigilant and verifying links before they visit untrusted sites or click on untrusted email attachments and links. As a reminder, personal media devices, such as mp3 players, and removable flash media devices are not allowed to connect to any DOD information system for any reason.

To ensure network compliance remains a year-round focus, measures are already in place to ensure security updates are kept current. Some of these measures, like the SIPRNet "Comply to Connect" policy, are user-intensive and require everyone to pitch in. Others, like scanning and patching, are a regular battle rhythm for the squadron.

Case added, "Technology can only do so much to protect a system before the human element becomes the dominant factor. Securing the network is a collaborative effort and it cannot be done without your help."