by Tech Sgt Vernon Cunningham
JBER Public Affairs
8/12/2015 - JOINT BASE ELMENDORF-RICHARDSON, Alaska -- "Our
job is to prevent the compromise, loss, or unauthorized access of
information regardless of physical form or characteristics over its life
cycle," said Mark Meyer, 673rd Air Base Wing Information Protection
Office chief. "Social security numbers, passwords and personal
information ... those are the things the bad guys want so they can break
into your bank accounts and personal affairs to ruin your credit
The 673d ABW IPO serves to integrate, maintain and improve Joint Base
Elmendorf-Richardson's Air Force collective policies, processes and
implementation of risk management to protect information, said Meyer.
"[Information protection] starts with information and industrial
security," said Richard Smith, 673d IPO security specialist.
"Guidelines for protection and access to information are created by
establishing protection measures so people can't get to the
Smith said the concept of physical protection is established by putting
the information in appropriate containers. Then the procedures for
protecting that particular container are followed.
Myers said an example would be if an evaluation report had social a
security number typed on it. That document would be secured in a folder
labeled as privacy act material. Then the procedures for securing
privacy act material would be followed, which means it needs to be
locked in a drawer or an individual needs to secure it and control
access to the document, he said.
In addition to physical protection, access to the information is
restricted by IPO's strict security clearance procedures. Security
clearances are initiated after determining the level of access personnel
in each position will need to have in varying degrees from
non-sensitive, to sensitive and critical.
"Not only do we initiate clearances, but we have a continual evaluation
program," said Meyers. "There is a periodic review every 10 years or 5
years. That's when we check them again. Then there is a continuous
evaluation; if somebody has an incident or an event that warrants
looking at, we look and take it into consideration. It could be
unexplained finances, a warrant, an affair or something that just
doesn't seem right. We continuously evaluate all the time."
Meyers said once the protection is established, IPO still has to make sure everyone complies.
Personnel at JBER are given constant reminders on how to secure their
information. Because of the scope of their responsibility, IPO uses
activity security managers to serve as liaisons and help reach each
individual within a unit.
"We offer ASM training at least every 90 days per AFI," said Meyers.
"However, we give one-on-one training for area security managers all the
time, since we get daily updates from Secretary of the Air Force and
Once the ASMs are trained, IPO sends continual requirements to the units to reinforce information safety.
"There is initial training that happens when they first get to their
unit," said Smith. "There is also refresher training conducted
annually. Right now, they get most of their refresher training through
the Advanced Distance Learning System. But we routinely provide
security managers with up-to-date training tools and information for
them to distribute to their unit personnel. Plus we send out messages
to the units. So, it's kind of routinely funneled down and
[peer-to-peer] in addition to the required refresher training."
Meyers said they do, however, still process security incidents that could have been prevented.
"The biggest cause of our security incidents is people who walk into
classified areas with cell phones," said Meyers. "You can't have any
personal electronic device in that environment. That includes Fit Bit,
phone, Wi-Fi or Bluetooth device of any kind, etc...you can't have it."
Meyers said IPO sees a common factor present in many of their security incidents.
"Attention to detail," said Meyers. "Ensure all classified is accounted
for and secure before closing and locking containers. Spin the dial
[on your container] and verify that handles are locked. Those two and
cell phones are our biggest challenges. Everyone has to pay attention."
A common type of information that needs protecting is personally
identifiable information, usually referred to as PII. Typically this
type of data is shredded and, according to 673rd Communications
Squadron, strip shredders are no longer allowed, Myers said.
This is data which can be used to distinguish or trace an individual's
identity, such as their name, social security number, date and place of
birth, mother's maiden name, biometric records, or any other information
which is linked or linkable to a specified individual, Meyers said.
Myers suggested people be careful where they leave their personal cell
phones. There is typically so much personal information on a phone that
if it doesn't have a firewall or adequate protection built in, people
can get access to sensitive information, he said.
IPO serves as one of the leaders in securing all our data and avoiding
unwanted distribution of personal information for JBER personnel. This
is the IPO mission and they take it seriously.
"38 years ago when I started my career, it was said that information is power," said Meyer. "It still holds true today!"