[ The Real McCoy Online Home ]                     

February 22, 2013


‘Cyber Threat Awareness’ theme for 2nd quarter

The Army Antiterrorism Quarterly Theme for the second quarter of fiscal year 2013 is “Cyber Threat Awareness.”
The cyber threat to the U.S. Army and its members is as pervasive as the Internet itself.

The highest echelons of the Army have recognized the cyber threat as a priority. Adversaries range from hacktivists to nation-state backed operatives.

Hostile actors seek to use cyberspace for a variety of purposes that include subversion, sabotage, intellectual property expropriation, and even terrorism. To accomplish their adversarial goals, obtaining critical information about operations, and sensitive information, such as names, addresses, Social Security numbers and e-mail addresses, are among the means used. Whether the motivation is criminal identity theft, terrorist message propagation, national security information expropriation, denial of network services, or even attacks on critical infrastructure if they are connected to the Internet, cyber exploitation remains a reality of everyday life in a highly networked world.

Hostile cyber exploitation threatens the technological and informational advantages that are a critical component of national security, causes economic damage to businesses that often times prove devastating, interferes with services bolstered by critical infrastructure, and for individuals, destroys livelihoods.

The cyber threat is multifaceted. Even so, most attacks depend on the end-user to exploit a network. The three most-prevalent delivery means for such exploits are the following:
• E-mail messages with attachments containing malware;
• Websites containing malware that attack from a remote location;
• USB and other removable media containing malware.

In order to manage the risk posed by such exploitations, security education and training awareness (SETA) programs must include a cyber focus. To minimize risk to individuals and networks, it is critical to teach basic security guidelines. Basic security protocols will go far in providing a first level of defense by reducing the likelihood that individuals will open up vulnerabilities through their own network access. For example, using the three delivery methods mentioned above, security guidelines include:
— Users should not open suspicious e-mails or their attachments; text-only is preferred versus HTML to limit malware delivery through e-mail.
— When browsing on the Internet, look for a closed padlock icon in the Web browser’s status bar indicating a legitimate site and beware of hyperlinked URLs whose targets do not match the link text (text may read www.paypal.com and the link takes the user to a phony site such as www.paypal.net).
— Exercise caution when using CDs, DVDs and thumb drives, understanding that malware can be transferred from infected media; conduct a basic security scan when inserting these items into a drive or USB port. Have cognizance and control over media so that a third party does not introduce malware without one’s knowledge unto the CD, DVD, Thumb Drive, or other media.

Education and awareness alone, though critical, are unable to prevent 100 percent of all exploits. When awareness and vigilance fail, there must be a report- and respond-ability owing to the fact that not every exploit can be interdicted and not every computer user will exercise vigilance.

Cyber threat awareness includes being willing and able to report suspicious activity. Indicator questions and concerns for what constitutes a cyber suspicious activity should be directed to the local G6/Information Technology section, which for Fort McCoy is the Network Enterprise Center (NEC) Information Assurance Office located in building 1454 at 608-388-8577/7018/5351.

For pamphlets and brochures supporting the theme of “Cyber Threat Awareness,” contact Fort McCoy Antiterrorism Program Specialist Joshua R. May at joshua.r.may12.civ@mail.mil or by calling 608-388-4504.

For questions or comments concerning this article, contact May or the servicing NEC’s Information Assurance Manager, Kristine Brieske, at 608-388-8577 or kristine.m.brieske.civ@mail.mil.

In addition, the United States Computer Emergency Response Team (US-CERT) has helpful safe computing tips that are of benefit to the general public at http://www.us-cert.gov/cas/tips/.

(Submitted by the Directorate of Plans, Training, Mobilization and Security Antiterrorism Office.)

[ Top of Page ]

[ The Real McCoy Online Home ]