by Maj. Brooke Brander
Air Force Space Command Public Affairs
1/3/2014 - PETERSON AIR FORCE BASE, Colo. -- More than one
month after Air Force Space Command's implementation of lock-out procedures for
individuals found to have inappropriately transmitted Personally Identifiable
Information, PII breaches still remain a significant issue.
While the average number of daily incidences of PII breaches
have decreased there is still a lot of work to be done to prevent future PII
incidents, said General William L. Shelton, Commander of Air Force Space
Command.
"We've all got to work harder to eliminate PII
violations," said General Shelton. "In November more than 5,000
individuals were affected by a single PII breach. PII that is not properly
protected becomes vulnerable to interception by an adversary. That creates the
risk of the information being used to target individual users to gain their
credentials and potentially gain access to our networks. From an individual
perspective, it can also lead to identity theft. We can't stand the network or
the personal consequences, so we must stop PII breaches on the AFNet."
During the six month period from May-October the Air Force
averaged approximately 3.3 reports affecting 1935 members per day. Since
launching the new policy and process, that average has dropped to approximately
2.7 reports affecting 991 members per day.
"The most common violations we are seeing are people
transmitting personnel rosters from .mil to .com addresses and vice
versa," said Col. Douglas Coppinger, 67th Cyberspace Wing vice commander,
the wing whose mission encompasses the detection of PII breaches. "While
quite often these breaches are not of malicious intent, we need to better
educate our Airmen on the protection of this type of information."
One tool available for protecting information is provided by
the Software Protection Initiative established by the Under Secretary of
Defense for Acquisition, Technology and Logistics in December 2001. The SPI has
the mission of marginalizing a threat actor's ability to steal and exploit
critical Department of Defense intellectual property found in application
software. The tool they provide here can encrypt for transmission outside of
the AFNet, when the mission dictates that necessity.
Users have multiple tools at their disposal to protect PII
if encrypting e-mail is not feasible, but electronic transmission of Sensitive
PII is operationally required. Users can leverage approved DoD file exchange
services, file encryption wizards, or simply using Microsoft Office password
protection.
"Once personnel understand what information can be sent
home and how to protect it, this provides Airmen clear lanes in the road they
can follow, and provides commanders the framework to properly address
infractions of those set rules," said Coppinger.
Continuing force-wide education on the protection of
electronic information is a top priority for AFSPC and those responsible for
protecting the AFNet.
"We are working with leaders across the Air Force to
educate and address PII breaches," said Major General J. Kevin McLaughlin,
24th Air Force commander. "As the technology we use to protect the Air
Force Network improves, we have gained better visibility of information
crossing through and leaving the network. As a matter of fact, we already
detect 100 percent of all pieces of PII crossing through the AFNet. What we're
doing now is making a concerted effort to hold people accountable, helping to
ensure all AFNet users are handling this important information properly."
The AFSPC lock-out procedures were put in place based upon
AFSPC's responsibility to operate and defend the AFNet and each individual
user's responsibilities that comes with access to the network. AFMAN 33-152,
User Responsibilities and Guidance for Information Systems, requires special
handling for PII data.
AFNET users should contact their unit Privacy Manager as
well as refer to Air Force Instruction 33-332, The Air Force Privacy and Civil
Liberties Program for additional information on safeguarding PII.
Posts
No comments:
Post a Comment