Headquarters Air Mobility Command

UNCLASSIFIED

Unrivaled Global Reach for America … ALWAYS!

AMC/A6XS

DSN 779-6298

October is

National Cyber Security Awareness Month

Week 3 (16-20 October):

Today’s Predictions for Tomorrow’s Internet

UNCLASSIFIED

UNCLASSIFIED

Unrivaled Global Reach for America … ALWAYS!

“Your sensitive, personal information

is the fuel that makes smart devices

work. It is critical to understand how to

use these cutting-edge innovations in

safe and secure ways.”

UNCLASSIFIED

UNCLASSIFIED

Unrivaled Global Reach for America … ALWAYS!

“INTERNET OF THINGS” RISKS

Vehicles: Bluetooth or infotainment systems allow hackers the ability to take control

of safety critical ECUs like its brakes or engine

Appliances: Each home device (thermostat, refrigerator, baby monitor, garage door,

and others) that can be connected to the Internet constitutes a “door to sensitive

information”

Wearables: Through protocols such as Bluetooth and Wi-Fi, hackers have the ability

to record video or audio files, and capture photographs & sensitive, personal data.

Home security SmartApps: can be remotely exploited to virtually make a spare

door key, inject fire alarms with false messages which lead to an alarm being set off,

and “vacation mode” being turned off while your away.

The scale of interconnectedness,

created by the Internet of Things,

increases the consequences of known risks

and creates new ones

UNCLASSIFIED

UNCLASSIFIED

Unrivaled Global Reach for America … ALWAYS!

WHO IS THE TARGET?

UNCLASSIFIED

UNCLASSIFIED

Unrivaled Global Reach for America … ALWAYS!

PROTECT YOURSELF

As Our World Becomes More Digitally Connected (Internet Of Things (IoT)),

Protect Yourself Through The Following Steps

Use passphrases: a series of random words or a sentence

• The more characters your passphrase has, the stronger it is. (contain 10-30 characters,

upper case & lower case characters, numbers & symbols)

*Never use the same passphrase create something that is easy for YOU to

remember

Use a different passphrase for every account or device you have

• for your work or bank account that you use for your personal accounts, such as

Facebook, YouTube, or Twitter * If you have too many passphrases to remember (which is very common), consider

using a password manager (a special program that securely stores all passphrases

for you)

Never share a passphrase

• Exception: only share your passphrase with a highly trusted family member, in case of

emergency, when your loved ones must require access to your critical accounts.

UNCLASSIFIED

UNCLASSIFIED

Unrivaled Global Reach for America … ALWAYS!

PROTECT YOURSELF, cont’d

Only log into accounts on TRUSTED computers or mobile devices• Do not use public computers, such as those at hotels or Internet cafes, to log in to

your accounts

Be careful of websites that require you to answer personal questions

• Use only information that is not publicly available (e.g. internet, Facebook) or

fictitious information you have made up * Select a theme such a movie character and base your answers on that character or,

again, use a password manager

If possible, use two-factor authentication (more than just a passphrase is

required to log in)

• Always enable and use these stronger methods of authentication *many online accounts now offer this form of authentication/verification

Close, delete or disable accounts that you are no longer using

UNCLASSIFIED

UNCLASSIFIED

Unrivaled Global Reach for America … ALWAYS!

TECHNOLOGY + CONVENIENCE

= REDUCED SECURITY

Technology provides a level of

convenience to our lives, but it,

also, requires that we share more

information than ever. The

security of this information, and

the security of these devices

is not always guaranteed.

UNCLASSIFIED

UNCLASSIFIED

Unrivaled Global Reach for America … ALWAYS!

Reporting Identity Theft

In cases of identity theft, you should do the following:

File a report with your local law enforcement agency. Even if your local police

or sheriff’s department doesn’t have jurisdiction over the crime (a common

occurrence for online crime which may originate in another jurisdiction or even

another country), you will need to provide a copy of the police report to your

banks, creditors, other businesses, credit bureaus, and debt collectors.

Contact one of the three credit bureaus to report the crime (Equifax at 1-800-

525-6285, Experian at 1-888-397-3742, or TransUnion at 1-800-680-7289).

Request that the credit bureau place a fraud alert on your credit report to

prevent any further fraudulent activity (such as opening an account with your

identification) from occurring.

Contact your bank and other financial institutions. Close any unauthorized or

compromised credit or charge accounts. Cancel each credit and charge card.

Get new cards with new account numbers.

UNCLASSIFIED

UNCLASSIFIED

Unrivaled Global Reach for America … ALWAYS!

Report Phishing

What is Phishing? The fraudulent practice of sending emails purporting to be from

reputable companies in order to induce individuals to reveal personal information, such

as passwords and credit card numbers.

