Government computers: is yours safe

  • Published
  • By Capt. Rose Richeson
  • 39th Air Base Wing Public Affairs
INCIRLIK AIR BASE, Turkey --  During the 101 Critical Days of Summer campaign there is an added focus on personal safety. One aspect of personal safety most base members don't relate to this timeframe, but is every bit as important, is the safeguarding of computers.

Safety of government computers rests in the hands of the user. The user's responsibility begins as soon as the Common Access Card is inserted and remains until that user removes their CAC.

As the Air Force transitions to using card readers instead of passwords, leaving a CAC behind is almost a daily occurrence for some who may not know the type of information stored on it. Personal identification such as your full name and social security number are available from the exterior of the card, not to mention more information contained in the chip.

According to Air Force Instruction 33-202V6, Identity Management, to ensure identity management and information security, a CAC should never be left in a computer unattended, said Tech. Sgt. Melissa Wheeler, 39th Air Base Wing Administrator noncommissioned officer in charge. 

Once you're logged in, decreasing your chances of becoming a target depend on how you use the computer. Most computer users are familiar with tactics that exploit network vulnerabilities such as viruses, worms, and Trojan horses, but few are familiar with techniques such as social engineering and phishing scams, also known as "Spear Phishing."

Social engineering is a form of intelligence-gathering by people who want to disrupt or cause damage to network resources. Trickery techniques to obtain information may consist of talking, listening, looking and/or passing themselves off as something else. 

Spear phishers send e-mails that appear genuine to employees or members within a certain company, government agency, organization, or group. Whereas traditional phishing scams are designed to steal information from individuals, spear phishing scams work to gain access to organization-specific information for strategic advantage or fraud. 

"Information is a resource used for decision making and we must maintain good EMSEC (Emission Security) and OPSEC (Operational Security) to protect our valuable resources," said Sergeant Wheeler. 

Maintaining control of government e-mail accounts will help protect members and Air Force assets. The 39th Communications Squadron switched Outlook accounts from using HTML to plain text on July 19 in an effort to provide security benefits to base users.

"Someone can send a message with malicious code embedded in the HTML itself," said Staff Sgt. Emanuel Borbon, 39th CS Base Computer Security manager. "As soon as you open the e-mail it would automatically affect your computer."

Users still have the option to switch back to HTML, but should only do so if they are positive the e-mail is safe. Sergeant Borbon said that the new plain text look should be the only thing users notice as a result of the transition. Other behind-the-scenes changes, which shouldn't be noticeable to the users, are being made by the U.S. Air Forces in Europe Network Operations and Security Center.

Another form of security users don't notice is the added protective measures taken by the 39th CS once you've gone home after a shift. When it is time to turn off your computer and close up shop at the end of a shift, shutting down the computer is a step to be avoided.

"You should always log off at the end of your shift, leaving your computer on to receive security patches 24/7," said Sergeant Wheeler. To go along with the energy conservation efforts, she also recommends turning off the monitor.

Incirlik Client Support Administrators leave you with the following tips for computer security: contact the e-mail originator for validation before opening attachments from unknown or unfamiliar sources and never discuss sensitive information over an unclassified computer.