JOINT BASE SAN ANTONIO-LACKLAND, Texas --
Ok, so it's National Cyber Security Awareness Month, so what?
It's also (among other observances) Native American Heritage Month, Lung Cancer Awareness Month and National Pomegranate Month in the United States.
Antioxidants aside, those other two are hugely important and leave me wondering, "What does cyber security even mean and why does it matter?"
I've worked here at Air Forces Cyber for a couple years now and I know enough about the subject to say the same old things about the same old things. Boring... Instead, I reached out to one of our own cyber security experts - Master Sgt. Joseph Harkleroad, 624th Operations Center Strategy Division superintendent.
This senior-noncommissioned officer knows his stuff. He served as a network security instructor at Keesler Air Force Base, Miss., and taught the initial cyber surety 3-level class after the Air Force specialty codes in the communications fields combined to 3DXXX (cyber Airman). Harkleroad holds multiple industry certifications and has more than a decade of cyber experience.
"To me, cyber security is 'defending the confidentiality, integrity, availability and accountability of the information on your network,'" he said. "Cyber Security is today's 'arms race.' The better our defenses become, the more crafty or innovative a tactic our adversary employs. As we defend against gaps and holes in our cyber defenses, new vulnerabilities are being discovered."
An instructor at heart, Harkleroad broke down his definition of cyber security into security concepts that hold fast in Air Force, civilian and industry network defense.
- Integrity is the Air Force's first core value, but it also applies to information. Integrity of information is making sure changes to information on a network are intended and made by appropriate users. Maintaining that integrity means stopping unauthorized users from making changes.
- Availability of information is key to a user. Information does us no good if we can't access it. Maintaining availability involves defending information from intended or inadvertent attack. Examples include data backups and network redundancies.
- Accountability is positively identifying individuals and devices on a network. In doing so, one is able to validate other key concepts like confidentiality and integrity. The most common method of accountability is the combination of network identification (e.g., username, common access card) and network authentication (e.g., password, PIN).
Harkleroad said the security concepts are the source of all security precautions. He said Department of Defense members can find security precautions by checking out the 624th OC's product, "Cyber Tidbits," on the cyber tab on Air Force Portal. He said everyone can view the National Security Agency's "Best Practices Datasheet" by clicking on the link
"The NSA is one of the most legitimate sources for computer security," said Harkleroad.
He said the Air Force relies on individual users to be as secure as possible.
"In the security world, we joke that the only secure network is a network with no users," he explained. "The most significant threat to any network is the 'internal threat,' either purposeful or inadvertent, and no amount of security can fully defend against it. Whether it's clicking on a malicious link in a phishing email, downloading a malicious file or plugging something into a computer or network that we shouldn't, users of the Air Force network are the key to its defense. To use a medieval castle analogy, the strongest portcullis, the tallest walls, and the best archers can't effectively defend a castle if some castle resident opens the gate to our adversaries."
So it's National Cyber Security Awareness Month, what does that mean for you? As residents and users of the Air Force network, we're all responsible for keeping the gates closed and our adversaries at bay.