US-Computer Emergency Readiness Team reminds users to protect against email

scams and cyber campaigns using the Ebola virus disease (EVD) as a theme.

Phishing emails may contain links that direct users to websites which collect personal

information such as login credentials, or contain malicious attachments that can infect

a system.

Users are encouraged to use caution when encountering these types of email

messages and take the following preventative measures to protect themselves:

1. Do not follow unsolicited web links or attachments in email messages.

2. Maintain up-to-date antivirus software.

3. Refer to the Using Caution with Email Attachments Cyber Security Tip for

information on safely handling email attachments.

4. Refer to the Avoiding Social Engineering and Phishing Attacks Cyber

Security Tip for information on social engineering attacks.

UNCLASSIFIED

UNCLASSIFIED

Unrivaled Global Reach for America … ALWAYS!

Little Rock AFBNETWORK INCIDENT REPORTING AID

OPSEC DO NOT DISCUSS/TRANSMIT CRITICALINFORMATION VIA NON-SECURE MEANS

STEP

1

STEP 2

STEP 3

STEP 4

STEP

5

A CMI is defined as a classified message that has been sent and/or received over an unclassified network. Classified Spillage is defined as any Classified information

discovered on a system of a lower classification.

STEP 1

STEP 2

STEP 3

PHISHING E-MAILS

COMPUTER VIRUSREPORTING PROCEDURES FOR USERS

NOTE: When reporting a suspected virus to your IAO and the COMM FOCAL POINT (CFP) ensure that you give the following information to the technician:

- Event Date and Time- Report Date and Time- Your name, telephone number, bldg, and organization

- Name of your IAO- Location of infected system(s)

Little Rock AFBNETWORK INCIDENT REPORTING AID

OPSEC DO NOT DISCUSS/TRANSMIT CRITICALINFORMATION VIA NON-SECURE MEANS

CLASSIFIED MESSAGE INCIDENT (CMI)CLASSIFIED SPILLAGE

REPORTING PROCEDURES FOR USERSA CMI is defined as a classified message that has been sent and/or received over an

unclassified network. Classified Spillage is defined as any Classified information discovered on a system of a lower classification.

STEP 1

STEP 2

STEP 3

COMPUTER VIRUSREPORTING PROCEDURES FOR USERS

NOTE: When reporting a suspected virus to your IAO and the COMM FOCAL POINT (CFP) ensure that you give the following information to the technician:

- Event Date and Time- Report Date and Time- Your name, telephone number, bldg, and organization

- Name of your IAO- Location of infected system(s)

DISPLAY/POST THIS AID NEAR

COMPUTER WORKSTATION

DISPLAY/POST THIS AID NEAR

COMPUTER WORKSTATION

STEP

1

STEP 2

STEP 3

STEP 4

STEP

5

STEP

1

STEP

2

STEP

3

Unit Security Manager (USM)

Information Assurance Officer(IAO)

Comm Focal Point (CFP) Extension: 987 – 2666 Opt. 2

Name:

PHISHING E-MAILS

STEP

1

STEP

2

STEP

3

Unit Security Manager (USM)

Information Assurance Officer(IAO)

Comm Focal Point (CFP)

CLASSIFIED MESSAGE INCIDENT (CMI)CLASSIFIED SPILLAGE

REPORTING PROCEDURES FOR USERS

Extension: 987 – 2666 Opt. 2

Ext:

Ext: Ext:

Ext:

Name:

Name:

Name:

STOP! DISCONNECT THE LAN CABLE.Discontinue Use

LEAVE THE SYSTEM POWERED UP.DO NOT click on any prompts, close any windows, or shut down the system.

If a message appears on the monitor of the affected system - WRITE IT DOWN!WRITE DOWN ALL ACTIONS that occurred during the suspected virus attack. (Did the virus come from an e-mail attachment, CD or DVD, diskette, etc..?)

REPORT IT IMMEDIATELY! Contact your unit’s Information Assurance Officer (IAO). The IAO will contact the COMM FOCAL POINT (CFP) at 987-2666 Opt. 2

STOP! DISCONNECT THE LAN CABLE of the affectedcomputer system(s) and/or printer(s)

SECURE affected system(s) and/or printer(s), maintain positive control. Store in a GSA-approved container or vault, or post a guard with the appropriate clearance.

REPORT INCIDENT IMMEDIATELY by secure telephone or in person to your Unit IAO. The Unit IAO will contact the Security Manager and COMM FOCAL POINT (CFP) located in building 988B.

* Do not report or discuss incident over unsecure line.

DO NOT REPLY, and never provide ANY information or click on any links!

Right click on email, click on Junk Email, then Add Sender to Blocked Senders List.

Delete all Junk Email from the Junk Email Box.

