View
9
Download
0
Category
Preview:
Citation preview
Headquarters Air Mobility Command
UNCLASSIFIED
Unrivaled Global Reach for America … ALWAYS!
AMC/A6XS
DSN 779-6298
October is
National Cyber Security Awareness Month
Week 3 (16-20 October):
Today’s Predictions for Tomorrow’s Internet
UNCLASSIFIED
UNCLASSIFIED
Unrivaled Global Reach for America … ALWAYS!
“Your sensitive, personal information
is the fuel that makes smart devices
work. It is critical to understand how to
use these cutting-edge innovations in
safe and secure ways.”
UNCLASSIFIED
UNCLASSIFIED
Unrivaled Global Reach for America … ALWAYS!
“INTERNET OF THINGS” RISKS
Vehicles: Bluetooth or infotainment systems allow hackers the ability to take control
of safety critical ECUs like its brakes or engine
Appliances: Each home device (thermostat, refrigerator, baby monitor, garage door,
and others) that can be connected to the Internet constitutes a “door to sensitive
information”
Wearables: Through protocols such as Bluetooth and Wi-Fi, hackers have the ability
to record video or audio files, and capture photographs & sensitive, personal data.
Home security SmartApps: can be remotely exploited to virtually make a spare
door key, inject fire alarms with false messages which lead to an alarm being set off,
and “vacation mode” being turned off while your away.
The scale of interconnectedness,
created by the Internet of Things,
increases the consequences of known risks
and creates new ones
UNCLASSIFIED
UNCLASSIFIED
Unrivaled Global Reach for America … ALWAYS!
WHO IS THE TARGET?
UNCLASSIFIED
UNCLASSIFIED
Unrivaled Global Reach for America … ALWAYS!
PROTECT YOURSELF
As Our World Becomes More Digitally Connected (Internet Of Things (IoT)),
Protect Yourself Through The Following Steps
Use passphrases: a series of random words or a sentence
• The more characters your passphrase has, the stronger it is. (contain 10-30 characters,
upper case & lower case characters, numbers & symbols)
*Never use the same passphrase create something that is easy for YOU to
remember
Use a different passphrase for every account or device you have
• for your work or bank account that you use for your personal accounts, such as
Facebook, YouTube, or Twitter * If you have too many passphrases to remember (which is very common), consider
using a password manager (a special program that securely stores all passphrases
for you)
Never share a passphrase
• Exception: only share your passphrase with a highly trusted family member, in case of
emergency, when your loved ones must require access to your critical accounts.
UNCLASSIFIED
UNCLASSIFIED
Unrivaled Global Reach for America … ALWAYS!
PROTECT YOURSELF, cont’d
Only log into accounts on TRUSTED computers or mobile devices• Do not use public computers, such as those at hotels or Internet cafes, to log in to
your accounts
Be careful of websites that require you to answer personal questions
• Use only information that is not publicly available (e.g. internet, Facebook) or
fictitious information you have made up * Select a theme such a movie character and base your answers on that character or,
again, use a password manager
If possible, use two-factor authentication (more than just a passphrase is
required to log in)
• Always enable and use these stronger methods of authentication *many online accounts now offer this form of authentication/verification
Close, delete or disable accounts that you are no longer using
UNCLASSIFIED
UNCLASSIFIED
Unrivaled Global Reach for America … ALWAYS!
TECHNOLOGY + CONVENIENCE
= REDUCED SECURITY
Technology provides a level of
convenience to our lives, but it,
also, requires that we share more
information than ever. The
security of this information, and
the security of these devices
is not always guaranteed.
UNCLASSIFIED
UNCLASSIFIED
Unrivaled Global Reach for America … ALWAYS!
Reporting Identity Theft
In cases of identity theft, you should do the following:
File a report with your local law enforcement agency. Even if your local police
or sheriff’s department doesn’t have jurisdiction over the crime (a common
occurrence for online crime which may originate in another jurisdiction or even
another country), you will need to provide a copy of the police report to your
banks, creditors, other businesses, credit bureaus, and debt collectors.
Contact one of the three credit bureaus to report the crime (Equifax at 1-800-
525-6285, Experian at 1-888-397-3742, or TransUnion at 1-800-680-7289).
Request that the credit bureau place a fraud alert on your credit report to
prevent any further fraudulent activity (such as opening an account with your
identification) from occurring.
Contact your bank and other financial institutions. Close any unauthorized or
compromised credit or charge accounts. Cancel each credit and charge card.
Get new cards with new account numbers.
UNCLASSIFIED
UNCLASSIFIED
Unrivaled Global Reach for America … ALWAYS!
Report Phishing
What is Phishing? The fraudulent practice of sending emails purporting to be from
reputable companies in order to induce individuals to reveal personal information, such
as passwords and credit card numbers.
