Have you ever had the hair on the back of your neck stand up just before you hit the send button on the old e-mail machine? If you haven’t, you may just be unaware of the troublesome issues that go along with transmitting information across the ether space.
With the amount and types of information we share every day, have you considered that what goes on the internet is fair game for our adversaries and once it’s out there, it’s out there for good.
So what do you need to know to stay inbounds with the law and more important, keep yourselves and families safe?
First off, know what information is critical information. Air Force Instruction 10-701 states that critical information is “unclassified but sensitive information” that individually or in aggregate paints a picture to our enemies that helps them and hurts us.
The 355th Fighter Wing commander has published a 355th FW critical information list that everyone needs to know. It provides you with what types of information are considered CI and a list of countermeasures used to protect them. It is every Airman’s responsibility to know what CI is and to protect that information from unauthorized release. This list is available on the XP SharePoint page, posted in your units and available through your unit Operations Security coordinator.
One key piece of CI is personal privacy act data, or Personally Identifiable Information. When a person’s PII is compromised, it can have serious, lifelong impacts. Identity theft can clean out your bank account, wreck your credit, and ruin your security clearance. Most importantly, it puts you and your family in harm’s way.
So how do you protect PII? According to the 355th FW CIL, our countermeasures include use of personal identity information only when required in an official capacity, use of a PII cover sheet when physically transferring PII and digital encryption of electronic forms of PII communication.
First off, understand that to transmit PII, there needs to be a valid official use for this data. That’s why PII will always be handled as for official use only at a minimum. If there isn’t an official need for PII, don’t disclose, transmit or store it. If there is an official need, then it needs to be protected in transit (physically or electronically). To determine how to appropriately protect or label PII, refer to the Department of Defense directive 5200.01 Volume 4.
If you are sending PII via electronic media, you must encrypt it to protect the message by converting it from a readable plain text into scrambled cipher text. In order to encrypt the message you are sending click the lock-box envelope button in the options ribbon within the message you are composing.
Ask yourself before you send any PII; would I want this information to be in the hands of someone who wants to do my family harm?
If you don’t think this information gets out, think again. The Air Force has put in place an organization called the Telecommunications Monitoring and Assessment Program, whose goal is to scan our networks looking for performance with the respect to OPSEC and Information Security.
If you are the unlucky person who sends that unencrypted CI message out, the men and women at TMAP will find you and report the incident. Their goal is not to provide fodder for punishment but to correct the deficiency and train our people how to do it right.
Make no mistake, unauthorized disclosure of CI or PII can be prosecuted under the Uniform Code of Military Justice and can carry stiff civil penalties. Our goal is to ensure we don’t do the enemy’s job for them.
Operations Security is like Frank’s Hot Sauce slogan “put that stuff on everything.” If you have any questions concerning OPSEC, PII, FOUO or Critical Information, first contact your unit OPSEC coordinator. If they can’t answer your questions call the 355th FW signature management officers, Maj. Ken Knox or the signature management noncommissioned officer Tech. Sgt. Christopher Poole at 228-1236 or e-mail to DMOPSEC@dm.af.mil