STOP! DISCONNECT THE LAN CABLE.Discontinue Use

LEAVE THE SYSTEM POWERED UP.DO NOT click on any prompts, close any windows, or shut down the system.

If a message appears on the monitor of the affected system - WRITE IT DOWN!WRITE DOWN ALL ACTIONS that occurred during the suspected virus attack. (Did the virus come from an e-mail attachment, CD or DVD, diskette, etc..?)

REPORT IT IMMEDIATELY! Contact your unit’s Information Assurance Officer (IAO). The IAO will contact the COMM FOCAL POINT (CFP) at 987-2666 Opt. 2

STOP! DISCONNECT THE LAN CABLE of the affectedcomputer system(s) and/or printer(s)

SECURE affected system(s) and/or printer(s), maintain positive control. Store in a GSA-approved container or vault, or post a guard with the appropriate clearance.

REPORT INCIDENT IMMEDIATELY by secure telephone or in person to your Unit IAO. The Unit IAO will contact the Security Manager and COMM FOCAL POINT (CFP) located in building 988B.

* Do not report or discuss incident over unsecure line.

DO NOT REPLY, and never provide ANY information or click on any links!

Right click on email, click on Junk Email, then Add Sender to Blocked Senders List.

Delete all Junk Email from the Junk Email Box.

LITTLEROCKAFBVA 33-2 (Per AFMAN 33-282)

RELEASABILITY: There are no releasability restrictions on this publication

LITTLEROCKAFBVA 33-2 (Per AFMAN 33-282)

RELEASABILITY: There are no releasability restrictions on this publication

UNCLASSIFIED

UNCLASSIFIED

Unrivaled Global Reach for America … ALWAYS!

DISPLAY/POST THIS AID NEAR

COMPUTER WORKSTATION

Network User “DO’s and DON’Ts”

Don’t connect privately-owned media orpersonal devices to your computer. Cell phones(government issued cell phones are included),personal external hard drives, iPods, personallyowned thumb drives or any personally owneddevices are forbidden from being used ongovernment systems. (These items are also notauthorized in secured areas!)

Don’t connect ANY device to your government owned computer without getting authorization from your Unit IAO.

Don’t install, relocate, modify, or remove end user devices without prior coordination with your Unit IAO.

Don’t download a game or program from theInternet without formal software approval.

Don’t leave your computer unattended withoutremoving your CAC from the CAC reader!

Do complete DoD IA training prior to accessing agovernment owned IS.

Do report suspicious activity. As the INFOCONlevel escalates, personnel should becomeincreasingly mindful of situations that indicateinformation may be at risk. Stay alert for possiblecomputer viruses/malicious code attacks andunauthorized persons asking for potentiallysensitive information, i.e. user-ids, passwords,website or E-mail addresses. Heighten yourawareness for signs that your E-mail, loginaccount, or other correspondence might havebeen tampered with or opened.

Do review AFMAN 33-152, USERRESPONSIBILITIES AND GUIDANCE FORINFORMATION SYSTEMS.

DISPLAY/POST THIS AID NEAR

COMPUTER WORKSTATION

:

Network User “DO’s and DON’Ts”

Don’t connect privately-owned media orpersonal devices to your computer. Cell phones(government issued cell phones are included),personal external hard drives, iPods, personallyowned thumb drives or any personally owneddevices are forbidden from being used ongovernment systems. (These items are also notauthorized in secured areas!)

Don’t connect ANY device to your government owned computer without getting authorization from your Unit IAO.

Don’t install, relocate, modify, or remove end user devices without prior coordination with your Unit IAO.

Don’t download a game or program from theInternet without formal software approval.

Don’t leave your computer unattended withoutremoving your CAC from the CAC reader!

Do complete DoD IA training prior to accessing agovernment owned IS.

Do report suspicious activity. As the INFOCONlevel escalates, personnel should becomeincreasingly mindful of situations that indicateinformation may be at risk. Stay alert for possiblecomputer viruses/malicious code attacks andunauthorized persons asking for potentiallysensitive information, i.e. user-ids, passwords,website or E-mail addresses. Heighten yourawareness for signs that your E-mail, loginaccount, or other correspondence might havebeen tampered with or opened.

Do review AFMAN 33-152, USERRESPONSIBILITIES AND GUIDANCE FORINFORMATION SYSTEMS.

UNCLASSIFIED

UNCLASSIFIED

Unrivaled Global Reach for America … ALWAYS!

UNCLASSIFIED

UNCLASSIFIED

Unrivaled Global Reach for America … ALWAYS!

UNCLASSIFIED

UNCLASSIFIED

Unrivaled Global Reach for America … ALWAYS!

Air Force Instruction 33-200 (31AUG15)

www.e-publishing.af.mil

POC: AMC/A6XS

DSN 779-6298