Rustic American Flag Gunny's Job Board

Category Archives: Cybersecurity Awareness Month

Seven Steps to Reducing Your Cybersecurity Risk

By the Office of the Deputy Chief of Naval Operations for Information Warfare Public Affairs

Much of our focus for Cybersecurity Awareness Month is on how the Navy’s cybersecurity is threatened by nation states, ideologically motivated hackers, cyber criminals, and malicious insiders. Our cybersecurity workforce and Cyber Mission Forces battle these cyberspace adversaries every day. 

But just as importance is for each and every one to pay close attention to your own cyber vulnerabilities, at work and at home. Those same adversaries mentioned above can target you whether you are at work or on a personal device outside of work.

Cyber criminals use some of the same tools and techniques as these bad actors to target anyone who has a personal computer, smart phone or smart device. They are primarily interested in financial gain but may hack for other illegal purposes. Regardless, you are the front line that is defending your personal data and devices from their attacks.    

The Department of Homeland Security (DHS) has produced a series of short, information-packed, easy-to-read “tip sheets” for protecting yourself online. These guides are available, but we have reposted tip sheets for protecting yourself on the home front. Topics range from social media cybersecurity to protecting internet-connected sensing devices but there are some common themes repeated below:

  • Shake up your password protocol. According to National Institute for Standards and Technology guidance, you should consider using the longest password or passphrase permissible. Get creative and customize your standard password for different sites, which can prevent cybercriminals from gaining access to these accounts and protect you in the event of a breach. Use password managers to generate and remember different, complex passwords for each of your accounts. Read the Creating a Password Tip Sheet for more information.
  • Double your login protection. Enable multi-factor authentication (MFA) to ensure that the only person who has access to your account is you. Use it for email, banking, social media, and any other service that requires logging in. If MFA is an option, enable it by using a trusted mobile device, such as your smartphone, an authenticator app, or a secure token — a small physical device that can hook onto your key ring. Read the Multi-Factor Authentication How-to-Guide for more information.
  • Play hard to get with strangers. Cybercriminals use phishing tactics, hoping to fool their victims. If you’re unsure who an email is from — even if the details appear accurate — or if the email looks “phishy,” do not respond and do not click on any links or attachments found in that email. When available, use the “junk” or “block” option to no longer receive messages from a particular sender.
  • Never click and tell. Limit what information you post on social media — from personal addresses to where you like to grab coffee. What many people don’t realize is that these seemingly random details are all criminals need to know to target you, your loved ones, and your physical belongings — online and in the physical world. Keep Social Security numbers, account numbers, and passwords private, as well as specific information about yourself, such as your full name, address, birthday, and even vacation plans. Disable location services that allow anyone to see where you are – and where you aren’t – at any given time. Read the Social Media Cybersecurity Tip Sheet for more information.
  • If you connect, you must protect. Whether it’s your computer, smartphone, game device, or other network devices, the best defense against viruses and malware is to update to the latest security software, web browser, and operating systems. Sign up for automatic updates, if you can, and protect your devices with antivirus software. Read the Phishing Tip Sheet for more information.
  • Stay protected while connected. Before you connect to any public wireless hotspot – like at an airport, hotel, or café – be sure to confirm the name of the network and exact login procedures with appropriate staff to ensure that the network is legitimate. If you do use an unsecured public access point, practice good Internet hygiene by avoiding sensitive activities (e.g., banking) that require passwords or credit cards. Your personal hotspot is often a safer alternative to free Wi-Fi. Only use sites that begin with “https://” when online shopping or banking.
  • Keep tabs on your apps. Most connected appliances, toys, and devices are supported by a mobile application. Your mobile device could be filled with suspicious apps running in the background or using default permissions you never realized you approved — gathering your personal information without your knowledge while also putting your identity and privacy at risk. Check your app permissions and use the “rule of least privilege” to delete what you don’t need or no longer use. Learn to just say “no” to privilege requests that don’t make sense. Only download apps from trusted vendors and sources.

An additional tip for protecting yourself when accessing public Wi-Fi is to use virtual private network (VPN) software, which encrypts your online communications. Anti-virus software companies and other software providers offer affordable VPN solutions.  

By following the advice in this blog and the more detailed guidance in the DHS tip sheets, you will reduce your chances of: becoming one of the 60 million Americans affected by identity theft, being held hostage by a ransomware attack, or having your credit card exploited.

The good cybersecurity habits you learn and apply at home will also help you protect the Navy from cyber adversaries when you are at work.  

https://navylive.dodlive.mil/2019/10/08/seven-steps-to-reducing-your-cybersecurity-risk/ poyrazdogany

Getting from Vulnerable to Cyber Secure

By George Bieber
Naval Information Forces Public Affairs

We are in the cyber fight 24/7. Ransomware attacks, identity theft and online credit card fraud can be devastating, and these are just a few of the many types of malicious software and network attacks. If you’ve never been the victim of a breach, consider yourself lucky, but don’t let your luck lead you to complacency.

