HomeNewsArticle Display

Information Assurance: it’s everyone’s responsibility

  • Published
  • By Brandice J. Armstrong
  • Tinker Public Affairs
TINKER AIR FORCE BASE, Okla. --  Securing systems on Tinker's network is of the utmost importance to the 72nd Air Base Wing ABW Communications Directorate.

After a network is registered, certified and accredited, a level of security is determined. Maintaining it and protecting the network from outside cyber threats is a top priority for the communications directorate's information assurance officers and is accomplished in several ways.

Some of the programs the information assurance officers oversee and manage to ensure our Tinker's systems stay secure are the Department of Defense's 8570 Information Assurance workforce improvement program, the Telecommunications Monitoring and Assessment Program, the computer security program, the information assurance assistance and assessment program, support to organizational Information Assurance Officers and most common to all users, the annual Information Assurance training.

"We're the defenders of the network," said Laurence Langlois, communications directorate alternate IA officer. "That's why we have the armor."

The armor is the tools each and every network user applies to protect the network - CAC removal, smart e-mail retrieval, IA training, etc. A key piece of that armor is, of course, ensuring all users are trained in how to identify and respond to potential threats. This is where the annual DOD Information Assurance training comes into play.

"We just want users to know why they are asked to take IA training, certification and about the overall importance of securing the network," Mr. Langlois said. "Information Assurance is everyone's responsibility."

The armor Mr. Langlois spoke of are tools and processes he and Thomas Tucker, primary IA officer, use to protect the network utilized by 26,000 on-base personnel.

"With that many users it's impossible for us to keep track of what everybody's doing," Mr. Tucker said. "There's just not enough time in the day."

To simplify such an enormous task, several duties are delegated to Unit IA Officers which are the eyes and ears at the unit level. They ensure users complete their annual obligatory computer IA training and are their units focal point is to the host wing IA office.

Prior to the implementation of the annual computer-mandated IA training, Mr. Tucker and Mr. Langlois tried to train the unit officers in person, who were supposed to pass the information to their peers. But, only half of the IA officers were attending training due to mission requirements. Since turning to the computer-based system, nearly 95 percent of all Tinker's IAOs are trained.

Unit IA officers also make sure users agree to the Department of Defense policies before logging on to the network. It's an Air Force Materiel Command requirement as of May 2009.

"Any personnel accessing the network must have the user's agreement on-hand and signed," Mr. Tucker said. "That turned out to be quite a challenge when we had to verify that 26,000 users completed the agreement."

But, it worked out and Mr. Tucker and Mr. Langlois actually improved the process.

Now, when an individual gets an account and logs on for the first time, they are prompted with the pop-up, stating what is acceptable. In order to continue with the log-on process, a user must agree to the terms.

"And if they don't sign it at that time, their access to the network is automatically turned off until they contact the help desk or us who can help them through the process," Mr. Tucker said. "That is a great improvement over having to do everything manually."

"When you sign the form, it automatically goes to the database and there's no need to contact the host wing IA office or unit IAOs. That made our lives much easier," Mr. Langlois said.

Mr. Tucker and Mr. Langlois also oversee the security of personal electronic devices, such as blackberries and cell phones. But, they said they encourage individuals to be accountable for their actions and use government cell phones and blackberries for official business.

"In the event a personal electronic device is involved in a security incident, the equipment will be confiscated and destroyed without reimbursement," Mr. Tucker said.