Released: 18 Feb 2000
According to David Mike, chief of U.S. Strategic Command's Information System Security Policy and Accreditation section, the command's information security program is "a textbook example of an in-depth strategy to insure the availability of systems and the confidentiality and integrity of information."
Mike says that success stems from USSTRATCOM's use of multiple layers of information defenses.
External routers provide the first level of USSTRATCOM's defense. These interconnected devices block unwanted computer addresses from entering USSTRATCOM's networks. Unwanted addresses include sites from which attacks have come or which have a high probability of initiating an attack.
"Our next layer of defense is an intrusion detection system, an automated security tool that monitors network traffic and detects unauthorized network activity," explained Mike.
Despite all these measures, Mike explained that concerns over malicious computer code have driven the command to take their defenses to an even higher level.
"Recent computer viruses like Melissa and BubbleBoy were pointed reminders that malicious code is still a security threat to information systems and networks. To counter those threats at USSTRATCOM, we installed a mail content scanner which checks the subject and textual content of e-mail against established policy," Mike said.
Mike added the scanner also checks for the inclusion of non-textual data, such as video and audio, which can be used to host viruses.
"Years ago a vertical metal plate was placed in automobiles for the purpose of keeping an engine fire out of the passenger compartment: it was called a firewall," he explained. "In our computer networks, the third level of defense is a system that enforces a 'firewall' between the Internet (source of the 'fire') and our internal networks (the 'passenger compartment')."
While these and other mechanisms provide a strong defense against computer network attacks, Mike said the most important factor in the equation of IA is user awareness and discipline.
"Knowledge is the 'silver bullet' of IA," he said. "Through our training programs, users and system administrators are given timely, relevant training in a variety of topics. As a result, our personnel -- our best line of defense -- realize the critical nature of security and take responsibility for adhering to sound security policies and procedures." (Courtesy of USSTRATCOM Public Affairs)
RELATED SITES
* Offutt Air Force Base, Neb.
* U.S. Strategic Command