By Scott Prater
Most everyone who works at Schriever understands that the 50th Space Wing conducts a big part of its mission under a classified umbrella. Information vital to U.S. national security is relayed and transferred between people on a daily basis.
Since many of Team Schriever personnel work in office areas and use a computer, the odds of someone inadvertently sharing classified information are magnified.
“That’s why everyone should have guidelines posted on their computer with steps to take should they ever be involved in a classified message incident,” said 2nd Lt. James Vanderwende, 50th Space Wing Information Assurance officer. “When you’re trying to protect information you have to be right every single time, because attackers, or those seeking information, only have to be right once.”
For example, take someone who has access to Global Positioning System information who sends an email to a coworker listing the time and date of a service interruption. That circumstance is considered a CMI and must be reported by the receiver as such.
“It’s important to get the ball rolling as soon as possible,” Lieutenant Vanderwende said. “The first thing people need to do is stop using their computer and unplug their local-area-network cable. Then you need to find someone to physically watch your computer, someone who has the security clearance level of the message that was sent, because now that computer is at the security level of the sent message.”
The CMI receiver then must personally notify the unit’s information assurance officer. From there, the CMI is handled by Communication Focal Point personnel.
“We have a list we follow that helps us identify the message, its sender, the time, date, subject line and other information, and then we get the unit security manager involved,” said Staff Sgt. Nathan Johns, 50th Communications Squadron, CFP supervisor. From there we notify the Integrated Network Operations Center, which clears or sanitizes the offending message.”
Lieutenant Vanderwende compares the effort to the way IAO and CFP personnel also track down and clear phishing attempts from the network.
What’s similar about CMIs and phishing is we depend on users to report the problem,” he said. “There’s no automated message telling us there was a CMI.”
Personnel who commit a CMI face some harsh attention.
Personnel brief the 50 SW Commander, Col. Wayne Monteith, twice per week on missions and the status of the network. One of the topics they cover is CMIs. Colonel Monteith and Col. Michael Finn, 50th Network Operations Group commander, are informed about the time and date of the incident and they learn the identity of the offending person.
“Let’s just say I’ve never heard of anyone causing a second CMI,” said Lieutenant Vanderwende. “If you cause a CMI you’re kicked off the network until it’s cleaned up. And if you have a blackberry, you lose it until it’s cleansed. People need to understand that when you cause a CMI you are letting information out, and we have faltered at protecting that information.”
Prevention of CMIs lies in being conscious and cognizant of what is sent out in an e-mail. Lieutenant Vanderwende also pointed out that CMIs aren’t just limited to unclassified computers.
“A CMI occurs anytime information is shared above the classification of the computer,” he said. “If someone sends top-secret information to a Secret Internet Protocol Router Network computer, that’s a CMI.”
Ultimately, Team Schriever members must remember that CMI’s are often tricky instances.
“Most people aren’t maliciously sending out classified information,” Lieutenant Vanderwende said. “They’re not trying to get themselves kicked off the network and wish to have their names printed on a slide the wing commander is going to see. They just need to keep in mind that if they’re questioning if something is secret, then it probably is. This base is not that big. Maybe you should walk it over to whomever you’re sending it to.”