US-Computer Emergency Readiness Team reminds users to protect against email
scams and cyber campaigns using the Ebola virus disease (EVD) as a theme.
Phishing emails may contain links that direct users to websites which collect personal
information such as login credentials, or contain malicious attachments that can infect
a system.
Users are encouraged to use caution when encountering these types of email
messages and take the following preventative measures to protect themselves:
1. Do not follow unsolicited web links or attachments in email messages.
2. Maintain up-to-date antivirus software.
3. Refer to the Using Caution with Email Attachments Cyber Security Tip for
information on safely handling email attachments.
4. Refer to the Avoiding Social Engineering and Phishing Attacks Cyber
Security Tip for information on social engineering attacks.
UNCLASSIFIED
UNCLASSIFIED
Unrivaled Global Reach for America … ALWAYS!
Little Rock AFBNETWORK INCIDENT REPORTING AID
OPSEC DO NOT DISCUSS/TRANSMIT CRITICALINFORMATION VIA NON-SECURE MEANS
STEP
1
STEP 2
STEP 3
STEP 4
STEP
5
A CMI is defined as a classified message that has been sent and/or received over an unclassified network. Classified Spillage is defined as any Classified information
discovered on a system of a lower classification.
STEP 1
STEP 2
STEP 3
PHISHING E-MAILS
COMPUTER VIRUSREPORTING PROCEDURES FOR USERS
NOTE: When reporting a suspected virus to your IAO and the COMM FOCAL POINT (CFP) ensure that you give the following information to the technician:
- Event Date and Time- Report Date and Time- Your name, telephone number, bldg, and organization
- Name of your IAO- Location of infected system(s)
Little Rock AFBNETWORK INCIDENT REPORTING AID
OPSEC DO NOT DISCUSS/TRANSMIT CRITICALINFORMATION VIA NON-SECURE MEANS
CLASSIFIED MESSAGE INCIDENT (CMI)CLASSIFIED SPILLAGE
REPORTING PROCEDURES FOR USERSA CMI is defined as a classified message that has been sent and/or received over an
unclassified network. Classified Spillage is defined as any Classified information discovered on a system of a lower classification.
STEP 1
STEP 2
STEP 3
COMPUTER VIRUSREPORTING PROCEDURES FOR USERS
NOTE: When reporting a suspected virus to your IAO and the COMM FOCAL POINT (CFP) ensure that you give the following information to the technician:
- Event Date and Time- Report Date and Time- Your name, telephone number, bldg, and organization
- Name of your IAO- Location of infected system(s)
DISPLAY/POST THIS AID NEAR
COMPUTER WORKSTATION
DISPLAY/POST THIS AID NEAR
COMPUTER WORKSTATION
STEP
1
STEP 2
STEP 3
STEP 4
STEP
5
STEP
1
STEP
2
STEP
3
Unit Security Manager (USM)
Information Assurance Officer(IAO)
Comm Focal Point (CFP) Extension: 987 – 2666 Opt. 2
Name:
PHISHING E-MAILS
STEP
1
STEP
2
STEP
3
Unit Security Manager (USM)
Information Assurance Officer(IAO)
Comm Focal Point (CFP)
CLASSIFIED MESSAGE INCIDENT (CMI)CLASSIFIED SPILLAGE
REPORTING PROCEDURES FOR USERS
Extension: 987 – 2666 Opt. 2
Ext:
Ext: Ext:
Ext:
Name:
Name:
Name:
STOP! DISCONNECT THE LAN CABLE.Discontinue Use
LEAVE THE SYSTEM POWERED UP.DO NOT click on any prompts, close any windows, or shut down the system.
If a message appears on the monitor of the affected system - WRITE IT DOWN!WRITE DOWN ALL ACTIONS that occurred during the suspected virus attack. (Did the virus come from an e-mail attachment, CD or DVD, diskette, etc..?)
REPORT IT IMMEDIATELY! Contact your unit’s Information Assurance Officer (IAO). The IAO will contact the COMM FOCAL POINT (CFP) at 987-2666 Opt. 2
STOP! DISCONNECT THE LAN CABLE of the affectedcomputer system(s) and/or printer(s)
SECURE affected system(s) and/or printer(s), maintain positive control. Store in a GSA-approved container or vault, or post a guard with the appropriate clearance.
REPORT INCIDENT IMMEDIATELY by secure telephone or in person to your Unit IAO. The Unit IAO will contact the Security Manager and COMM FOCAL POINT (CFP) located in building 988B.
* Do not report or discuss incident over unsecure line.
DO NOT REPLY, and never provide ANY information or click on any links!
Right click on email, click on Junk Email, then Add Sender to Blocked Senders List.
Delete all Junk Email from the Junk Email Box.
