With a significant number of social-engineering attacks being the consequence of human error, training, supervision and accountability are key strategies to curtail the risk of jeopardizing vital Army operations, says Director of the Army Cyberspace Task Force Maj. Gen. Steven Smith.
In an interview with The New New Internet, Smith spoke about what preventative methods the Army is taking to safeguard its personnel against cyber attacks and spear phishing attempts. Smith said the soldiers, the departments, and civilians and contractors must be provided with appropriate training and supervision, and then be held accountable for their work.
Categorizing the process into three aspects, Smith said the offensive cyber strategy involves technology, processes and people. To prevent successful cyber attacks, especially malicious software that comes with spear fishing, the Army continues to develop and implement technology that will stop many malicious attempts at the perimeter, he said.
“We are constantly looking at what our sister services are doing and we collaborate liberally on a daily basis to find out what's the best technology to prevent the current and future threats,” Smith said.
For the process in terms of training, the Army tries to figure out the best way to reach the young soldier, middle management, and senior management within the Army, and teach them how to recognize the threat and how to take appropriate action, he said.
“The bottom line up front is: it is always about the people,” Smith said. “When you are talking about a network that may have over a million users worldwide, the critical piece is how they are trained, the tools that we provide to them and how we hold them accountable so that they don't make the wrong choices.”
As with any new technology, the Army is approaching social media carefully, Smith said. Social-networking sites provide a good opportunity for the Army to tell its story to potential soldiers while simultaneously acting as a virtual bridge for deployed soldiers and their families, he said. However, with the recent case of an Israeli soldier who compromised an operation by posting comments on a social-networking site, soldiers need to find a balance.
“Our soldiers, civilians and contractors that do great work for the Army have to make sure they understand the cause and effect of their actions on these social networking sites,” Smith said. “If you cancel that capability, then you are closing out the Army to its citizens and business partners and tremendous collaborative tools.”
When asked about what threats to the Army’s networks worries him the most, Smith said it was the unknown that concerned him.
“The threat that worries us the most is the threat we don't know about,” he said. “I don't know what I don't know. This will always be a leader's biggest concern. All of the other threats that are current with zero-day exploits, insider threats, etc., are no different for the Army than they are for a bank or technology company. For those of us in this business, particularly in active defense, you are probably most concerned about the threat you don't know about.”