Below are tips recommended by military and private sector computer experts to better protect your personal information online:

  • Install an antivirus and update it.
    Antivirus software and updates are automatically covered at our worksites by Naval Information Forces’ Information Technicians (IT) Sailors at numerous commands around the globe and Navy/Marine Corps Intranet (NMCI) via Naval Network Warfare Command (NETWARCOM). For your computers at home, download antivirus software, which will help protect your computer against viruses and malware.
  • Explore security tools you install.
    Many excellent apps and settings help protect your devices and your identity, but they’re only valuable if you know how to use them properly. Ensure your antivirus is configured and working correctly.
  • Use unique passwords for each account.
    One of the easiest ways hackers steal information is by getting a batch of username and password combinations from one source and trying those same combinations elsewhere. The single best way to prevent one data breach from having a domino effect is to use strong, unique passwords for every online account, preferably featuring 14 characters that combine upper and lower case letters, numbers and special characters.
  • Get a VPN and use it.
    Any time you connect to the nternet using a Wi-Fi network that you don’t recognize, use a virtual private network, or VPN. A VPN hides your IP address and encrypts your internet traffic, providing enhanced online security to the user.
  • Use two-factor authentication.
    Two-factor authentication means you need to pass another layer of authentication other than a password. This could include a fingerprint, facial recognition or a text. If the data or personal information in an account is sensitive or valuable, and the account offers two-factor authentication, you should enable it.
  • Use passcodes.
    Use a passcode lock on every smart device to protect your personal data. Many smartphones offer a four-digit PIN by default. Set a strong passcode, not an obvious four-digit PIN such as 1-4, last four digits of a Social Security Number, birthday or phone number.
  • Use different email addresses for different accounts.
    Consider maintaining one email address dedicated to signing up for apps that you want to try, but which might have questionable security, or which might spam you with promotional messages. After you’ve vetted a service or app, sign up using one of your permanent email accounts. If the dedicated account starts to get spam, close it and create a new one.
  • Clear your cache.
    To better protect that information that may be lurking in your web history, be sure to delete browser cookies and clear your browser history on a regular basis. To clear your cache, simply press Ctrl+Shift+Del to bring up a dialog that lets you choose which elements of browser data you want to clear.
  • Turn off the ‘save password’ feature in browsers.
    When you install a third-party password manager, it typically offers to import your password from the browser’s storage. If password managers can do that, you can be sure some malicious software can do the same.
  • Don’t fall prey to click bait.
    Click bait doesn’t just refer to cat compilation videos and catchy headlines. It can also include links in email, messaging apps and on social media sites. Phishing links masquerade as secure websites, hoping to trick you into giving them your credentials. Drive-by download pages can cause malware to automatically download and infect your device. Don’t click links in emails or text messages unless they come from a trusted source, and even then you should exercise caution.
  • Protect your social media privacy.
    Make sure you’ve configured each social media site so that your posts aren’t public. Think twice before revealing too much in a post, since your friends might share it with others. With care, you can retain your privacy without losing the entertainment and connections of social media.

Following these simple guidelines will help decrease your vulnerability in the cyber battlespace, and ensure that your personal data is better protected.

Click on the image to enlarge it.

http://navylive.dodlive.mil/2018/10/29/getting-from-vulnerable-to-cyber-secure/ U.S. Navy

Getting from Vulnerable to Cyber Secure

By George Bieber
Naval Information Forces Public Affairs

We are in the cyber fight 24/7. Ransomware attacks, identity theft and online credit card fraud can be devastating, and these are just a few of the many types of malicious software and network attacks. If you’ve never been the victim of a breach, consider yourself lucky, but don’t let your luck lead you to complacency.

Below are tips recommended by military and private sector computer experts to better protect your personal information online:

