Deputy CIO: Computer Users Must Practice Cybersecurity
By Claudette Roulo
American Forces Press Service
WASHINGTON, Sep. 28, 2012 National Cyber Security Awareness Month in October lasts just 31 days, but practicing good cybersecurity is important 365 days a year, the Defense Department’s deputy chief information officer said yesterday.
Because users engage with the network on a daily basis, good cybersecurity practices should be second nature, Robert J. Carey, DOD’s deputy chief information officer, said during a joint American Forces Press Service and Pentagon Channel interview.
This means “changing our culture to be more mindful of the fact that the information needs to only be transmitted to those who are fit to consume it [and] who are authorized the right accesses,” he said.
Specific cybersecurity practices vary depending on the type of users, but Carey said there is one overriding concept: everyone is responsible for protecting information.
Commanders rely on information relayed through electronic networks to make life-and-death decisions, but, Carey asked, what if they couldn’t trust that information?
“What if [they] trusted it, but it was wrong?” he said.
Understanding how that information traversed the network -- whether it came from the person it’s supposed to have come from -- is essential to commanders, he said.
And while information technology can be a complicated subject, with an equally complicated lexicon, Carey said his office is working to ensure that DOD adopts policies and strategies that help users at all levels to understand exactly why cyber security is so important. This way, he said, they can be confident that they’re taking the right steps to protect information.
“The most important link is the user. Each of us, when we engage the network, is either an asset or a vulnerability, depending on our actions,” he said. “The human becomes the weakest link, and so the more we can strengthen that weakest link, the better we will be.”
Responsible network access means users are aware of what they’re clicking on, Carey said.
“If you click on a link that you don’t know where it came from and suddenly bad things happen, ... well the link has already provided the information to your computer,” he said, “so now you have bypassed a lot of the protections that the system has.”
The Department of Homeland Security has adopted “Stop. Think. Connect” as the motto for National Cyber Security Awareness Month. Carey said the program asks users to consider their actions and remember that what they do online may affect others.
“If you're ... cutting corners and you're doing the wrong things, you can be a vulnerability to this big thing called the network,” he said. “People don't realize the extent of it. They think, 'If my machine has a problem, [then] that's the extent of it.' It's generally not the extent of it.”
Network users should ask themselves if they’re doing the right things or exhibiting the right behaviors to perform risk management of the information they’re going to access, he said.
This thought process should continue even when people aren’t accessing the network from their workplace, Carey added.
“At home you don't think about security,” he said. “When you get on your computer at home and you engage the Internet, it's highly unlikely that you have a firewall, [and] it's highly unlikely that you have a smart card to log on, so the layers that afford us security aren't generally present.”
People may feel annoyed when security layers are added to the home experience, but, Carey said, “that operational overhead is a necessary evil to ensure that the information stays protected.”
"If we can keep the information secure, the layers, they're just a necessary part of the accessing process," he added.
Carey said that every user is front and center in the battle to ensure networked information remains secure.
“It is ... a cost of doing business in the information age; you just have to be aware,” he said.