Week 12 final blog lessons learned

Wow this course has flown by.  It seems like we have covered so much in the past 12 weeks that we could not fit it all in.  Just by doing the process models it has opened my eyes to a lot of things that the military does to keep us safe while using government computers.  Unlike the company that we could have chosen to do our process model on, the DOD, uses specific processes to weed out potential breaches and pass them along.  You can look at what DISA reports every day and that will give you added insight on what is out there and you can adjust your process model if needed to be able to see what is going on and fit it into your model.  I know I caused a lot of confusion with the acronyms that I used, but I try and spell it out in my descriptions.  There is a calculated level of risk out there each time that you log in to your computer and that is why I try and use common sense on what I can do each time I am on the computer.  When I am at work I tend to only look at government sponsored web sites and e commerce sites that I know are legit.  The big thing to remember also is to look at the warning orders that DISA provides and adjust your daily tasks on your computer to not put yourself at risk.  You can fix some of the behaviours before they happen and it is very important to do so.  If you can prevent and attack before it happens then you are going to be successful in stopping cyber terror.  I have had a great time in this class and I look forward to seeing you all down the road in other classes and at graduation.  Thanks again.

Action Plan thoughts

Well depending on what road you close to follow on your process model your action plan could be either a real pain or painless.  I chose to do my process model based off of the typical DOD computer system because I know it in and out.  I know the way the system operates and I am privy to the latest information from DISA about current attacks.  I knew that my action plan would be very simple because it didn't involve any hardware changes and anything that didn't work properly would receive guidance from DISA in order for any further changes to be made.  So the big threat here is the threat from Iran where they are hacking government computers in an attempt to gain financial information and data from military users.  There are two ways to fix this which the latter should fix the problem of vulnerability if the first is ignored.  The first means of action that I chose was a unit level memo that would originate from the security team that prohibits the visitation to online banking sites and any e commerce sites on a government computer either secured or non secured.  This would in theory stop any data from getting onto the system and if the computer was hacked there would be no information there to look for.  But we all know that since lower enlisted like to push the envelope that this will not work and they will do it anyway so we will have to make the needed system changes.  These changes will be relatively easy since they are done at the unit level on the server side by the communications section shop.  What we intend to do is to block all access to online banking on the non secure system and the secure system.  All e-commerce will be block on the non secure system with limited access for supply personnel to GSA listed sites for ordering supplies only on the secure system.  This problem will not hamper any supply personnel in doing their job in sustaining the unit.  So since there are no hardware changes this far this should not be a problem in getting done in a timely manner.  If for some reason this process fails, which I don't see it failing because there will be no access to those sites that would put financial information on the computer, we can go back to DISA and see if there are any hardware changes that may help out.  The only thing that I could think of would be to install additional firewall appliances and go from there.  We will receive all guidance from DISA so if these changes fail then the ball will be in their court.  The big thing here is making changes that will prevent the attack and make sure your process model starts over again once you have verified that the changes have worked.

Potential checklists for DOD network users.

This past week I have been thinking about some checklists that I can use for my action plan that will directly affect my process model.  Since my process model is based off an actual threat to a DOD user and system it should work out pretty good here.  I have seen checklists that we have placed by our phones for bomb threats and thought that one should work for a network threat as well.  Since threats are ever changing in our industry it would probably be best to keep the checklist basic and not let it lead to a direct type of threat because there are many out there.  The first thing that I would do is when you get to your workstation every day do a thorough check of your system to make sure that everything is the way that you left it.  You may have to power on your computer especially since updates are installed nightly and it may have not restarted properly.  Also if you have a laptop that you are signed for it would be a good idea to secure it at the end of each day.  I would either take it home with you or secure it in a secure wall locker so a potential unauthorized user will not have access to it.  If you have your computer that is left out all the time check your CD drive to make sure that someone has not placed an unauthorized disk in the drive.  Since most USB ports have been disabled to portable device you shouldn't have to worry about anything there, but just check to make sure that you don't have any foreign items that shouldn't be there installed in them.  Also as soon as you log in with your ID card make sure that you do not see any unauthorized system configurations.  You should do this because your hack could begin once you actively begin using your computer and this could transmit data to the enemy.  If your unit has site that your are mandated not to use then do not use them. There is always a reason not to visit a site that is prohibited on a DOD computer system.  Your personal information could be a target so do not do anything on a DOD computer that could be a target to foreign personnel. This is a pretty rough checklist, but it could be as effective as the bomb threat checklist that is posted by every government phone.  If you practice this with your government computer then if could mitigate the risks that you have when using your PC every day.  Nothing is full proof here, but it should help out.

