JOINT BASE SAN ANTONIO-LACKLAND, Texas –
Inspectors from the Defense Information Systems Agency will visit Joint Base San Antonio-Lackland Jan. 7, 2013 to conduct a Command Cyber Readiness Inspection, which evaluates the base community's cyber security posture.
This inspection is mandated by Department of Defense security standards to ensure Air Force networks are effectively secured.
As part of the five-day inspection, the DISA team will evaluate network and physical security, validating network infrastructure perimeter defense, wireless technologies, and the client systems vulnerability status. Inspectors will also validate compliance with information assurance polices, as well as the base community's ability to provide security for its unclassified and classified computer systems.
Deficiencies highlighted during previous inspections have resulted in the Chief of Staff of the Air Force directing the restriction or disconnection of base networks from the Global Information Grid, or GIG.
"The GIG is a set of information capabilities for collecting, processing, storing, disseminating, and managing information on-demand to war-fighters, policy makers, and support personnel," said Lt. Col. Glenn Garay, commander of the 802nd Communications Squadron. "Due to the potential outcome of this assessment, we need all commanders and their units to take a personal interest in the CCRI."
"This is a major inspection performed biennially and its success depends on the level of attention base personnel pay to cyber security," said Maj. Kelly Roxburgh Martinez, commander of the 690th Intelligence Support Squadron.
"Taking steps such as removing our common access cards from computers when we leave our desks, not downloading email attachments from unknown senders, protecting passwords and personal identification numbers, not using unauthorized Universal Serial Bus (USB) devices, challenging unfamiliar people in the work area and making sure visitors are provided escorts when necessary are all actions we should be performing daily," said Ramiro Tey, chief of the 802nd CS Operations Flight. "We must also ensure laptops are on the network in order to be scanned and patched for vulnerabilities on a regular basis."
"The CCRI is a significant inspection and failure is not an option. An unsatisfactory rating would result in our networks being disconnected from the GIG. This inspection impacts us all, and this means we need a total-force effort to succeed," said Garay.
The DISA inspection team will visit locations throughout the base, and may employ social engineering and phishing techniques such as attempting to get access to secure areas, pursuing users to provide information such as passwords or logons, and sending emails with links and attachments that are not digitally signed to test the cyber awareness of JBSA-Lackland personnel.
"Personnel must know their unit information assurance officer, not just for the inspection but at all times," said Garay. "The unit information assurance officer is our first contact in regards to security issues. Personnel should work through them because they know base security policies and can answer their questions."
Officials with the 802nd CS said that in accordance with Air Force Instructions, protecting against threats and vulnerabilities on information systems is a user's responsibility.
"We must be vigilant, pay attention to details and be aware of the potential consequences associated with carelessness," said Tey.
Preparations for the CCRI are well underway at the 802nd CS. The unit, in conjunction with the 690th ISS, conducted two informational meetings with base client support technicians and functional system administrators in August 2012 to ensure personnel have the tools necessary to protect systems against any known vulnerabilities within their organizations.
Airmen from the 802nd CS and 690th ISS also are constantly scanning unclassified and classified networks, respectively, to ensure system vulnerabilities are identified and corrected, and systems are running authorized configurations and applications.
People with questions about the CCRI, can call Terence Frankland at 210-925-CCRI (2274) for assistance.