  • Install an antivirus and update it.
    Antivirus software and updates are automatically covered at our worksites by Naval Information Forces’ Information Technicians (IT) Sailors at numerous commands around the globe and Navy/Marine Corps Intranet (NMCI) via Naval Network Warfare Command (NETWARCOM). For your computers at home, download antivirus software, which will help protect your computer against viruses and malware.
  • Explore security tools you install.
    Many excellent apps and settings help protect your devices and your identity, but they’re only valuable if you know how to use them properly. Ensure your antivirus is configured and working correctly.
  • Use unique passwords for each account.
    One of the easiest ways hackers steal information is by getting a batch of username and password combinations from one source and trying those same combinations elsewhere. The single best way to prevent one data breach from having a domino effect is to use strong, unique passwords for every online account, preferably featuring 14 characters that combine upper and lower case letters, numbers and special characters.
  • Get a VPN and use it.
    Any time you connect to the nternet using a Wi-Fi network that you don’t recognize, use a virtual private network, or VPN. A VPN hides your IP address and encrypts your internet traffic, providing enhanced online security to the user.
  • Use two-factor authentication.
    Two-factor authentication means you need to pass another layer of authentication other than a password. This could include a fingerprint, facial recognition or a text. If the data or personal information in an account is sensitive or valuable, and the account offers two-factor authentication, you should enable it.
  • Use passcodes.
    Use a passcode lock on every smart device to protect your personal data. Many smartphones offer a four-digit PIN by default. Set a strong passcode, not an obvious four-digit PIN such as 1-4, last four digits of a Social Security Number, birthday or phone number.
  • Use different email addresses for different accounts.
    Consider maintaining one email address dedicated to signing up for apps that you want to try, but which might have questionable security, or which might spam you with promotional messages. After you’ve vetted a service or app, sign up using one of your permanent email accounts. If the dedicated account starts to get spam, close it and create a new one.
  • Clear your cache.
    To better protect that information that may be lurking in your web history, be sure to delete browser cookies and clear your browser history on a regular basis. To clear your cache, simply press Ctrl+Shift+Del to bring up a dialog that lets you choose which elements of browser data you want to clear.
  • Turn off the ‘save password’ feature in browsers.
    When you install a third-party password manager, it typically offers to import your password from the browser’s storage. If password managers can do that, you can be sure some malicious software can do the same.
  • Don’t fall prey to click bait.
    Click bait doesn’t just refer to cat compilation videos and catchy headlines. It can also include links in email, messaging apps and on social media sites. Phishing links masquerade as secure websites, hoping to trick you into giving them your credentials. Drive-by download pages can cause malware to automatically download and infect your device. Don’t click links in emails or text messages unless they come from a trusted source, and even then you should exercise caution.
  • Protect your social media privacy.
    Make sure you’ve configured each social media site so that your posts aren’t public. Think twice before revealing too much in a post, since your friends might share it with others. With care, you can retain your privacy without losing the entertainment and connections of social media.

Following these simple guidelines will help decrease your vulnerability in the cyber battlespace, and ensure that your personal data is better protected.

Click on the image to enlarge it.

http://navylive.dodlive.mil/2018/10/29/getting-from-vulnerable-to-cyber-secure/ U.S. Navy

Getting from Vulnerable to Cyber Secure

By George Bieber
Naval Information Forces Public Affairs

We are in the cyber fight 24/7. Ransomware attacks, identity theft and online credit card fraud can be devastating, and these are just a few of the many types of malicious software and network attacks. If you’ve never been the victim of a breach, consider yourself lucky, but don’t let your luck lead you to complacency.

Below are tips recommended by military and private sector computer experts to better protect your personal information online:

  • Install an antivirus and update it.
    Antivirus software and updates are automatically covered at our worksites by Naval Information Forces’ Information Technicians (IT) Sailors at numerous commands around the globe and Navy/Marine Corps Intranet (NMCI) via Naval Network Warfare Command (NETWARCOM). For your computers at home, download antivirus software, which will help protect your computer against viruses and malware.
  • Explore security tools you install.
    Many excellent apps and settings help protect your devices and your identity, but they’re only valuable if you know how to use them properly. Ensure your antivirus is configured and working correctly.
  • Use unique passwords for each account.
    One of the easiest ways hackers steal information is by getting a batch of username and password combinations from one source and trying those same combinations elsewhere. The single best way to prevent one data breach from having a domino effect is to use strong, unique passwords for every online account, preferably featuring 14 characters that combine upper and lower case letters, numbers and special characters.
  • Get a VPN and use it.
    Any time you connect to the nternet using a Wi-Fi network that you don’t recognize, use a virtual private network, or VPN. A VPN hides your IP address and encrypts your internet traffic, providing enhanced online security to the user.
  • Use two-factor authentication.
    Two-factor authentication means you need to pass another layer of authentication other than a password. This could include a fingerprint, facial recognition or a text. If the data or personal information in an account is sensitive or valuable, and the account offers two-factor authentication, you should enable it.
  • Use passcodes.
    Use a passcode lock on every smart device to protect your personal data. Many smartphones offer a four-digit PIN by default. Set a strong passcode, not an obvious four-digit PIN such as 1-4, last four digits of a Social Security Number, birthday or phone number.
  • Use different email addresses for different accounts.
    Consider maintaining one email address dedicated to signing up for apps that you want to try, but which might have questionable security, or which might spam you with promotional messages. After you’ve vetted a service or app, sign up using one of your permanent email accounts. If the dedicated account starts to get spam, close it and create a new one.
  • Clear your cache.
    To better protect that information that may be lurking in your web history, be sure to delete browser cookies and clear your browser history on a regular basis. To clear your cache, simply press Ctrl+Shift+Del to bring up a dialog that lets you choose which elements of browser data you want to clear.
  • Turn off the ‘save password’ feature in browsers.
    When you install a third-party password manager, it typically offers to import your password from the browser’s storage. If password managers can do that, you can be sure some malicious software can do the same.
  • Don’t fall prey to click bait.
    Click bait doesn’t just refer to cat compilation videos and catchy headlines. It can also include links in email, messaging apps and on social media sites. Phishing links masquerade as secure websites, hoping to trick you into giving them your credentials. Drive-by download pages can cause malware to automatically download and infect your device. Don’t click links in emails or text messages unless they come from a trusted source, and even then you should exercise caution.
  • Protect your social media privacy.
    Make sure you’ve configured each social media site so that your posts aren’t public. Think twice before revealing too much in a post, since your friends might share it with others. With care, you can retain your privacy without losing the entertainment and connections of social media.

