Marine Corps News February 28, 2000DIGITAL WAR SIMMERS IN THE NET
By Cpl. Jim Perkins
CAMP LEJEUNE, N.C. (Feb. 28) -- In recent news, computer hacker attacks on major internet sites have created doubts about the stability and security of the electronic medium. Marine Corps leaders are facing the reality that along with the benefits of the internet they subject their systems to vulnerability to groups whose goals are mischief or worse. The responsibility for defending the network within 26th Marine Expeditionary Unit (26th MEU), falls to the Marines of the Information Systems Management Office (ISMO) of the Command Element (CE).
According to Sgt. Gary D. Gresham, the ISMO Chief, the Marine Corps puts several layers of protection up to secure its systems from attack.
"We use a series of firewalls, computer software that acts as gatekeepers to the networks," said the Springfield, Ill. native. "For a hacker to get through to our network, they need to penetrate at least three layers of security."
But even the best security can't stop a determined threat. Gresham stated that the best hackers don't even leave traces of their violations.
"Usually we can tell when someone has been on the system because the servers log all entries into and out of the network, but when the hacker is good we don't notice until later when a virus surfaces," said Gresham.
However, according to Cpl. Anthony M. Fifield, a small computer systems specialist with the ISMO office, 85 to 90 percent of attacks come from inside the network.
"Most of the time it is unintentional. Either a Marine is receiving them through email attachments or software or they are loading personal software onto their work computers without taking proper precautions to scan for viruses," said Fifield, a native of International Falls, Minn.
Marines and Sailors are allowed to use computers at their workstations to send and receive personal e-mail both in garrison and aboard ship. Most ships also have a room set aside with a bank of computers for off-duty crewmembers. Anyone with a computer can send e-mail to service personnel anywhere, as long as the Marine has an e-mail address and access to a computer.
DoD Directive 5500.7-R º2-301 says brief communications made by DoD employees while they are traveling on Government business to notify family members of official transportation or schedule changes are legal. Also legal are personal communications from the DoD employee's usual work place that are most reasonably made while at the work place such as; checking in with their spouse or children, scheduling doctor and auto or home repair appointments, brief internet searches and e-mailing directions to visiting relatives when such communications:
(a) Do not adversely affect the performance of official duties by the DoD employee or the DoD employee's organization;
(b) Are of reasonable duration and frequency, and whenever possible, made during the DoD employee's personal time such as after duty hours or lunch periods;
(c) Serve a legitimate public interest (such as keeping DoD employees at their desks rather than requiring the use of commercial systems; educating the DoD employee on the use of the communications system; improving the morale of DoD employees stationed for extended periods away from home; enhancing the professional skills of the DoD employee; job-searching in response to Federal Government downsizing);
(d) Do not put Federal Government communications systems to uses that would reflect adversely on DoD or the DoD Component (such as uses involving pornography; chain letters; unofficial advertising, soliciting or selling except on authorized bulletin boards established for such use; violations of statute or regulation; inappropriately handled classified information; and other uses that are incompatible with public service); and
(e) Do not overburden the communication system (such as may be the case with broadcasts and group mailings), create no significant additional cost to DoD....
Electronic messages can be sent and read in privacy, but they are also checked randomly to ensure operational security.
When faced with the potential of hostile action, even the slightest bits of information become intelligence data. An accidental slip of location or emailing someone the time in which a unit will go ashore can be intercepted and used by the enemy.
"People have been disciplined from sending classified information in their e-mail," said Fifield. "If we get a real world mission, the phone lines and e-mail on a ship will be shut down to maintain information security."
But perhaps the most common danger is the sharing chain mail and photos found on the Internet with friends. According to Cpl. Edward L. Abraham, even though Marines have been cautioned about the receipt of chain emails, there is nothing in the system to monitor the content of the emails coming into the network.
"We must count on the Marines to police themselves," said Abraham. "If they get these emails they have done nothing wrong, as long as they delete them immediately and are quick to notify us when they do receive suspicious mail."
Much of the success of the ISMO team comes from educating the Marines on these dangers and keeping them up to date with the latest virus software. Weekly updates for virus software are installed on every machine on the network. Also, each Marine receiving an email account must read and sign a statement of responsibility and understanding about information security. In the end it still comes down to the individual Marine to protect and defend the security of the network, but the ISMO team is there to guide them in the right direction.
-30-