VANDENBERG AIR FORCE BASE, Calif. -- October is National Cyber Security Awareness month - and with an increase in cyber-attacks worldwide - it is increasingly prevalent to stay informed and educated in order to avoid being a risk to the base network.
Maintaining the security of the network on Vandenberg begins with the user following proper protocol, which is ultimately the first line of defense.
“It starts with awareness and education,” said Rene San Nicolas, 30th Space Wing cyber security chief. “We send out information and try to inform people about what a cyber-attack looks like. We monitor the network constantly and check that guidance is being followed. But it is always the individual’s responsibility to make sure they aren’t being a risk to the network. As long as people are being careful when handling information and not being irresponsible on the network, we can count on them to help us stay ahead of the game.”
Government employees need to be more careful than most when dealing with social media, due to its public access and lack of security.
“It is the user’s responsibility to defend the network, it isn’t just ours,” said 2nd Lt. Ann Janet Sediego, 30th SCS OIC wing cyber security office. “It is up to everyone who logs on to the system and uses the network. Remember, anything you post online is permanent. As social media becomes more accessible to everyone, our adversaries are going to be there to exploit it because it is not secured.”
The damage from clicking a single bad link or plugging in an unauthorized flash drive can be astronomical, jeopardizing the government’s ability to launch satellites into polar orbit or damage the communications networks.
“The users are generally trying to do things in a secure manner and stay within the guidelines,” said San Nicolas. “We don’t have the resources to find all the holes in the network, which is why we rely on the individual using the network. They are our frontline defense simply by following protocol. The theme of security starts with the user. Unless they follow the policies and are careful where they go, it could become a problem for the whole base. Someone clicking on a link in an email that goes to a malware site could affect our whole network.”
Although malware is the primary concern, any lapse in computer protocol puts the network at risk. This also takes up valuable resources that could be spent better securing the network from actual threats.
“When you take the online cyber security training, it isn’t just another Computer Based Training that is required,” said Sediego. “That training highlights everything that you should and should not do. When people do stuff they shouldn’t - like plugging in flash drives and clicking on possible malware links - it starts a whole chain of paperwork and an investigation that takes a lot of time with our small team.”