Following these simple guidelines will help decrease your vulnerability in the cyber battlespace, and ensure that your personal data is better protected.

Click on the image to enlarge it.

http://navylive.dodlive.mil/2018/10/29/getting-from-vulnerable-to-cyber-secure/ U.S. Navy

Getting from Vulnerable to Cyber Secure

By George Bieber
Naval Information Forces Public Affairs

We are in the cyber fight 24/7. Ransomware attacks, identity theft and online credit card fraud can be devastating, and these are just a few of the many types of malicious software and network attacks. If you’ve never been the victim of a breach, consider yourself lucky, but don’t let your luck lead you to complacency.

Below are tips recommended by military and private sector computer experts to better protect your personal information online:

  • Install an antivirus and update it.
    Antivirus software and updates are automatically covered at our worksites by Naval Information Forces’ Information Technicians (IT) Sailors at numerous commands around the globe and Navy/Marine Corps Intranet (NMCI) via Naval Network Warfare Command (NETWARCOM). For your computers at home, download antivirus software, which will help protect your computer against viruses and malware.
  • Explore security tools you install.
    Many excellent apps and settings help protect your devices and your identity, but they’re only valuable if you know how to use them properly. Ensure your antivirus is configured and working correctly.
  • Use unique passwords for each account.
    One of the easiest ways hackers steal information is by getting a batch of username and password combinations from one source and trying those same combinations elsewhere. The single best way to prevent one data breach from having a domino effect is to use strong, unique passwords for every online account, preferably featuring 14 characters that combine upper and lower case letters, numbers and special characters.
  • Get a VPN and use it.
    Any time you connect to the nternet using a Wi-Fi network that you don’t recognize, use a virtual private network, or VPN. A VPN hides your IP address and encrypts your internet traffic, providing enhanced online security to the user.
  • Use two-factor authentication.
    Two-factor authentication means you need to pass another layer of authentication other than a password. This could include a fingerprint, facial recognition or a text. If the data or personal information in an account is sensitive or valuable, and the account offers two-factor authentication, you should enable it.
  • Use passcodes.
    Use a passcode lock on every smart device to protect your personal data. Many smartphones offer a four-digit PIN by default. Set a strong passcode, not an obvious four-digit PIN such as 1-4, last four digits of a Social Security Number, birthday or phone number.
  • Use different email addresses for different accounts.
    Consider maintaining one email address dedicated to signing up for apps that you want to try, but which might have questionable security, or which might spam you with promotional messages. After you’ve vetted a service or app, sign up using one of your permanent email accounts. If the dedicated account starts to get spam, close it and create a new one.
  • Clear your cache.
    To better protect that information that may be lurking in your web history, be sure to delete browser cookies and clear your browser history on a regular basis. To clear your cache, simply press Ctrl+Shift+Del to bring up a dialog that lets you choose which elements of browser data you want to clear.
  • Turn off the ‘save password’ feature in browsers.
    When you install a third-party password manager, it typically offers to import your password from the browser’s storage. If password managers can do that, you can be sure some malicious software can do the same.
  • Don’t fall prey to click bait.
    Click bait doesn’t just refer to cat compilation videos and catchy headlines. It can also include links in email, messaging apps and on social media sites. Phishing links masquerade as secure websites, hoping to trick you into giving them your credentials. Drive-by download pages can cause malware to automatically download and infect your device. Don’t click links in emails or text messages unless they come from a trusted source, and even then you should exercise caution.
  • Protect your social media privacy.
    Make sure you’ve configured each social media site so that your posts aren’t public. Think twice before revealing too much in a post, since your friends might share it with others. With care, you can retain your privacy without losing the entertainment and connections of social media.

Following these simple guidelines will help decrease your vulnerability in the cyber battlespace, and ensure that your personal data is better protected.

Click on the image to enlarge it.

http://navylive.dodlive.mil/2018/10/29/getting-from-vulnerable-to-cyber-secure/ U.S. Navy

Protecting Your Shipmates By Protecting Yourself

From Navy Cyber Defense Operations Command Public Affairs

Cybersecurity is an “all hands on deck” effort to ensure the nation’s networks and systems are protected against those who wish to do us harm. Last week, we talked about what the Navy is doing at the enterprise level to protect our nation, our Sailors and their families from attack. This week, we will discuss the importance of individual behavior in defending our interests in cyberspace and ensuring the operational readiness of the U.S. Navy’s networks and systems.

Individual behavior is critical because 84 percent of cybersecurity breaches are caused by human error, according to current estimates. Attacks are becoming more frequent and more sophisticated all the time, requiring increased vigilance among Sailors, civilians and contractors, and strict adherence to security guidelines. Failure to follow proper online procedures endangers every member of the team. Everyone with access to the network must be aware of the threat and safeguard their data by developing strong passwords and changing them often; exercising vigilance on social media by limiting the data they share; and protecting themselves against phishing attempts by practicing caution when opening documents or clicking on links. But that’s not all.

