By Mass Communication Specialist 2nd Class Jeffry Willadsen, Navy Public Affairs Support Element West, Det. Everett
EVERETT, Wash. – Cybercrime, espionage and other threats are growing in today’s online society, making it increasingly more important for Navy Sailors, civilians and family members to remain vigilant.
There are many different types of threats related to the internet and computers, leaving many Sailors wondering: “What exactly are the cyber threats out there, and what can I do to stop them?”
“Technology is reshaping every aspect of our lives, and protecting our digital infrastructure from cyber threats is one of our highest security priorities,” said President Barack Obama in his 2013 Cyber Security Awareness Month proclamation. “All of us have a role to play in safeguarding the networks we use in our daily lives. Understanding the risks associated with being online can help secure personal information and prevent identity theft and fraud.”
In our high-tech world, information technology has become deeply entwined with both our personal and professional lives. Because of this, cyber crime, cyber terrorism and other such digital attacks have become increasingly threatening and higher in priority. It is imperative to not underestimate the significance of these threats. Your assets, privacy and identity, as well as the security of the Navy and America, could very well depend on it. The first step in protecting yourself is to understand the threat.
In order to defend themselves and their shipmates from these attacks, it is important for Sailors to understand the wide variety of forms cyber threats take.
Jay Williams, an information assurance manager at Naval station Everett, said there are two broad classifications of cyber security: technical and physical controls. These are the controls that are defeated in order for a cyber threat to be realized.
Technical threats are very wide ranging and include phishing, spear phishing, and malicious software. These threats take place through digital means and do not require physical interaction.
Phishing is a common cyber threat, designed to covertly secure a victim’s personal information.
This threat usually takes the form of an official-looking email, or some other electronic correspondence, that prompts an unsuspecting victim to enter data such as bank account information, passwords, or social security numbers. The email may appear to be from a bank, vendor or other reputable institution, but it is a trap to steal money or valuable information from someone.
“With a very little bit of information, a hacker can compromise a system,” said Williams.
Phishing is sent out at random, a ‘wide net’ meant to ensnare as many innocent victims as possible. However, a new, more targeted version of phishing has emerged that can be even more dangerous.
Spear phishing, as this threat is known, is the same as phishing, except that it is tailor-made for a particular person. For example, a spear phishing email may contain the victim’s name or basic information. It may even come from the organization a victim works for or an institution the individual is a member of, which makes this kind of attack much harder to detect.
“If it was not initiated from the user … if you didn’t inquire about something and they were just responding back to it, that should be a red flag,” said Williams.
Another technical means of a cyber attack is malicious software. Malicious software comes in many forms and is known by many names, including spyware, malware, Trojan horse, or virus.
Malicious software is often downloaded and activated by clicking on a link or accessing a certain web site. Once on your computer, smartphone or device, malicious software infiltrates software defenses and will fulfill a specific purpose. This purpose may be to try to obtain passwords or other sensitive or financial information. It may even record keystrokes, take screenshots or take photos using a device’s webcam.
“It’s very scary,” said Williams. “These things happen very quickly and very quietly.”
There are also physical threats to cyber-security. These threats involve the common access card (CAC), password on private identification numbers (PIN), and unsecured computer hardware. These threats are physical, because they utilize physical access to a device.
The threat posed by an unattended CAC is of high importance for military members. The CAC ID card, which is used by Sailors and other Department of Defense personnel, is used to gain access to government computers. Combined with a personal identification number, the CAC allows access to government email and other cyber resources.
If left unattended in a computer, a CAC card can be the opening someone needs to commit a cybercrime. For example, if a person uses an unlocked computer to send a email, that email is sent in that person’s name. That is why it is important to not leave it unattended when you leave your desk.
“It doesn’t make a difference if it’s five feet away or fifteen feet away,” said Williams. “It only takes a half a second for someone to walk up on an open workstation to do one thing real quick, and walk away and it can ruin a Sailor’s career very quickly.”
Another physical threat is PINs or passwords being written down near a computer or other device. Information like this must be kept secret in order to protect the user against cyber criminals.
Information can also be gleaned by unauthorized physical access to a computer or other device. By leaving a computer out in the open or in plain view, someone could steal it, acquiring not only the hardware, but sensitive digital information as well.
So why do cyber criminals commit such crimes? Though there are many reasons such cyber threats exist, there are two that are of paramount importance.
First, cyber criminals may be after your assets. Much of cyber crime is committed in order to gain access to your personal information and, thus, your finances. Identity theft and financial fraud are common end-games for cyber crime. In order to keep your identity and finances safe, it is important to remember that there are people out there who want to steal them from you for their own personal gain.
Another reason for cyber crime, especially against military members, is to attack the United States, its security and its infrastructure. Digital information is a means that terrorists use to gain sensitive information about military members and operations, as well as attempt to harm military capability of the United States.
Cyber warfare and digital espionage are real threats and are high priorities in the military.
Chief of Naval Operations Jonathan Greenert said that cyber warfare is one of the most important subjects in the Navy.
“The level of investment that we put into cyber in the department is as protected or as focused as it would be in strategic nuclear,” Greenert said in an interview with Reuters. “It’s right up there, in the one-two area, above all other programs.”
So how do Sailors help to defend themselves and the Navy from these numerous cyber threats?
The answer is both simple and complicated. First of all, it is important to understand these threats and realize that cyber security is “Our Shared Responsibility,” the theme for the 2013 cyber security awareness month, in October.
“Education and being alert are the two primary things,” said Williams.
There also several practical ways Sailors can prevent cyber crime, he said.
“When you walk away from your workstation, make sure it is locked. Pull your CAC card out,” said Williams. “Without that they can’t get in.”
Keeping passwords, PINs and other important information memorized instead of written down for all to see is greatly important as well. Also, keep your personal computers and other hardware secure and safe from theft. Do not leave them in your car or in view from open windows when you leave home.
“It’s important to make sure you have your software up to date,” said Williams.
Williams also strongly recommends using reputable anti-virus software and updating that software as soon as prompted.
Do not click on links in emails, especially if you are not sure if it is from a legitimate source. Even if you get a credible looking email from your bank or other trusted source, call to make sure it is legitimate before giving personal information or clicking any links.
Be wary of unanticipated login screens, and be aware of what accounts you have actually created yourself.
Do not download unauthorized software to government computers, and make sure that the software you choose to download to your personal computer comes from a legitimate source.
Be sure to not divulge any personal or compromising information to anyone unless you are absolutely sure that it will be safe and secure. Remember, that being safe online is your responsibility, and a choice that can protect yourself, your family and your nation from the danger of cybercrime.