Protect personal information in cyberspace
By Staff Sgt. Benjamin W. Stratton, 92nd Air Refueling Wing Public Affairs
/ Published December 10, 2013
FAIRCHILD AIR FORCE BASE, Wash. -- With the threat of cyber warfare and the greater need to protect Personally Identifiable Information, Fairchild Airmen need to be aware of the information they transmit over the Air Force Network.
If not, policy violators will now have their accounts locked until remedial training and/or other disciplinary actions are committed.
"If you send PII not encrypted over the network, it has the possibility to fall into the hands of individuals without the need to know or see that information," said Jamie Burnett, the base privacy act officer assigned to the 92nd Communications Squadron. "Emails containing PII must be digitally signed, encrypted and stay within military confines."
The 68th Network Warfare Squadron and 352nd Network Warfare Squadron, as the Cyberspace Defense Analysis Weapon System, began actively monitoring the AFNET for PII breaches and violations Oct. 24. When a PII breach is identified, it is reported to the 624th Operations Center and the formal reporting process is initiated.
"A violator's account will only be unlocked once the first O-6 in their chain of command certifies that the individual has accomplished all necessary actions, to include remedial training," said Maj. Gen. J. Kevin McLaughlin, the Commander of 24th Air Force and Air Forces Cyber.
The 624th OC, as the Cyber Command and Control Mission System Weapon System, then reports the AFNET PII breach to the 24th Air Force Commander, which will result in locking the violator's AFNET account and notification to individual's wing commander.
"It is paramount for Fairchild Airmen to remain vigilant of possible PII breaches by protecting other's information as well as their own," Burnett said.
These new actions are in addition to, and do not circumvent or replace, the normal Privacy Act notification process which is already in place throughout the Air Force. Air Force Instruction 33-332 governs the PII breach reporting process as well as the consequences for PII violations.
"Consequences of violating these instructions are determined in severity by each situation," said Burnett. "The penalties can be anything from remedial training to an Article 15. The harshness is based on the individual's commander, but the most common is remedial training."
To avoid being reprimanded for incorrectly sending PII through cyberspace, knowing what can be considered PII is extremely important. The Air Force defines PII as any information about an individual that can be used directly, or in connection with other data, to identify, contact or locate that person and can include such information as: full name, address, Social Security number, medical, educational, financial, legal and employment records.
A PII breach is defined as a loss of control, compromise, unauthorized disclosure, unauthorized acquisition, unauthorized access or any similar term referring to situations where persons other than authorized users, and for an other than authorized purpose, have access or potential access to PII, whether physical or electronic.
"My intent is to increase awareness within the Air Force as part of my responsibility to ensure the security and defense of the AFNET and its users," said Gen. William L. Shelton, the Commander of Air Force Space Command. "PII violations create both a personal and operational risk for all of us."
Additional information on protecting PII can be found on the Air Force Portal under the Cyber Threats and Information tab as well as at http://dpclo.defense.gov/privacy/.
[Editor's note: Maj. Brooke Brander, Air Force Space Command Public Affairs contributed to this localized article.]