AFMC Command News

Protecting Air Force and personnel assets from cyberattack is everyone’s job

  • Published
  • By Michele Donaldson
  • Air Force Materiel Command

Early Air Force aviators and mechanics would probably be very surprised to see how many of today’s Airmen depend on computers to do their jobs. Even flightline personnel and ammunition technicians use computers regularly to access instruction manuals and regulations, and paper inventory logbooks are a thing of the past.

Web-based databases are used for every aspect of warfare. As technology improves, the importance of cybersecurity becomes more critical as our adversaries are using similar capabilities that are constantly transforming.

“Missions depend on information systems,” said Bradford Miller, Air Force Materiel Command Cyber Security Officer. “Everything we do is stored on some sort of database or application and must be protected from constant attack from state actors, criminals and hacktivists.”

“Tens of thousands of attacks are logged each day,” said Miller. “It’s a full-time job for many information technology experts to prepare for and counter those attacks.”

Miller and his team perform continuous hygiene hardening measures such as monitoring for obsolete software and installing multi-factor identification on common access cards to make systems harder to access. They track compliance and report to the Department of the Air Force and the Department of Defense monthly on their findings.

The pandemic and the subsequent telework environment caused cybersecurity experts to take a giant leap forward in better protecting data while connecting remotely, but personal cybersecurity responsibility must also be addressed.

The Air Force promotes good physical and mental health, and good cyberhealth is important as well. October is Cybersecurity month, but, like diet and exercise, cybersecurity is not a once-a-year event. And it’s not the job of only the IT professionals.

So, what can the average Airman do to ensure data is protected and maintain good cyberhealth?

The national focus for this year’s cybersecurity awareness campaign is on activities people can take on their own. Some of these include recognizing and reporting phishing, regularly updating software, never leaving devices unattended in public areas, and being vigilant when clicking links or opening attachments from unknown parties.

“Simple things like securing your router, using strong passwords, and employing dual authorization techniques can cut your vulnerability by 90%,” said Miller. “If you haven’t been attacked yet, you will be. It’s just a question of when, how often and how severely.”

One action promoted by the national campaign that AFMC is particularly focusing on is password protection. Yes, it’s an annoyance to establish appropriate password sequences, and then to keep track of the many that are required in daily life, but passwords are key to keeping systems, both at work and at home, secure.

Some tips Miller offered include not using the same password for multiple sites, not using easy-to-guess combinations like birthdays or children’s names, not sharing passwords or writing them down where they may be found, taking advantage of two-factor authentication whenever offered by sites, and creating long passwords. Experts suggest using the first letters of a 12-word sentence interspersed with numbers and special characters.

Cybersecurity is a priority for everyone to make it more difficult for hostile forces to gain access to systems and to protect our troops while on duty and at home.

The Cybersecurity and Infrastructure Security Agency at www.cisa.gov is an excellent resource that provides information on a myriad of topics involving internet security, as well as the latest consumer and industry alerts.

If you have specific questions about cybersecurity on the job, seek out your cyber security office, a part of the base communications squadron.

If you want to report a phishing attempt or other cybercrime, you can access the FBI Internet Crime Complaint Center website at https://www.ic3.gov/.