Beware of IT “DIY” on Base

  • Published
  • By Billie Smith
  • 88th Communications Group

WRIGHT-PATTERSON AFB, Ohio --  Do you work with information technology (IT)?  Are you a “Do-It-Yourselfer” (DIYer)?  Maybe you’re the “go to” person in your unit to solve IT problems?  Or maybe you’re the person who authorizes, or procures, IT purchases and services? 

IT is integrated in our daily lives to the point where anyone, armed with a few questions and Google, can solve their own IT problems, which is great for the home environment.

But on a DoD installation you can quickly get in over your head with a well-intentioned IT DIY project if you forget to consult your local, friendly cyber organization.  At the 88th Communications Group, we want you to have an amazing cyber experience and your mission accomplishment and assurance are important to us.  We can help you make sense of the maze of architecture guidelines, cyber security, spectrum, authorized procurement channels, and many other requirements and mandates in existence.

What can go wrong?  Plenty…especially in these fast evolving times of cyber security!  Here are some examples:

- Equipment and/or software:  There are plenty of companies that will sell you products and may promise superior technical capabilities, ie. Computers, routers, printers, etc.  Purchasing these or getting them from a donor without prior base coordination and approval will lead to wasted funds and time, and you’ll end up with items you won’t be able to install because they’re not authorized for use. Additionally, it may actually put you in violation of public law because your purchase wasn’t through a trusted supply chain.  Even after clearing this hurdle, there’s still the need to configure the device in accordance with mandatory DISA STIGs (security technical implementation guides) so it can operate on the network securely.

- Introducing radio frequency (RF) interference:  Without the advice and consultation of the Installation Spectrum Managers, purchasing and operating RF-emitting equipment (such as certain routers and cell phone products) can violate Federal Communications Commission regulations.  Additionally, these devices provide additional attack vectors for hackers to pilfer DoD data.  By definition, anything that connects to a network is hackable.

- Loss of sensitive, classified, or intellectual property/data:  Unauthorized software installations can introduce vulnerabilities into the network allowing an adversary to slowly steal your unit’s mission data without your knowledge.  Government information requires different types of protection compared to that for Fortune 500 companies or your home. These companies will gladly sell you their products for their bottom line, not for yours.

- Network bandwidth “hogging”:  Without knowledge of the complete cyber operating environment, certain software, hardware, and/or cloud services can saturate network traffic.  Since the AFNET is a shared resource with finite bandwidth, all missions would then slow to a crawl.

- VTC Systems:  In the last decade of tight budgets, units have taken advantage of VTC systems instead of traveling.  Most modern VTC systems operate on networks and have tremendously improved video quality over their predecessors.  However, most customers don’t realize these must be procured through appropriate channels as well.  Additionally, they must also be configured in accordance with mandatory DISA STIGs, and kept compliant, in order to keep the network secure and intruders out.

How can you help?

Simple!  Just contact the 88 CG Projects office before proceeding with any IT plans, initiatives, or expenditures.  Our central mission is to provision products and services while ensuring the security and performance characteristics of all systems.  We’ll guide you through the process to help ensure your requirement meets your needs, is ordered through compliant channels, protects your unit’s information, and maintains the integrity, security, and availability of the entire infrastructure to handle new demands.  

For more information or assistance with IT projects, contact the 88 CG Projects section Chief, Chris Dunham, at 257-2548, or email at Requirements.Mgrs@us.af.mil