The Navy provides detailed guidance on cyber behavior, which is developed by teams of experts with insight into the specific strategies and tactics employed by our adversaries. This guidance, however, is useless if even one Sailor, civilian or contractor neglects to follow it, because it only takes one breach to enable access to the network and compromise operational security and the mission.

Below are some of the steps all hands should take – while at home and at sea – to keep Navy networks and systems safe:

Click on the image to enlarge it.
  • Be Aware of Your Cyber Footprint. If an adversary could create your dossier, using your profile information from various sites as well as your online behavior, what would it look like and how accurate would it be? Practice good judgment when choosing what personal information you share online, and verify that you are sharing information on trusted websites.
  • Understand Your Cyber Terrain. Do you know all the entry points into your home network, systems, or personal devices to include routers, ports, Internet of Thing devices, and (public) Wi-Fi, and are they protected or secured? Be aware of what you are sharing online when you are using shared Wi-Fi networks at coffee shops, airports and other public spaces, which are more vulnerable to cyber intrusions or attacks.
  • Check for Weekly Updates. For your home setup, are you vigilant in checking vendor websites for up-to-date information on vulnerabilities and threats related to hardware, software and applications? And more importantly, do you implement the necessary updates? To safeguard yourself against malware and other viruses, update your home computer regularly with the necessary protection from trusted sources.
  • Create a Cybersecurity Culture. Is cybersecurity part of your workspace culture beyond the annual cyber awareness required training? Do your family members, including those with whom you may share password information or devices (e.g. children), fully understand how to protect your information and devices? Is cybersecurity an individual or a team effort at work or at home? Using information in this blog post, resources available at https://www.dhs.gov/stopthinkconnect-toolkit and elsewhere, educate yourself and your family on safe online behavior to ensure cybersecurity practices become a habit instead of an obligation.

Remember that you are always operating in the cyber battlespace and should exercise caution when operating online. If everyone does their part – implementing stronger security practices, raising community awareness, educating vulnerable audiences, and training employees – our interconnected world will be safer, more resistant from attacks and more resilient if an attack occurs.

Editor’s note: Since its establishment, U.S. Fleet Cyber Command (FCC)/U.S. 10th Fleet has grown into an operational force composed of more than 14,000 active and Reserve Sailors and civilians organized into 28 active commands, 40 Cyber Mission Force units, and 26 Reserve commands around the globe. FCC serves as the Navy component command to U.S. Strategic Command and U.S. Cyber Command, and the Navy’s Service Cryptologic Component commander under the National Security Agency/Central Security Service. Commander, U.S. 10th Fleet, the operational arm of FCC, executes its mission through a task force structure similar to other warfare commanders. In this role, C10F provides support of Navy and joint missions in cyber/networks, cryptologic/signals intelligence and space.

http://navylive.dodlive.mil/2018/10/23/protecting-your-shipmates-by-protecting-yourself/ U.S. Navy

Enhancing Cyber Protection While Increasing Resiliency

From the Office of the Deputy Chief of Naval Operations for Information Warfare (N2N6)

“…we’re in the cyber fight 24/7, 365 days a year, and our foes in that fight are sophisticated, and technologically advanced, and they are very well resourced, and they are focused on penetrating our systems.”
– Adm. John Richardson
Chief of Naval Operations

Any electronic device that stores or processes data is at risk of being compromised, regardless of whether or not it’s connected to the internet, and Navy networks go far beyond the desktop computers, laptops and handheld devices we use every day. They include hull, mechanical and electrical systems; systems that control steering and power; weapons and navigation systems; and aviation systems. Because some of our industry partners store and process sensitive data, we must also consider the security of their networks to fully protect our assets.

Prevention is of course the first line of defense: cyber warriors add layers of sensors and countermeasures make attacks more difficult, and they segment the network to contain damage. While the hope is to avoid conflict altogether, attacks on our networks have proven inevitable, so in the same way that a ship is designed to withstand a potential kinetic attack, and crews are trained to mitigate and control damage, the Navy has designed its networks and systems to be resilient. Resiliency allows Sailors, systems and platforms to “fight through” – just as they would if a ship’s hull was breached or steering was lost – in the event that an adversary were to penetrate our cyber defenses. Like the damage control teams on a ship, our cybersecurity workforce is able to detect compromises, determine what has been harmed, isolate the damage, make repairs, and implement work-arounds so the mission continues uninterrupted.

