Cybersecurity and Common Insider Threats

  • Published
  • 144th Fighter Wing

The U.S. Air Force takes cybersecurity very seriously. It’s why we have annual cybersecurity trainings and why our cybersecurity procedures are so strict. Anytime a Classified Material Incident or a Negligent Disclosure of Classified Information occurs, the specific protocols and reports must go directly to the wing commander.

While often unintentional, the three most common insider threats to cybersecurity are:

  1. Exposing sensitive data to an unsecure network
  2. Using unauthorized hardware
  3. Installing unauthorized software

Exposing Sensitive Data to an Unsecure Network

One of the most common threats to cybersecurity is exposing sensitive data to an unsecure network. This most often occurs when Personally Identifiable Information is exposed to an unsecure area on a network or it is emailed to a civilian email account. One of the documents that is most often associated with this kind of security breach is the Alpha Roster, which contains PII of personnel who work at the base.

Some of the folders within the Electronic Record Management network drive, which is referred to as the “R” drive, or the “Records drive,” at the 144th Fighter Wing, are used for this type of Controlled Unclassified Information. For example, Alpha Rosters should be stored in the “33-21 Locator and Personnel Data” folder. They are uploaded and periodically updated by the Commander’s Support Staff. Files like these are only accessible to personnel who are entered into the security group to access the information.

Master Sgt. Joanne Esquerra, Knowledge Operations specialist said, “Everyone cannot have access to full Alpha Rosters, but a filtered copy of the Alpha Roster may be appropriate if an Airman requires access to specific data.”

For that data, an Airman may request the file from his or her CSS.

“If for any reason, sensitive data or PII needs to be emailed over the NIPR network, it must be encrypted or sent using DoD SAFE,” said Esquerra. “It reduces the risk of PII inadvertently being emailed to a non-secure network.”

 “A working copy of an Alpha Roster may also be saved on the hard drive of a CAC-secured computer, but to be safe, it should be password protected,” added Esquerra.

If Airmen require access to a security group, they should request access through the virtual Enterprise Service Desk, or vESD, application on their government computer. Directions to request a modification to a security group can be found at: RM Continuity on Microsoft Teams.

The goal of these processes is to balance the need for security while also providing accessibility to those who need the data to do their work.

 “All secure and sensitive information must be kept secure, but we want to make it workable for everyone.” Esquerra explains, “It’s the reason our office offers trainings. We have protocols and procedures in place to make working with sensitive data as convenient as possible while still maintaining security.”

Using Unauthorized Hardware

Senior Airman Morgan McRee, Cyber Operations Security specialist, cautions Airmen to only use authorized computer equipment with a government computer. This includes keyboards, monitors, mice, microphones, and other items. It also includes televisions and smart devices.

“It’s the reason the Com Flight purchases most electronic equipment for the whole base,” said McRee. “They will ensure the equipment is authorized and secure.”

Personally-owned computer equipment is also not authorized to be used with government equipment.

“They increase the risk of exposing the network to malware,” said McRee. “And USBs or any equipment with wireless capabilities introduces an even greater risk. Basically, any wireless item has a USB, which stores data such as drivers that are automatically downloaded onto the computer. Radio signals used by wireless devices compound it even further. They present an undeniable security risk.”

Even items purchased through GSA Advantage may not be secure or authorized for use on a government computer.

To ensure computer equipment is secure, units must have their purchase requests reviewed by the Communications Flight’s Plans and Resources office. The process is in place to ensure spyware or malware is not inadvertently introduced to the network.

Installing Unauthorized Software

“While it is difficult to install unauthorized software, it does occasionally happen,” said Mcree. “If a unit requires specific software to perform their duties, they must go through the Comm Flight.”

Problems can occur when an individual with administrator access unknowingly installs unauthorized software.

If units require a specific computer software on their government computer (that is not already installed), they can contact the Communications Flight for more information about the process.

Security versus Convenience

McRee acknowledges, “When the priority is on speed, security is sacrificed, and when security is the priority, speed must often be sacrificed.”

Esquerra and McRee understand that the network can be slow, and that it limits the amount of work we can get done, but they also recognize that it’s all in place for a reason. All components of the U.S. Air Force, including the Air National Guard, Reserve and active-duty, have been using the same network since 2016, which provides standardization, total force integration, and reduced maintenance costs. Since then, administrative functions have been controlled at higher levels than at individual wings or bases. For all the ANG units across the country, security protocols are set by the 299th Network Operations Support Squadron, which are in alignment with the rest of the total force.

“The Air Force defines the accepted level of inconvenience for security,” said McRee. “We don’t set the rules, but it’s our job to communicate them and to urge everyone to comply. It’s tough, but the rules can’t be about convenience.”

Knowledge Operations and Cyber Security Operations offer training to help users identify the most efficient processes available while still maintaining security. These include using DOD safe, checking out a laptop, or using a VPN. For more information about upcoming trainings or to request a training, units can contact the Knowledge Operations office. Their trainings highlight security procedures and offer the most convenient and time efficient strategies to get work done.

“Our goal is to have a trained community. We want to enable a one team, one fight mindset,” said Esquerra, “Not knowing how to do something is not an excuse.”

“Making time for the training is huge,” agreed McRee. “The only way to prevent security breaches is for everyone to know.”