Download this article in .PDF format
This file type includes high resolution graphics and schematics when applicable.

Data security is essential for commercial and defense-based systems alike, with one key difference between the two groups of applications: compromising data in a commercial system can mean financial loss, while theft or loss of data in a defense-based system can result in loss of life. The data protection methods used in the two application areas are often similar, but—between the growing sophistication of electronic systems and the increasing amounts of data used by military systems—efforts to protect and preserve this data must be stepped up.

Computer securityModern databases and data are synonymous with computers and computer systems, and with software suppliers such as Microsoft. Such software and operating-system (OS) suppliers must constantly check their products for weaknesses. This past September, in fact, Microsoft coordinated a patch release for some of its software.

The firm had addressed a proof-of-concept (PoC) portion of its XMLDOM code, which was first released in April 2013. Unfortunately, vulnerabilities within the software were exploited in an attack on Microsoft OS systems against the United States Veterans of Foreign Wars website in attempts to infect the site and steal data. Fortunately, a security team from Microsoft became aware of the vulnerability in their code and was able to put out a patch to protect against data attackers.

With an ever-growing number of cyber attacks, efforts to protect data may never be sufficient to ensure complete security. According to a 138-page report in 2013 from the Rutgers University Office of Information Technology, assembled by a 33-member panel of civilian and government experts for the Pentagon, the U.S. military is not prepared for a full-scale cyber attack. According to the report, the data security efforts by the U.S. Department of Defense (DoD) are fragmented at best and will not provide adequate security.

In contrast to efforts against individuals and their personal incomes, when data hackers line up government or defense-based targets, they are typically looking for classified data that can be sold to enemies of the government or military. Efforts by the military at protecting data are now typically categorized as part of the U.S. Armed Forces’ information security (INFOSEC) programs, and a number of different websites offer support on maintaining INFOSEC services (for example, www.infosyssec.com).

Of course, most of the efforts at maintaining data security with the Armed Forces and government agencies begin with the DoD and the DoD’s Defense Information Systems Agency (DISA). DISA helps manage the Defense Information System Network (DISN), which offers many online and video educational courses to help maintain data security and provides details on the latest expected threats.

In addition, the DoD’s Defense Security Service (DSS) provides excellent guidance on data security regarding new and even legacy computer systems. The organization offers white papers and webinars to provide the latest information on threats and how to achieve the highest levels of data security, even for legacy computer systems such as those based on Microsoft Windows XP OS.

The DSS recognizes the efforts of its personnel and contractors by means of different ratings. For industrial contractors, for example, the ratings system helps acknowledge when sufficient efforts have been made to protect data security. The DSS recently gave a “Superior” rating to one of its contractors, a Lockheed Martin facility in Fort Worth, Tex., for security practices in handling classified data. Earning the rating means those contractors must meet the requirements of the National Industrial Security Program Operating Manual, including in raising the security awareness of its employees.

With more than 12,000 employees at the facility (which operates production lines for the F-35 and F-16 fighter aircraft), achieving the high security rating was no small feat. As noted by Steve Wheeler, Lockheed Martin’s director of security and emergency services, “a Superior rating is particularly meaningful for the men and women who serve in our military and rely on aircraft and other capabilities we develop and produce.”

The Deputy Under Secretary of the Navy (Policy) has been designated as the Department of the Navy’s Security Executive for data security and other related matters. As with many of the other military branches, the U.S. Navy provides extensive training and educational courses on improving data security, including the Center for Development of Security Excellence (CDSE).

Specifically, the CDSE offers DISA course DS-IA107.06, “DoD Intrusion Detection System (IDS) Analysis Part II.” The three-hour course explores how to identify malicious online traffic and how to perform intrusion analysis on raw network packet data. It is aimed at DoD information system professionals and U.S. government personnel and contractors.

The U.S. Army website includes a link to the iSALUTE site as a means to report counterintelligence information for the full Army community. The link, which does not require a login, helps promote foreign threat awareness as a way to protect against possible espionage and improve government/military data security . The U.S. Army Information Assurance Training Center has been established as a centralized site to help with training and awareness concerning cyber threats and maintaining data security under all circumstances. Also, the Army’s Intelligence and Security Command (INSCOM) maintains a website to assist data professionals with security and help maintain the integrity of both classified and unclassified.

The US Army also maintains a public website for its Information Technology Agency (ita.army.mil), mainly to cover unclassified data security topics and keep the general public apprised of news and data-related topics at the Pentagon. Additional sites that are connected to individual branches of the military, such as the Information Security (INFOSEC) site at Fort Belvoir, also offer excellent educational tools and resources on achieving and maintaining data security.

Download this article in .PDF format
This file type includes high resolution graphics and schematics when applicable.