Sailors stand watch in the Fleet Operations Center at the headquarters of U.S. Fleet Cyber Command/U.S. 10th Fleet (FCC/C10F) at Fort George G. Meade, Maryland. Since its establishment, FCC/C10F has grown into an operational force composed of more than 14,000 active and Reserve Sailors and civilians organized into 28 active commands, 40 Cyber Mission Force units and 26 reserve commands around the globe. (U.S. Navy photo by Mass Communication Specialist 1st Class Samuel Souvannason/Released)
Sailors stand watch in the Fleet Operations Center at the headquarters of U.S. Fleet Cyber Command/U.S. 10th Fleet (FCC/C10F) at Fort George G. Meade, Maryland. Since its establishment, FCC/C10F has grown into an operational force composed of more than 14,000 active and Reserve Sailors and civilians organized into 28 active commands, 40 Cyber Mission Force units and 26 reserve commands around the globe. (U.S. Navy photo by Mass Communication Specialist 1st Class Samuel Souvannason/Released)

 

The lines of effort for this strategy include identifying what needs to be protected and conducting risk assessments; protecting or hardening systems and networks; detecting anomalous behavior that might represent an attack; reacting to compromises or potential compromises by containing the breach and mitigating damage; and restoring basic functions in an effort to return to normal operations. All of these lines of effort are supported by recruiting and retaining top talent within the Navy’s cybersecurity workforce, and training users on best practices and data protection.

The Navy has made significant investments in each of these areas, and is executing plans in support of cyber resilience across the force. Examples include transitioning to the Risk Management Framework for assessing and managing systems’ cybersecurity risk, which can be used to “bake in” cybersecurity during systems development instead of being “bolted on” later. The Risk Management Framework also requires continuous monitoring, which helps the Navy maintain secure systems throughout their lifecycles.

The Navy also continues to identify and harden critical components through the CYBERSAFE Program, which was modeled after SUBSAFE, the rigorous submarine safety program instituted after the loss of USS Thresher in 1963. Like the submarine program, CYBERSAFE seeks to harden defenses before, during and after systems and their components are fielded to ensure they can better withstand attacks.

 A bow view of the nuclear submarine USS Thresher (SSN 593), July 24, 1961. (U.S. Navy photo/Released)
A bow view of the nuclear submarine USS Thresher (SSN 593), July 24, 1961. (U.S. Navy photo/Released)

 

In response to sustained malicious attempts to access Navy data, the Department of the Navy published guidance to increase the accountability of contractors and subcontractors responsible for handling our data. This guidance gives the Navy more visibility into contractor networks and increases contractors’ security requirements, as well as significantly shortens the time for contractors to report compromises.

And as the Navy moves software and data from local computers and Navy-owned data centers to the cloud, it is taking steps to ensure cybersecurity is not compromised in the process.

To implement these reforms and maintain readiness in the cyber domain, the Navy needs its best and brightest at the helm. The department is acting with urgency to recruit and retain top talent in the workforce by leveraging Direct Hiring Authority for civilian cybersecurity personnel, offering incentive pay and direct commissions to civilian personnel with advanced cybersecurity expertise, and expanding the Cyber Warrant Program to incentivize Sailors.

Improving the Navy’s cyber resilience is an operational imperative requiring sustained effort and significant investments, and with the help of our entire Navy team, we will continue to meet the many complex and evolving threats posed by adversaries in the cyber domain.

Over the next two weeks, we’ll describe how you can contribute to the Navy’s cyber fight, and what steps you can take to protect yourself online – at work and at home.

http://navylive.dodlive.mil/2018/10/15/enhancing-cyber-protection-while-increasing-resiliency/ U.S. Navy

Cyber Adversaries Threaten Our Security

From Office of the Deputy Chief of Naval Operations for Information Warfare (N2N6)

Although cybersecurity is important every day, October’s National Cybersecurity Awareness Month provides the Navy with the opportunity to highlight the critical importance of cybersecurity throughout the enterprise – outlining how adversaries operate, what the Navy is doing to improve its cybersecurity, and what you can do at work and at home to protect the Navy and yourself from cyber threats.

The consensus among our senior military and civilian leaders is clear; the cyber threat is real, and the stakes – in this new era of great power competition – are high.

“Americans and our allies are under attack every day in cyberspace.”
– John Bolton, National Security Advisor

“…persistent campaigns in and through cyberspace that pose long-term strategic risk to the Nation…”
– Department of Defense upon release of its 2018 Cyber Strategy

Despite alarm bells by senior officials, skepticism about the cyber threat remains. Because we can’t see what’s happening in cyberspace like we can in the physical world, observers and stakeholders alike may not fully grasp the prevalence and severity of cyber threats.

Someone would probably notice if coworkers tried to copy or photograph hundreds of thousands of pages of military documents. Yet the same result, the loss of valuable and potentially mission-critical information can be accomplished inconspicuously through a cyberattack, and in fact, hackers have remotely compromised the networks of defense contractors and stolen sensitive military data through just such means.

Similarly, a kinetic attack on a power plant would be obvious and invite an immediate response, while cyberattacks are unseen and more difficult to trace, which is why Russian hackers were able to covertly disable equipment at a Ukrainian power company in 2016, cutting off power to the city of Kiev for over an hour.

Click on the image to enlarge it

 

Lest we think our infrastructure is immune, the U.S. government acknowledged Russian hacking and infiltration of our power companies earlier this year, reinforcing the fact that our adversaries are capable of and continuously attempting to breach our networks, systems and critical warfighting infrastructure in an effort to compromise military readiness and operational security.

