ARLINGTON, Va. – Everybody plays a role in cybersecurity, National Guard and Department of Defense officials emphasized during a panel discussion on cybersecurity Oct. 16 at the Herbert R. Temple Army National Guard Readiness Center.
“Everyone out here is a cybersecurity warrior,” said Kenneth McNeill, the chief information officer with the National Guard Bureau and a panel member. “It is not just a small group that looks at this mission space. Every day, when you are at work, at home, even on your personal computer, you’re a cybersecurity warrior.”
Stressing the impact individual actions can have on cybersecurity was one focus of the panel, held as part of Cybersecurity Awareness Month to help defend against cyber attacks and hacking.
“October is that one month that we can focus on it, that we can reiterate how important it is for everyone to do their part,” said Ashley Jones, a panel member and cybersecurity adviser with the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency. “If you don’t do your part, it’s not an if situation, but when it’s going to happen. So, we want to make sure that everyone understands why cybersecurity is so important.”
For those who work outside the cyber field, maintaining awareness of cyber attacks and some of their hallmarks can help maintain robust cybersecurity.
“Cyber may not be your wheelhouse, you may not do anything with cyber on your daily job, but when you see these incidents and events pop up, Google to see what happened, what it was, what were the indicators of compromise,” said Jones. “That’s how you can be a cyber warrior.”
Awareness of those attacks and their hallmarks and making any needed adjustments go in tandem with maintaining strong passwords and only using approved devices on DOD and government networks to maintain strong cybersecurity.
“The end user is always going to play a part in that, and that’s why we’re here to talk about some of these things,” said U.S. Air Force Brig. Gen. Terrence Adams, a panel member and the deputy principal cyber adviser to the secretary of defense.
That includes being vigilant at home or while using personal internet-connected devices.
“You could get compromised at home and then come into the office and transfer that risk to your office because the network is so connective across the spectrum,” said Adams.
Cybersecurity’s scope often extends beyond traditional desktop computers to encompass everyday devices such as smart watches, cars, and even appliances included in the “Internet of Things.”
“We don’t think about that daily,” said Jones. “You just get up, do your day.”
However, the connective ubiquity of such devices can make it easy for adversaries to collect information or initiate cyber attacks.
“That is the right fertile ground for our adversaries to collect all kinds of information and take all kinds of action, as well as just your run-of-the-mill folks that want to stir up a little trouble,” said Leslie Beavers, a panel member and the DOD’s acting chief information officer.
As technology changes, so do the devices. Keeping an up-to-date policy on those items is another key.
“Technology is constantly changing, and you have to get ahead of the game,” said McNeill. “We’re going to always put the policy in place. But, really, it’s all about leaning forward and knowing what new technology is out there, and then that drives the policy.”
It’s also important to include cybersecurity measures in the development stage of new components and devices, especially those designed to work specifically on DOD and government networks.
“As we work to try to bring new things on the network, I think we should have the mindset to say no more new bad in the domain,” said Adams. “It should be designed to be cybersecure from the beginning. It should be thought about when we’re in the engineering phase, you know, not after it gets on the network.”
McNeill added that the DOD “has a very good process that you go through when we bring in new technologies and look at what we’re trying to use, whether it’s software, whether it’s hardware.”
Overall, said panel members, education is key.
“I think the important thing is to educate the members who are here in this room and everybody else that every connection is an opportunity,” said Adams. “Every connection is an opportunity for you to be more productive. Every connection is an opportunity for the adversary.”
Others agreed.
“I need you to think about your cyber behavior and how you secure your information and your work information as if it were your bank account and as if your personal cybersecurity were involved,” said Beavers. “Cybersecurity month is great, but it really needs to be a 365 effort. That’s how important cybersecurity is to me personally, and I think needs to be to all of us.”