Blue Team strives to enhance network security

Published Feb. 5, 2009
By Master Sgt. Allison Day
35th Fighter Wing Public Affairs

MISAWA AIR BASE, Japan -- On Misawa, there is a somewhat secret team working behind the scenes, constantly testing, watching and waiting to see who will be the next to fail. They think like saboteurs, testing accessibility to computer infrastructure, or they act like hackers, luring people to send them their secrets. In the blink of an eye, they're in and they're out - leaving only questions on what all went wrong.

They are the Blue Team and they are responsible for enforcing and enhancing network security.

"Because individuals don't always understand how to protect the system, our job is to act as Blue Team aggressors against network users, helping people recognize the threat, train for the threat and retrain as necessary," said Tech. Sgt. Thomas Parker, 35th Communications Squadron NCOIC, wing information assurance

The team uses a variety of techniques to test Misawa's servicemembers' ability to respond to threats appropriately.

"Earlier in January, physical security scenarios conducted at several work centers revealed how individuals without the proper credentials were able to gain access to the network infrastructure at some of these locations," said Sergeant Parker. "If anyone in our squadron needs access to your system, they will escort contractors themselves and the number to call to verify it is 226-3215 or 226-2001."

After these scenarios, the Blue Team corrected people on the spot, pointed out what they did incorrectly and educated them about what to do in the future. According to Sergeant Parker, the goal is to improve network security at the individual level.

"We want users to be vigilant about what's required of them because ultimately the user is the person responsible for making sure their computer is used appropriately when online," said Sergeant Parker. "Complacency can lead to social engineering threats. This is a threat where computer users are so trusting that they are unable to recognize the threats."

Additionally, Sergeant Parker wants Misawa's computer users to know that no one will ever call them for their personal information like passwords or common access card or CAC pin numbers.

"Although we say this time and again, some users will still give up their information," said Sergeant Parker.

Another reason the Blue Team conducts tests of the network is to catch victims using the same techniques the cyber enemies or hackers would use. E-mail tests sent out by Blue Team members are intended for training purposes only.

"We have the mind of hackers; we know what they are looking for and our e-mail tests are meant to highlight the fact that hackers pose a real threat to military networks," said Sergeant Parker. "Scams are an additional way to train individuals even after they've taken their information assurance training."

Another threat to the local network is an e-mail scam known as phishing, said Sergeant Parker.

"Phishing is an attempt to acquire sensitive information by fraudulent means such as an e-mail designed to look like a bank or other trustworthy company," said Sergeant Parker. "Sensitive information sought by hackers includes usernames, passwords and credit card numbers. Check for digital signatures on e-mails and only open e-mails if you recognize the sender."

One of the problems the Blue Team has noticed is some users have been leaving their computer with their CAC unattended.

"Everyone needs to get in the mindset of logging off and taking their card with them. In this age, none of us can get our jobs accomplished without the use of a computer and that leaves us vulnerable to increased computer threats," said Sergeant Parker. "Our networks can be targeted by our enemies, so the more network savvy we are, then it's harder for hackers to access our system."

Some basic ground rules for using a computer are no personal universal serial bus, or USB devices such as thumb drives or personal music players are allowed, said Sergeant Parker. Additionally, flash media devices, which include flash drives and camera cards, are not allowed.

As part of IA, the Blue Team was inspected last week by inspectors from the Air Force Communications Agency, Scott Air Force Base, Ill.

"The inspectors visited several work centers throughout the base and when questioned, some individuals were not aware of what to do if they discovered a virus on their computer," said Sergeant Parker. "Each computer should have a network incident reporting aid card next to it with step-by-step instructions."

To get this card, contact information assurance at 226-2001.