Understanding the consequences of our actions in cyberspace is essential to combating cyber threats, and Cybersecurity Awareness Month is an important time for us all to be reminded of the ways in which we can contribute to either the strength or the weakness of the enterprise, through our day-to-day actions – at work, at home and at sea.

Connecting an unauthorized thumb drive that contains malicious software to the network is an innocent mistake with potentially damaging consequences. A weak password could allow adversaries to gain access to the network, and causes a majority of system breaches. Posting updates on social media that give clues as to the locations of ships and Sailors could compromise operational security.

In the vast majority of cases, cyber threats don’t cause fires or explosions, and they are not accompanied by grand declarations by state actors, which is exactly what makes them so dangerous. They are unseen, they are real and they can be crippling to our Navy. Sailors, civilians, contractors and families are our front line of defense in this fight – and by adhering to cybersecurity policies, directives and best practices – we can all help keep the Navy secure, as well as protect ourselves and our families while online.

The Navy is counting on you to help protect it from cyber threats. Be on the lookout for updates throughout the month providing information on how our adversaries operate, what the Navy is doing to combat threats, and what you can do to protect the Navy and yourself in the cyber domain.

For more information, visit www.navy.mil/local/cyberawareness.

http://navylive.dodlive.mil/2018/10/01/cyber-adversaries-threaten-our-security/ U.S. Navy

Protecting Yourself in the Digital Age

By Capt. Bryan Lopez, Retired
Space and Naval Warfare System Command

Network security in the workplace is of paramount importance to our daily mission, but we can’t forget to protect ourselves against cyber vulnerability in our personal lives as well. Here are a few tips to help:

Operating System Updates and Anti-Virus Software
One of the easiest ways of protecting yourself against potential cyber viruses and attacks is by updating your computer and smart phone’s operating systems. Many companies make this easy with their “auto-update” feature, ensuring consumers are provided with the industry’s most up-to-date security patches as soon as they are available. Along with keeping your operating system up to date, you should keep your anti-virus software loaded with the latest updates as well. That being said, exercise caution when choosing your anti-virus software. Some vendors have known foreign-government affiliations and should be avoided.

Internet of Things
The Internet of Things or “IoT” refers to the proliferating number of networked devices that most of us already have in our homes. Late model TVs, printers, refrigerators, ovens, dish washers, microwaves and even toasters may be smart devices. They wirelessly plug into your home network and collect behavioral information by passively “listening” and, in some cases, “watching” your behaviors. Should we be concerned about this? Yes. Never share any information you don’t have to. Read the small print to find out how to disable the “passive information gathering” features.

Personal Digital Assistants
Personal digital assistants are designed to make your life easier. To do that, they also passively “collect” your personal information for marketing purposes by listening to your conversations. Hackers can use these features to turn personal digital assistants into a wiretap. When you’re not using these devices, shut them off and take the extra step of unplugging them to ensure they’re disconnected.

Social Media and Online Games
Online games are notorious hacker attack vectors. They gather information and expose unsuspecting victims to viruses and attacks. Social media also presents vulnerabilities. Set your privacy settings to “friends only” and then only share personal identifiable information with known contacts you have confirmed are actually your friends. Never accept connections from anyone you don’t know, especially someone who created a profile featuring only one picture.

An information graphic depicting the dangers of cyber attacks. (U.S. Navy graphic/Released)
An information graphic depicting the dangers of cyber attacks. (U.S. Navy graphic/Released)

 

Two Factor Authentication
Two factor authentication requires you to provide a second method of identification verification information, along with your password, in order to gain access. Some methods include a code sent via text message to your phone, a finger print or retina scan, or even a fob. These steps add a few seconds to gaining access, but are well worth the inconvenience. Whenever possible, if your application or web service gives you the option, take advantage of the opportunity to increase the security of your connection through a second factor.

Cookies
Cookies are small bits of code installed on your computer when you visit a website. Even after you close your browser, cookies continue to track your movements on the internet. They are advertised as a convenience by speeding the process of reloading websites you’ve previously visited. This convenience isn’t worth the vulnerability. In your browser’s privacy settings, you can block cookies; however, this might prevent you from accessing some websites you want to visit. Instead, another method of protecting yourself is to temporarily allow cookies, but also set your browser to delete cookies at the end of each browsing session.

Wi-Fi, GPS, Bluetooth
Wi-Fi is vulnerable to attack. Always password protect your Wi-Fi. Ensure your router’s firmware is up to date. Use Virtual Private Networks, which create a secure tunnel and encrypt your data, especially when using free Wi-Fi in public places like airports and coffee shops. Whenever possible only visit websites that use the secure browser extension “https” where you will see a lock icon.

GPS helps us find our way around, but it also allows your movements to be tracked. Disable it when not in use. On some phones, the quick toggle doesn’t shut down your GPS and it continues to run in the background. To be sure, go into settings to disable it.

