Science and Technology News

Tuesday, July 16, 2013

Air Force cracks down on protected information

by Tech. Sgt. Mark R. W. Orders-Woempner
434th ARW Public Affairs


7/13/2013 - GRISSOM AIR RESERVE BASE, Ind. -- Using a new capability, the Air Force is cracking down on the unencrypted transmission of protected information and violators could find themselves locked out and in hot water.

Recently, the Air Force started using technology that specifically looks for protected critical unclassified information in emails sent from government to commercial servers without encryption.

This includes information that is For Official Use Only, protected under the Privacy Act of 1974, contains usernames or passwords, and sensitive personally identifiable information. Examples of PII can be found at the bottom of this article.

"The Air Force is utilizing its full capabilities to protect its members' personal information by actively scanning emails for violations," explained Maj. Ulric Adams Jr., 434th Communications Squadron commander.

If unencrypted or unprotected PCUI information is sent and detected, a user will be locked out of their account, must re-accomplish their information assurance training and have the first colonel in their chain of command write a letter to the 24th Air Force to reestablish the member's account.

The 24th AF establishes, operates, maintains and defends Air Force networks to ensure warfighters can maintain the information advantage as U.S. forces conduct military operations around the world.

"This new capability isn't meant to prevent such information from being sent when necessary, but helps ensure it's properly protected when sent," said Dan Harshman, 434th CS operations flight director.

"The point is, you cannot send any of that information outside the government system without protecting it," Harshman continued. "And, even if you do send it within the .mil domain, you still need to protect it by signing and encrypting it."

If an email containing PCUI can't be encrypted, there are still ways of protecting it.

If an email sent to a military organization box or an account that hasn't had the right security certificates posted, members can still protect that information by using an approved encryption program that communications focal point can provide, explained Harshman. He also said certain documents, such as those composed in Microsoft Word, can also be password protected as an acceptable form of protection.

And, while the current focus is on email systems, Airmen are reminded to protect PCUI in all cases.

"It's about general information security," said Harsman. "You want to watch what you put out anywhere, whether it's email, on social media or wherever, it's about protecting that information."

PII Examples:

According to Harshman, generally, when any two sensitive PII elements are associated in unencrypted correspondence, there may be a possible PII breach. PII breaches are reported to the Air Force PII manager at the Air Force Reserve Command and the Pentagon through the base Privacy Act manager, so it's important to know what information is considered sensitive PII. Below are some examples:

- Names and other names used
- Social Security numbers, including full and partial
- Driver's license and other identification numbers
- Citizenship, legal status, gender, race and ethnicity
- Birth date and place of birth;
- Home telephone and personal cell phone numbers
- Personal email addresses
- Mailing and home addresses
- Religious preference
- Security clearance
- Mother's middle and maiden names
- Spouse information and marital status
- Dependent and child information
- Emergency contact information
- Biometrics
- Financial information
- Medical and disability information
- Law enforcement information
- Employment information
- Educational information
- Military records

No comments:

Post a Comment