Summer inspection to test cyber readiness

  • Published
  • By Kevin King
  • 88 Communications Group
WRIGHT-PATTERSON AIR FORCE BASE, Ohio --  During the week of Aug. 11, the Defense Information Systems Agency (DISA) will conduct a Command Cyber Readiness Inspection (CCRI) of Wright-Patterson AFB unclassified and classified networks, standalone computers, classified processing areas, communication closets and organization-specific systems.

DISA is responsible for the operation and protection of the Department of Defense Information Network (DoDIN), which provides Wright-Patterson AFB connectivity to other bases and agencies, as well as the Internet. During the inspection, DISA evaluates the cyber readiness of the base networks and all its users. If the base does not meet DOD standards, DISA could disconnect Wright-Patterson AFB from the DoDIN, and all users would lose connectivity outside the base.

Much of the inspection is technical in nature. DISA scans systems for vulnerabilities and reviews documentation and procedures for compliance. The 88 Communications Group is leading the base preparation on gathering information on networked systems, and specifically, those applications and systems owned by Program Management Offices (PMOs) Since PMO systems were not included in previous CCRIs, they will have a significant impact on scan results. Additionally, client server technicians and information assurance officers (IAOs) already are ensuring all systems are patched and properly configured to reduce the number of vulnerabilities.

In addition to the technical inspections, an important part of the inspection will involve DISA teams visiting Wright-Patterson AFB host and tenant organizations to verify information protection compliance. During these visits, DISA focuses on areas housing classified systems. However, as they walk through buildings to reach these areas, they will observe general information protection and information assurance practices and may stop to ask questions of personnel they encounter. Each individual's cyber readiness is just as important as a system's readiness.

How to be cyber ready
Know your organization's IAO and security manager.
Do not leave your common access card or SIPRNet token unsecured. You are responsible for any misuse of your card.
Reboot your desktop/laptop daily. If a co-worker is away for a few days, reboot their computer, too. This allows for patching to close vulnerabilities.
If you have an office laptop, ensure you regularly connect it to the Wright-Patterson AFB network for updates.
Mark and properly store documents and other media.
Know when and how to encrypt and digitally sign messages.
Protect passwords and personal identification numbers (PINs).
Do not connect unauthorized devices, such as cell phones, tablets, USB drives, etc., to work computers.
Know what to do if a security incident, such as a virus or classified messaging incident occurs. Use the WRIGHTPATTERSONAFBVA 33-1 "Stoplight Chart" as your guide.
Report improper or unusual system behavior to your IAO.
Prevent shoulder surfing. Immediately contact your security manager and IAO if your classified display is visible from any windows, doorways or other openings.
Guard against, and immediately report classified messaging incidents or other data spillages. Pay close attention to document markings, especially if you work with classified information.
Keep wireless devices away from classified areas and systems.

This is not an inspection on the 88 CG; it is an inspection of the entire installation, to include all missions and all employees. The 88 CG, 88 Air Base Wing Information Protection Office, and 83 Network Operations Squadron Det. 3 are leading the CCRI preparation, but they need each organization and each employee to fully prepare as well.

Users are the most critical part in maintaining the security of base systems and information. For this inspection, the work force's cyber readiness could decide whether Wright-Patterson AFB passes and remains connected to the DoDIN or fails and loses the connections it needs to accomplish its various missions.

For questions about information assurance or information protection, contact your organization IAO or security manager, or contact the 88 CG CCRI team at 88cg.scxs.88wiaoccri@us.af.mil.