by Tech. Sgt. Mark R. W. Orders-Woempner
434th ARW Public Affairs
7/13/2013 - GRISSOM AIR RESERVE BASE, Ind. -- Using
a new capability, the Air Force is cracking down on the unencrypted
transmission of protected information and violators could find
themselves locked out and in hot water.
Recently, the Air Force started using technology that specifically looks
for protected critical unclassified information in emails sent from
government to commercial servers without encryption.
This includes information that is For Official Use Only, protected under the Privacy Act of 1974,
contains usernames or passwords, and sensitive personally identifiable
information. Examples of PII can be found at the bottom of this article.
"The Air Force is utilizing its full capabilities to protect its
members' personal information by actively scanning emails for
violations," explained Maj. Ulric Adams Jr., 434th Communications
If unencrypted or unprotected PCUI information is sent and detected, a
user will be locked out of their account, must re-accomplish their
information assurance training and have the first colonel in their chain
of command write a letter to the 24th Air Force to reestablish the member's account.
The 24th AF establishes, operates, maintains and defends Air Force
networks to ensure warfighters can maintain the information advantage as
U.S. forces conduct military operations around the world.
"This new capability isn't meant to prevent such information from being
sent when necessary, but helps ensure it's properly protected when
sent," said Dan Harshman, 434th CS operations flight director.
"The point is, you cannot send any of that information outside the
government system without protecting it," Harshman continued. "And, even
if you do send it within the .mil domain, you still need to protect it
by signing and encrypting it."
If an email containing PCUI can't be encrypted, there are still ways of protecting it.
If an email sent to a military organization box or an account that
hasn't had the right security certificates posted, members can still
protect that information by using an approved encryption program that
communications focal point can provide, explained Harshman. He also said
certain documents, such as those composed in Microsoft Word, can also
be password protected as an acceptable form of protection.
And, while the current focus is on email systems, Airmen are reminded to protect PCUI in all cases.
"It's about general information security," said Harsman. "You want to
watch what you put out anywhere, whether it's email, on social media or
wherever, it's about protecting that information."
According to Harshman, generally, when any two sensitive PII elements
are associated in unencrypted correspondence, there may be a possible
PII breach. PII breaches are reported to the Air Force PII manager at
the Air Force Reserve Command and the Pentagon
through the base Privacy Act manager, so it's important to know what
information is considered sensitive PII. Below are some examples:
- Names and other names used
- Social Security numbers, including full and partial
- Driver's license and other identification numbers
- Citizenship, legal status, gender, race and ethnicity
- Birth date and place of birth;
- Home telephone and personal cell phone numbers
- Personal email addresses
- Mailing and home addresses
- Religious preference
- Security clearance
- Mother's middle and maiden names
- Spouse information and marital status
- Dependent and child information
- Emergency contact information
- Financial information
- Medical and disability information
- Law enforcement information
- Employment information
- Educational information
- Military records