Why can’t I plug my cell phone into my office workstation or install my handy applet on my office computer? With global cybersecurity threats by multiple organized threat actors, our behaviors provide a first line of defense in protecting our warfighters and supporting mission effectiveness with the least possible cybersecurity risk.
With the massive increase in new technologies, it is tempting to immediately start using new technologies, or to quickly perform a personal task using office technology during the work day. We sometimes think that we can do things just this once or that Department of the Navy IT policy delays my mission. These thoughts and actions open a window for our enemies to pounce.
According to Symantec’s 2015 Internet Security Threat Report, there were more than 317 million new pieces of malware created in 2014, which translates to nearly 1 million new threats released each day. The report points out that the top five zero-day vulnerabilities of 2014 were actively used by attackers for a combined 295 days before patches were available. While many of the vulnerabilities have minimum impact, they redirect security resources from larger impact, high priority security issues.
Using DON IT for anything other than the intended purpose can affect our ability to secure our environment, accomplish our mission, and maintain public trust in our organization. For example, using a Department of the Navy email account to register at a non-official web-site may misrepresent the DON and open opportunities for phishing scams; streaming music may slow the network down and create delays for those using the network to perform their mission; and using or installing unauthorized software may provide an entry point for an adversary.
Along with good configuration management, expedient patching, strong password security, and other best practices, it is our individual responsibility as DON military, civilians, and contractors, to use DON IT in an acceptable manner.
The DON Chief Information Officer recently updated the “DON Acceptable Use of Information Technology” and expects to publish the update shortly. The policy covers email practices, social media use, partisan political activity, handling controlled unclassified information, and many other topics.
To ensure the most effective cyber defense, we must remain vigilant in following good cybersecurity practices and safe, legal, and effective use of information technology.
Darcee Branham is a Project Management Professional (PMP), Certified Information Systems Security Professional (CISSP) and Certified Ethical Hacker (CEH), and member of the Cybersecurity Team in the office of the DON CIO.
Visit the DON CIO website for more information: www.doncio.navy.mil/