STOP! DISCONNECT THE LAN CABLE.Discontinue Use
LEAVE THE SYSTEM POWERED UP.DO NOT click on any prompts, close any windows, or shut down the system.
If a message appears on the monitor of the affected system - WRITE IT DOWN!WRITE DOWN ALL ACTIONS that occurred during the suspected virus attack. (Did the virus come from an e-mail attachment, CD or DVD, diskette, etc..?)
REPORT IT IMMEDIATELY! Contact your unit’s Information Assurance Officer (IAO). The IAO will contact the COMM FOCAL POINT (CFP) at 987-2666 Opt. 2
STOP! DISCONNECT THE LAN CABLE of the affectedcomputer system(s) and/or printer(s)
SECURE affected system(s) and/or printer(s), maintain positive control. Store in a GSA-approved container or vault, or post a guard with the appropriate clearance.
REPORT INCIDENT IMMEDIATELY by secure telephone or in person to your Unit IAO. The Unit IAO will contact the Security Manager and COMM FOCAL POINT (CFP) located in building 988B.
* Do not report or discuss incident over unsecure line.
DO NOT REPLY, and never provide ANY information or click on any links!
Right click on email, click on Junk Email, then Add Sender to Blocked Senders List.
Delete all Junk Email from the Junk Email Box.
LITTLEROCKAFBVA 33-2 (Per AFMAN 33-282)
RELEASABILITY: There are no releasability restrictions on this publication
LITTLEROCKAFBVA 33-2 (Per AFMAN 33-282)
RELEASABILITY: There are no releasability restrictions on this publication
UNCLASSIFIED
UNCLASSIFIED
Unrivaled Global Reach for America … ALWAYS!
DISPLAY/POST THIS AID NEAR
COMPUTER WORKSTATION
Network User “DO’s and DON’Ts”
Don’t connect privately-owned media orpersonal devices to your computer. Cell phones(government issued cell phones are included),personal external hard drives, iPods, personallyowned thumb drives or any personally owneddevices are forbidden from being used ongovernment systems. (These items are also notauthorized in secured areas!)
Don’t connect ANY device to your government owned computer without getting authorization from your Unit IAO.
Don’t install, relocate, modify, or remove end user devices without prior coordination with your Unit IAO.
Don’t download a game or program from theInternet without formal software approval.
Don’t leave your computer unattended withoutremoving your CAC from the CAC reader!
Do complete DoD IA training prior to accessing agovernment owned IS.
Do report suspicious activity. As the INFOCONlevel escalates, personnel should becomeincreasingly mindful of situations that indicateinformation may be at risk. Stay alert for possiblecomputer viruses/malicious code attacks andunauthorized persons asking for potentiallysensitive information, i.e. user-ids, passwords,website or E-mail addresses. Heighten yourawareness for signs that your E-mail, loginaccount, or other correspondence might havebeen tampered with or opened.
Do review AFMAN 33-152, USERRESPONSIBILITIES AND GUIDANCE FORINFORMATION SYSTEMS.
DISPLAY/POST THIS AID NEAR
COMPUTER WORKSTATION
:
Network User “DO’s and DON’Ts”
Don’t connect privately-owned media orpersonal devices to your computer. Cell phones(government issued cell phones are included),personal external hard drives, iPods, personallyowned thumb drives or any personally owneddevices are forbidden from being used ongovernment systems. (These items are also notauthorized in secured areas!)
Don’t connect ANY device to your government owned computer without getting authorization from your Unit IAO.
Don’t install, relocate, modify, or remove end user devices without prior coordination with your Unit IAO.
Don’t download a game or program from theInternet without formal software approval.
Don’t leave your computer unattended withoutremoving your CAC from the CAC reader!
Do complete DoD IA training prior to accessing agovernment owned IS.
Do report suspicious activity. As the INFOCONlevel escalates, personnel should becomeincreasingly mindful of situations that indicateinformation may be at risk. Stay alert for possiblecomputer viruses/malicious code attacks andunauthorized persons asking for potentiallysensitive information, i.e. user-ids, passwords,website or E-mail addresses. Heighten yourawareness for signs that your E-mail, loginaccount, or other correspondence might havebeen tampered with or opened.
Do review AFMAN 33-152, USERRESPONSIBILITIES AND GUIDANCE FORINFORMATION SYSTEMS.
UNCLASSIFIED
UNCLASSIFIED
Unrivaled Global Reach for America … ALWAYS!
UNCLASSIFIED
UNCLASSIFIED
Unrivaled Global Reach for America … ALWAYS!
UNCLASSIFIED
UNCLASSIFIED
Unrivaled Global Reach for America … ALWAYS!
Air Force Instruction 33-200 (31AUG15)
www.e-publishing.af.mil
POC: AMC/A6XS
DSN 779-6298
Recommended