Security….everyone’s responsibility Published Feb. 21, 2012 By Scott Piper 99th Air Base Wing Chief of Information Protection NELLIS AIR FORCE BASE, Nev -- Information Protection should be on everybody's minds whether they are a military member, civilian employee, or government contractor. The compromise of our nation's classified or controlled unclassified information, whether from an insider threat or unauthorized public release, can have a devastating impact on our mission. We all have a responsibility to protect this information and we need to develop a culture, down to the lowest level, of information security where good security practices are job one. Last year Nellis and Creech had a record 33 security incidents. Security incidents are declared whenever an incident involving classified information occurs. Security incidents are typically the result of not following proper security procedures, and in each instance, commander-directed investigations are conducted to determine the cause and any resulting impacts to national security. Some of the more frequent incidents include inadvertently taking classified material home, sending classified information over the unclassified network (also referred to as a Classified Message Incident), and failing to properly secure classified material or allowing cell phones and other unauthorized media into secure areas. CMI's are especially problematic. Once classified information is on an unclassified network, it can spread very quickly. The 99th Communications Squadron will quickly quarantine all of the machines involved and use specially designed software to purge them. If Blackberry phones are involved, they cannot be purged and must be seized and destroyed. Obviously, depending on how many individuals and machines are involved, this can be a significant mission-impacting event. To help contain the incident, all users should know if they receive or otherwise become aware of a CMI email or message to take the affected machines off the network as quickly as possible by simply unplugging the LAN cable from the back of the computer. While setting a new record for security incidents isn't a good thing, it also indicates a raised security awareness environment that shows people know what to watch for and how to report violations. But to be clear...this isn't a record we want to break again.
