Take precautions to fight against hackers

  • Published
  • By Lt Col James Trachier
  • 60th Communications Squadron commander
TRAVIS AIR FORCE BASE, Calif. --  Technology has simultaneously expanded our horizons while making the world a smaller place. Online movie streaming are now available and real-time video conversations with a distant loved ones can occur through cyberspace.

Many people enjoy the convenience of online banking and shopping. The advent of smart phones has created the expectation of persistent connectedness among what scholar Marc Prensky calls digital natives: those who spend twice as much time playing video games and four times as much watching TV as they do reading.

For all the benefits technology brings, we must remain mindful of its limitations as well.

Although media reports of computer error abound, in truth these systems always behave exactly according to the way they're designed. The error lies therefore not with the machines, but rather with the human beings who design and program them. Such shortcomings are manifest not only in the frustrating "blue screen of death" we've all encountered periodically, but in far more sinister fashion also in cyber vulnerabilities. In other words, the need for profitability requires computer programmers and network communications protocols designers to spend the vast majority of their time and effort on what they need their code to do, and comparatively little on ensuring it does not do something unwanted.

Settling for a less robust product at lower cost creates opportunities for the patient, talented and determined hackers. Hackers ply their trades in the digital margins. They find small flaws in predicted software behavior that allows them to control a computer's processes.

Commercially available firewall and anti-malware products are sufficient protection against most threats, but always remember such products are mainly reactive in nature, they are largely lacking in the predictive capability to adapt to new threats in real time.

It is this reason that Air Force networks and workstations are locked down. Giving each user administrative rights to his or her duty computer would entail giving those same rights to every piece of software that user accesses -- whether or not the user is aware of such access.

For example, spear-phishing campaigns -- in which tailored, legitimate-looking emails encourage the recipient to open an attachment or click on a link in the course of their official duties -- are a popular attack vector to steal money and to steal information. This is why the Department of Defense requires all members to complete information assurance training annually.

Your training certificate is like your driver's license. It lets you onto the network, but violate the rules by visiting restricted websites or plugging in unauthorized hardware and your license can be revoked. For example, while thumb drives are convenient, they are not allowed on military networks in most cases.

All Airmen should also practice good cyber hygiene when off duty by maintaining awareness of what data they upload and download. Passwords, like toothbrushes, work best when changed frequently--and should never be shared. A GPS-tagged photo might give location information to an adversary, which happened in 2007 when several Army AH-64 Apache helicopters were destroyed by insurgents who determined the helicopters' exact coordinates from a photo uploaded by an Army soldier deployed to Iraq.

As National Cyber Security Month draws to a close, remember that security and usability are at opposite ends of the same spectrum; while disconnecting a computer from the network makes it more secure, it also greatly decreases its utility. Cyber security is ultimately about finding the proper balance between these two goals so that Airmen can accomplish their mission without inviting into our networks those things that go bump in the darkness of cyberspace.