081203-N-2147L-390 NORFOLK, Va. (Dec. 3, 2008) Sailors on the watch-floor of the Navy Cyber Defense Operations Command monitor, analyze, detect and defensively respond to unauthorized activity within U.S. Navy information systems and computer networks. (U.S. Navy photo by Mass Communications Specialist 1st Class Corey Lewis/Released)
By Mass Communication Specialist 2nd Class(SW) Christopher Koons, Naval Network Warfare Command Public Affairs NORFOLK (NNS) -- A variety of speakers talked about ways to defend against today's cyber threats during Naval Network Warfare Command's (NETWARCOM) mandatory network security training, Feb. 23, at Naval Amphibious Base Little Creek's theater.
The Chief of Naval Operations has directed all Navy activities to conduct a network security training and awareness day no later than Feb. 28. He mandated the training in response to recent security incidents on Navy computer networks.
"The nature of the threats we've faced has changed in the 22 years I've been in the Navy, so we have to find ways to mitigate the new cyber threats we face today," said Chief Warrant Officer Sheldon Malone, NETWARCOM's information assurance manager.
At the training session, Malone discussed the main components of computer security and why each is important.
"We guarantee smart users through training, just like we learn the alphabet in school," he said. "We have people, processes and technologies in place to implement our defense processes. It is an all-hands responsibility."
There are basic steps each user must take to be aware of how to detect and defeat cyber threats, Malone explained.
"Everyone has to complete their annual information assurance training," he said. "Unauthorized e-mail accounts can open up the system to hackers--so avoid them. You need to keep your system password secure and not write it down where it can be easily seen and you should not tell others what it is. Make sure that when you leave your work space, you pull your CAC (Common Access Card) out of your machine."
Malone also gave advice on network behaviors that should be avoided.
"You must not go to porn sites, send chain letters, solicit goods, attempt to bypass access controls, introduce unauthorized hardware or software, use personally owned software, upload executable files or introduce malicious software or codes into the network," he said.
Kevin Williams, NETWARCOM's information assurance manager, discussed the handling of removable media. He pointed out that thumb drives have recently been banned, but that CDs, DVDs, and government authorized external hard drives are still allowed.
According to Freddie Blaser, who is in charge of NETWARCOM's information assurance services, computer safety at home includes following basic steps such as: Installing anti-virus software, using care when reading e-mails and attachments, installing firewall programs and making backups of important files and folders.
Christina Harper, NETWARCOM's information assurance support representative, talked about the importance of securing personally identifiable information (PII) that is stored on laptops and other electronic devices.
"If you are handling PII, you must make sure it's not in open view and do not share it with someone who doesn't need access to it," said Harper. "Do not store it to a shared drive, and you must encrypt it if you send it over your e-mail. Never leave it unattended."
Seth Gang, NETWARCOM's identity protection and management manager, talked about the importance of securing CACs, which allows personnel to have a cryptographic log-on to the network.
"You must have physical possession of your CACs at all times," said Gang. "It doesn't matter what you are doing; if you go to the grocery store, or you are in your home, it must always be in your possession."
Gang also talked about the importance of digitally signing e-mails, now done automatically for all e-mails sent out from NMCI.
"You should only trust e-mails that have a digital signature on them," he said. "It lets you know that it came from a DoD-authorized source."
Rear Adm. Edward H. Deets, III, NETWARCOM's vice commander, summed up the importance of guarding against the dangers posed in today's cyber environment.
"We have to be as aware of the threats and inherent risks of our information systems as we would of the responsibilities we have when we go aboard a ship and engage in damage control," Deets said. "We have to make people understand why network security is important and ensure that we maintain our edge by not giving it up to somebody else."
Commands, Navy-wide, are in the process of meeting the Feb. 28 deadline for training compliance. One of those commands is U.S. 2nd Fleet, whose Commander, Vice Adm. Melvin G. Williams, Jr., has stressed the importance of keeping Navy computer networks safe from enemy attack from a fleet perspective is critical.
"At the operational level of war, our networks are essential to command and control effectiveness from our maritime operations centers," Williams said. "The readiness and security of these networks is critical, and helps to ensure strategic-to-tactical level war fighting alignment. It is the responsibility of all hands to maintain the high standards necessary to keep our networks secure."
For more news from Naval Network Warfare Command, visit www.navy.mil/local/nnwc/ .