Written by Reid Oslin, Coast Guard Auxiliary
A team of Coast Guard cyber security experts is working hard to make sure you are the only person looking at your computer screen right now.
Chief Warrant Officer DeAnna Melleby is the Information Systems Security Officer for the Coast Guard Command, Control, Communication and Information Technology (C4IT) unit at CG Base Boston responsible for the safe-keeping of the Coast Guard’s computers in the Northeast region. She says in today’s computer-oriented world – brimming with cell phones, constant internet connection, information sharing and social media – there are plenty of opportunities for those looking to hack into personal and government systems with malfeasance in mind.
In spite of the security warning screens that accompany the opening of every government computer workstation, Melleby noted that unauthorized or sensitive information is frequently at risk.
“We constantly have to remind people that you just can’t sit at your workstation and put ‘whatever’ out there on a public forum,” she said. “A lot of people are fairly nonchalant when it comes to things like social media and sometimes that behavior comes into the office.”
“We often get things like pictures of various Coast Guard operations,” Melleby said. “People who have taken pictures of a vessel boarding they may have been participated in and then posted about them on Instagram or Facebook. You just cannot do that. Not only are you opening yourself up to people who have malicious intent against our military or military members on social media, but you are also opening up things that could give someone the chance to manipulate a person with information on, say, Coast Guard operations.”
“There’s a lot of operational security things, too,” Melleby continued. “We want to make people aware that you cannot be e-mailing Coast Guard business outside of the Coast Guard network.”
Some security problems can be even more basic than that.
“Some of our biggest offenders are people who just want to plug their phones in to charge them on the workstation’s USB port,” Melleby said. “Androids and smart phones are some of the easiest hacks and they are huge targets for malware and other malicious codes. Can you imagine someone who has a device that has been compromised and then they plug it in to a workstation? They would unwittingly put all of that stuff onto our network.”
Melleby also encourages people not to save information directly onto the desktop of their computers.
“If your computer is compromised, someone could access anything on your C-Drive. If you were to have Coast Guard financial information, for example, and you unwittingly let someone have access to your computer, then they could have access to all of your financial files.”
Melleby noted that her department, which is part of the Coast Guard’s C4IT Field Services Division in Virginia, has an array of countermeasures to keep the service’s computers secure, and security begins as soon as the individual turns on the computer.
“We have a ‘sniffer’ program that is run throughout the entire Coast Guard network,” she said. “It has parameters set up to look for people plugging in USBs that are not authorized. There’s code on here so that when you plug in, the computer can identify that device to be a cell phone or whatever device they are using.”
“The ‘sniffer system’ is set up to identify this type of activity and we do have it on each of our workstations, along with anti-virus, anti-spam and software that helps us to identify a problem,” she said. “When it gets triggered, it will report back to our cyber command that someone is doing something not authorized. We’ll send an e-mail from cyber command that the problem is recognized and it will flag who was logged on to the computer at the time and what type of device it was – a USB flash drive, a cell phone or whatever.”
More serious breaches will cause the cyber center to immediately shut down the compromised workstation.
“If serving in the Coast Guard is your job, you should realize job-related information, even if it is unclassified, is still considered sensitive and may be something not authorized for public release,” Melleby said. “That especially goes for the information of members who may routinely pass by yeomen, health service specialists, financial people and the like – as well as our operational strategies.”
Melleby added that members and employees are not permitted to send their work to their home computers. Use of “auto forward” functions is also not permitted and “out of office” e-mail messages must include a caveat that Coast Guard business cannot be forwarded to a private e-mail address.
“It’s pretty much the rule that what is discussed in the Coast Guard stays in the Coast Guard,” she said.
Melleby, who has served in the Coast Guard for 26 years, and Chief Petty Officer Leife Martin, an information system technician, work diligently to make service members and employees aware of the dangers of computer hacking and the critical need for constant security. Their efforts range from in-house presentations at various commands, to the distribution of weekly security e-mails, to the recent development of a trivia-type computer security game that spotlights on-going and emerging security concerns.
“It’s just so important to be aware,” Melleby said. “With so much hacking and identity theft out there, it’s pretty easy for people to go into computers and steal you information, and, quite possibly, to mess up your whole life.”