Bluetooth is another great digital enhancer that allows us to stream audio and even print at close range, but it is vulnerable to hackers who might want to capture your personal identifiable information, passwords and accounts. Turn it off when not in use.

There is no guarantee that these suggestions will protect you from a virus or an attack, but they will go a long way in decreasing your vulnerability in your everyday life.

Editor’s note: SPAWAR develops, delivers and sustains advanced cyber capabilities for our warfighters. SPAWAR, along with its system centers, space field activity and its partnership with three program executive offices, provides the hardware and software needed to execute Navy missions. With nearly 10,000 active duty military and civilian professionals located around the world and close to the fleet, SPAWAR is at the forefront of research, engineering and acquisition, keeping our forces connected around the globe.

http://navylive.dodlive.mil/2017/11/02/protecting-yourself-in-the-digital-age/ U.S. Navy

All Hands Need to Practice Cyber Safety

By George D. Bieber
Naval Information Forces Public Affairs

Cyberthreats come from a variety of sources including nation states, profit-motivated criminals, ideologically motivated hackers, extremists and terrorists. When you log on to a Navy network or system, you’re in the cyber battlespace.

If there are weaknesses in the Navy’s defenses, its networks and computers can be compromised by attackers with relatively limited resources. Cyber attackers only have to be successful once to do significant damage; we cannot afford to make any mistakes.

Follow the below best practices to keep Navy networks and systems secure:

Don’t Take the Bait
Always verify source of emails and the links in emails. If you’re directed to a site for an online deal that looks too good to be true, it probably is.

Phishing (“fishing”) is a form of email spoofing. By clicking on a link in what appears to be a legitimate email (“taking the bait”), you may be directed to a fraudulent website that installs bad software on your computer or captures data you enter on the website. Opening an infected email attachment can also install bad software on your computer.

Spear-phishing is a form of phishing that targets a specific organization. Spear-phishing emails appear to be from an individual or business you know. Spear-phishing attempts are not typically initiated by “random hackers,” but are more likely to be conducted by those seeking financial gain, trade secrets or military information. Signs that an email may be a spear-phishing attempt include:

  • Sender’s name, organization and/or company do not match the email address or digital signature
  • The use of words such as official, mandatory, urgent, etc.
  • The link text may not match associated URL
  • Contains unsolicited requests for personal information
  • The use of overly poor grammar and contains multiple misspellings.

When in Doubt, Throw it Out
Don’t open suspicious links in emails, tweets, posts, messages or attachments, even if you know the source.

Don’t Connect Unauthorized Devices to Navy Networks
Don’t connect unauthorized devices, such as thumb drives and cell phones, to your computer. Unauthorized devices may contain software that can allow an attacker inside the Navy’s network.

Remove Your CAC
Remove your CAC or lock your computer when you’re not using it. Don’t make it easy for an inside attacker to access data on your computer by leaving it unlocked when you’re away.

Use a Better Password
Don’t use easily guessed or weak passwords, and safeguard them so they can’t be stolen. Password best practices include:

  • Use different passwords for every account
  • Make passwords a minimum of eight characters long and include at least one number, one capital letter, one lower case letter and one special character
  • Select the first letter of each word in an easily remembered phrase for the letters in your password. For example, “stand Navy down the field, sails set to the sky” becomes “sNdtfsstts”
  • Don’t use names or words that can be found in any dictionary (including foreign languages).
  • Don’t use keyboard patterns
  • Routinely change passwords on all accounts
  • Do not change passwords in a serial fashion (e. g., password2015 replaced with password2016)
  • If you save your passwords to a file, password protect and/or encrypt the file
  • Don’t write down your passwords or keep them in your wallet/purse
  • Don’t allow your browser to store your passwords.

Safeguard Your Personally Identifiable Information (PII)
Attackers can use information they’ve obtained about you to appear legitimate so they can trick you into surrendering data they need to breach our networks and systems.

To protect your PII, be savvy about providing information online and use good security practices when using social media sites. Choose security questions that have answers not discoverable on the internet (e.g., do not choose the street you grew up on, your mother’s maiden name, etc.) and don’t conduct work-related business on your personal account. Facebook, Twitter, LinkedIn and other social media platforms can introduce security hazards. Personal profile information on these sites may be used by hackers for social engineering or phishing purposes. Also, be extra vigilant about friending bogus social media accounts, which can allow hackers to harvest sensitive user photos, phones numbers and email addresses for social engineering attacks.

Don’t Use P2P Programs
Don’t use peer-to-peer file sharing programs. These programs can spread bad software inside the Navy’s network defenses.

Stay on Known Good Websites
Use websites that are business related or known good websites.

Don’t Use Systems in Unauthorized Ways
The Navy has established policies to protect itself from compromise. Don’t put others at risk by using systems in ways that aren’t authorized.

An information graphic depicting the dangers of cyber attacks. (U.S. Navy graphic/Released)
An information graphic depicting the dangers of cyber attacks. (U.S. Navy graphic/Released)

http://navylive.dodlive.mil/2017/10/27/all-hands-need-to-practice-cyber-safety/ U.S. Navy