Team Andersen’s Cyber Culture instilled: CCRI results prove it

  • Published
  • By Airman 1st Class Anthony Jennings
  • 36th Wing Public Affairs
ANDERSEN AIR FORCE BASE, Guam --  After every stone was turned, every file searched and every common access card secured, the results of the recent Command Cyber Readiness Inspection have finally been released.

Team Andersen received an "Outstanding" rating for its Secret Internet Protocol Router Network inspection and an "Excellent" rating for its Non-classified Internet Protocol Router Network inspection.

"I am personally impressed with the 36th Communications Squadron and the entire wing's efforts to prepare for this inspection," said COL. Kent Simon, Defense Information Systems Agency Pacific Air Forces commander. "While formal inspection results reflect excellent technical preparation and performance, the intangibles are even better. Bottom line, my hat's off to your folks and their performance across the board this week was outstanding."

During the recent CCRI, the ability of each Andersen servicemember to uphold IA standards was examined and put to the test.

Five inspectors from Defense Information Systems Agency Field Security Office came to Andersen to determine whether or not the installation as a whole had instilled a cyber culture within its mission.

If the end result of the inspection had been unsatisfactory, the installation could have been disconnected from the Global Information Grid. Every service within the Department of Defense is connected to this GIG, and it is how the Air Force has access to the worldwide network.

"It's often called the cloud in the sky," said Lt. Col. Jeffrey Sorrell, 36th Communications Squadron commander. "It's basically a multitude of interconnected networks that allow us to pass information. Each installation is connected to their respective service network which is connected to the global Department of Defense network. An installation can have their SIPRNet and NIPRNet disconnected from the DoD GIG if an inspection goes bad."

"If the inspectors come and do not feel the proper cyber culture across the installation is taken seriously, or the proper processes and procedures are not in place within the communications squadron to protect and remediate all known vulnerabilities, the entire base will be disconnected from the GIG," said Colonel Sorrell.

The DISA team focused three of their inspectors solely on the communications squadron, looking at all network infrastructure components and all devices connected to them.

"They have scanning tools to run against all devices, whether its printers, digital senders or workstations, anything that has network accessibility has the potential to be a network vulnerability," Colonel Sorrell said. "On average each of the roughly 2,300 devices on the network requires 60-70 security patches to maintain its piece of the security net. These scanning tools verified the communications squadron's effectiveness in maintaining these defenses. "

Another inspector was in charge of looking at Andersen's physical security of the networks. That is where the installation as a whole comes in.

"He looked at the cyber culture on base," Colonel Sorrell said. "He was looking for things like unattended CAC cards, if the entry authorization process into classified areas was being followed, if we had our network instant reporting aides visible, and if people knew how to utilize them."

After thorough inspections, the physical security inspector discovered zero vulnerabilities.

"It's a big deal that we, as Team Andersen, have fully embraced the cyber culture, that every user understands their responsibility to protect the network and we've done a great job implementing that within the installation," Colonel Sorrell said. "Now the question is, how do we sustain it? That is the purpose of the CCRI, to not only help people recognize the importance of it, but to implement the processes to sustain it."