NELLIS AIR FORCE BASE, Nev. — Adhering to standard physical security, information security and information assurance policies has never been more important due to today’s ever-evolving cyber threats.
Members of Nellis and Creech Air Force Bases, and the Nevada Test and Training Range can be put to the test on all three areas in a Command Cyber Readiness Inspection, or CCRI.
The CCRI is a comprehensive network inspection designed to assess an installation’s overall cyber readiness and security of its Non-secure Internet Protocol Router Network (NIPRNet) and Secure Internet Protocol Router Network (SIPRNet) systems.
Although the Nellis Complex’s CCRI did not occur during the first vulnerability window in October 2016, the 99th Communications Squadron — who will act as the lead for Team Nellis/Creech/NTTR — expect the inspectors from the Defense Information Systems Agency (DISA) to be on the ground here as early as January 2017.
“We weren’t visited back in October, but we will be inspected at some point so we need to maintain readiness and keep doing what we normally practice on a daily basis,” said Senior Master Sgt. Matthew Stallings, 99th CS Plans and Resources Flight superintendent. “When we get the notice of inspection from the DISA team we will push out a notice to all of the users on base. Inspection vulnerability windows open up again this month and are slated monthly by the DISA team so it is only a matter of time before they choose us.”
Stallings said the inspection team will be looking at everything from unauthorized USB devices — to include phones and electronic cigarettes — plugged into NIPRNet computers, to unattended identification cards or unmarked electronic media laying out in the open, to system vulnerabilities and abnormal SIPRNet up times.
Lt. Col. Robert Curran, 99th CS commander, said CCRIs are being accomplished throughout the Department of Defense to ensure the cyber security of the network as a weapons system.
“DISA has changed its inspection routine this fiscal year from notifying bases months before their visit to now going to a no-notice format and giving the base only a few days’ notice,” Curran said. “This has increased our sensitivity to being ready 365 days a year to open our doors to the inspection team at any time.”
1st Lt. Ron Cadelina, 99th CS CCRI Lead, said the impending CCRI will be the first of its kind here since December 2011.
“We are definitely overdue as they are normally scheduled every two to three years,” Cadelina said. “Over time, they’ve added more components to the inspection, so what we were inspected on in 2011 isn’t even close to what we will be inspected on now.”
Cadelina also explained the importance each individual user plays in not only enabling the installation to pass the inspection, but from keeping potential adversaries of America at bay.
“We have about 15,000 systems on NIPRNet alone and each system is a potential entry point for bad actors. Adversaries are also testing our defensive posture all of the time,” he said. “So I know we’ve all heard it, but we just need to make sure we’re following good cybersecurity procedures daily, like removing your CAC (common access card) when you leave a room, or keeping your system on when you leave for the day so it can receive patches or needed updates.
“Overall, the work of the IT professionals — inside and outside the 99th CS — as well as the vigilance of the users across the installation is exceptional and as long as everyone stays engaged we can do well on a CCRI,” Cadelina continued. “The communications squadron will lead the installation through the inspection, but every unit has a cyber liaison, network administrator or security manager who will play a key role during the inspection and who can also be someone you can go to if you have questions.”