Department of Defense Launches New Cyber Awareness Campaign Published May 2, 2022 By Andrew G. Cosner, AFDW/A6 Cybersecurity Lead AFDW/A6 JOINT BASE ANDREWS, Md. -- The first email in history was sent in 1971, by a computer engineer named Ray Tomlinson. Later that same year the first computer virus, a simple worm-type program named Creeper, was written and released by Bob Thomas. For the few months in between, none of the very few people who had access to email technology had anything to fear. It’s all been downhill since. The online dangers faced by members of the public grow every year, and the need for cyber awareness has never been greater. Back then, access to a global network of information was reserved for collegiate researchers and military strategists. There was no need or expectation for every-day workers to have a computer at work, let alone at home. The scarcity of terminals, and the lack of reliance on computers in general, meant that computer viruses were generally considered minor nuisances at best. These early examples of “malicious code” hardly lived up to their name, being designed primarily to do harmless things like display a message or change the way your keyboard typed letters. All of that changed in 1988, when a Cornell graduate student named Robert Morris Jr wrote a small bit of code designed to explore the fledgling internet and discover how many computers were currently connected. A minor design error allowed the experiment to get out of hand, causing untold damage which some estimates place as high as $97 million. Others noted the potential of such programs, and began to cultivate similar ideas with the intention of gaining information, spreading chaos, or punishing those with whom they disagreed. A multitude of new viruses spread through email or lax network configurations, causing damage and frustration everywhere they showed up. The need for active protection had arrived, but manufactures had a difficult time getting ahead of development. Each new threat had to be researched and understood before a countermeasure could be deployed. Even now, the fight continues between those who would turn the incredible power of the internet against us, and those who fight on our behalf. These days the threat is more complicated and pervasive than ever before. As more and more devices are connected to the global grid, attacks can come in any form, and from any direction. A casino was hacked through its internet-connected fish tank back in 2017, leading to a loss of roughly 10 GB worth of private data related to its high rollers. Often, the goal now is to either highjack your identity, or hold your data for ransom. In all this time, the greatest tool in combating these threats has never changed, not even once. The one thing that remains effective after all this time is education. That’s why the DoD has decided to launch a new, ongoing Cyber Awareness Campaign, designed to help spread the word of both common and emerging threats, as well as provide the tools needed to combat them. Over the next few months, Cyber professionals across the services will be reaching out to all members of the military community through a variety of channels. Members may see tips as they log onto the network, emails with good information to know, or even messages from leaders stressing the steps that can be taken to protect both the military network and the members themselves. Topics will be broad and varied, as are the threats currently faced. Feedback channels will also be provided, so that people can tell leadership about any experiences they have, either positive or negative. That blissful feeling of peace felt in the summer of 1971 has long since passed, and it is only through a combined effort that we can hold the attackers at bay. Every member of the community has a duty to remain vigilant, and take what steps they can to protect themselves, the network, and the country at large. While there is certainly more to come, here are the most important things one can do right now to help join the fight: Don’t trust links in emails/spam. This is the source of most network intrusions. Think HARD before clicking on or following any link coming to you in any email. Do you know and trust the sender? Was the message electronically signed? Does the email contain spelling or grammatical errors? Most importantly, does the email make sense? For banks and other public services, consider simply visiting their primary website and accessing the information that way. For personal messages, double check that the sender wasn’t compromised themselves before putting yourself in the same position. Strengthen and vary your passwords. Many people still use passwords that are too weak, then double down on their error by reusing the same password on many machines and websites. A good rule of thumb is that passwords should have lowercase letters, upper case letters, numbers, special characters, be at least 8 characters long, and not include commonly guessed words or dates such as names, birthdays, or anniversaries. Consider the use of a commercial password vault, which will generate unique, secure passwords for each service you use, and store them safely for you. Run all updates/patches. It seems like nearly everything needs constant updates these days. That’s because they do. Patches, which are mandatory software upgrades, designed to strengthen your computer’s defenses by closing security gaps, have become an everyday part of Air Force life. As unfortunate as the timing may be, or as frustrating as it may seem to see another update notification looming at you, patches are rolled out as soon as a new vulnerability is discovered. The longer you wait to run the patch, the longer your system is vulnerable to attack. It is incumbent on you to keep your system, as well as all connected devices, updated at all times. Back up your data. Most users will implement a proper data protection plan only the day after they’ve lost all of their data. This unfortunate side effect of human nature means that memories are lost, private information is compromised, and those that perpetrate ransomware continue to pervade our society. Backups of your critical data can be done locally, with affordable storage devices of all kinds, or over the network using any one of a variety of highly reputable and reliable automated services. Always stay vigilant. Possibly the single most important thing you can do to protect yourself and the network is to simply pay attention to what is going on around you. Stay informed of threats and take simple, common-sense precautions while interacting online. Finally, report anything suspicious through appropriate channels. When Ray Tomlinson sent the first email 51 years ago, he changed the world. We now connect nearly every aspect of our lives to an ever-growing, ever-changing network designed to give everyday people as much information as they could ever want or need. But this evolution needs to be protected, and it’s up to you to do your part.