Wow the course is almost over and it is flying by.  Last weeks project did not go as well as I had planned even though I thought I made it more easy to understand, but including easier to understand terms.  I did not think that the format of my test was in need of change, because when I plugged my threat in it followed all of the steps that I had lined out with no problems.  I think a big thing that it may have been still harder to understand even though I tried to make it easier.  I did provide my description this time in the form of a word document which was different from the initial draft that I had turned in.  As these next few weeks go along I am more prepared to present a more elegant product if I am asked to.  I think that the toughness of this has caught me off guard a little and I have to get out of thinking about the military terminology all the time.  I think that the big thing here is that I need to make what I turn in easy to understand for all and I need to look that other things besides the military way of doing it.  I would like it if every one can understand the military terminology, but it is not realistic.  I need to use the same technical terms, but at the same time make it to where it is easy to read and every one can get through the scenario.  I can also use other students examples as a guide to see where we can go with this one.  So what I plan to do if I get another chance to revise is rework my diagram to make it simple to understand and try to be a little bit less descriptive on the technical side as well.  If no one can understand then I can see the point why.  Thanks again for the opportunity.

Threat process test

I really enjoyed looking at the latest threats from DISA this past few days and determining that the greatest threat now are threats from Iran. It seems that Iran is launching some cyber attacks on us that is trying to steal credit card information and things like that so it was a fact that I could run it through my process model.  I was making sure that I was doing it right because when I wrote about the test it seemed like I was writing a description of my model again.  I pretty much just plugged in the information from a potential attack and was able to talk about all key players as the threat processed through the system.  I all went pretty smoothly for me because I was able to follow the flow the entire time and it did not get bogged down.  All of the potential problems worked through and it is all logical that it would happen this way.  In my process model their is only so much that you and your unit support can do any way. DISA is pretty much all of the guidance once a clear threat and attack has been announced.  Your security section has to report what your model finds directly to DISA and they can only recommend any changes to DISA.  DISA will determine if any sites or access has to be changed on this.  Your security section ultimately acts on the guidance from DISA and that is how it works.  Pretty much I would say that my threat process model worked for this particular threat worked and it makes sense. I hope the class enjoys reading it on the forum this week.

Credible Sources

The source that I am going to evaluate is DISA.  This source is credible every day.  If there is a problem with the network that involves security then they will put out the necessary information in a flash.  Based on the information that is provided by them units know what shape the network is in and know if they have to shut down the network or not. This is a big deal because if there is an attack and no one reacts then there is potential for a big problem in dealing with security.  Security sections put a lot of faith in DISA every day so it is important for this source to remain credible.  I would say that all DOD agencies trust DISA with all of their security needs because they are the ones who set all of the IA doctrine for the entire DOD they should be capable of being trusted.  I think that since they made the changes to email for the better they could be onto something.  They ultimately seek security out so this should be considered a good source.

Chapter 5 case study

I will have to say that the chapter 5 HAL case study was the best case study that we have done so far.  I think that the information was presented in such a way that everyone could follow it and I for once really got into the story as I went along.  The way that they broke it up between the entire chapter really kept me in suspense as well.  I think the best thing is it told you the involvement of the key players as you went on.  Susan was the IR project manager and as it was discussed she would have to be in place until the project was completed or 20 hours on duty had elapsed.  The scenario seemed to be perfectly by the book as it went smoothly and was able to be solved with her still on duty. The thing that bothered me was there were no hiccups in the scenario.  You would have thought that there would have been more action that would have caused more interaction with more than just the key players that were presented.  I know that the author is just trying to make it easier to understand and get through the study, but I would have made it go a little bit longer so there were some additional details.  As I said though this has been the most interesting case study that we have read so far.  I look forward to the oncoming weeks.