24th Air Force   Right Corner Banner
Join the Air Force

Library > The Cyber Space
The Cyber Space

Welcome to the Cyber SpaceWelcome to the Cyber Space - where readers can find information of interest and cyber security tips provided by 24th Air Force and other government entities. The content is intended to be a "one-stop shop" of useful and educational links, stories and materials for both Air Force members and the public. All content is unclassified and can be shared with family and friends. If you have suggestions of additional, non-copyrighted content, please  e-mail the 24th Air Force Public Affairs office at 24af.pa@us.af.mil.
tabAFCYBER Commander's Highlights 
The NSA's Cyber Best Practices for Home ComputingBest Practices for Keeping Your Home Network Secure
This document is one of many the Information Assurance Directorate of the National Security Agency freely provides to the public outlining practical tips for improving the security of all kinds of applications, operating systems, routers, databases and more. This latest guide will go a long way in helping those who are interested to protect both their public and private networks.
tabWhite House Fact Sheets on Cyberspace 
tabU.S. Government Reports on Cyber 
Department of Defense Cyberspace Policy Report
The Department of Defense has delivered a report to Congress outlining the Pentagon's cyber security policy in accordance with the National Defense Authorization Act.

An excerpt of the report's introduction is as follows:

Cyberspace is a critical enabler to Department of Defense (DoD) military, intelligence, business and, potentially, civil support operations. While the development and integration of cyber technologies have created many high leverage opportunities for DoD, our increasing reliance upon cyberspace also creates vulnerabilities for both DoD and the Nation


GAO Report - Social Media in Federal AgenciesGAO Report to Congressional Requesters on social media use in federal agencies

GAO was asked to (1) describe how federal agencies are currently using commercially provided social media services and (2) determine the extent to which agencies have developed and implemented policies and procedures for managing and protecting information associated with this use. To do this, GAO examined the headquarters-level Facebook pages, Twitter accounts, and YouTube channels of 24 major federal agencies; reviewed pertinent policies, procedures, and guidance; and interviewed officials involved in agency use of social media.

CRS Report on Promoting Global Internet FreedomCongressional Research Service Report on Promoting Global Internet Freedom: Policy and Technology

This report provides information about federal and private sector efforts to promote and support global Internet freedom, a description of Internet freedom legislation from the 112th Congress, and suggestions for further reading on this topic. Two appendixes describe censorship and circumvention technologies.

CRS Report on Terrorist Use of the InternetCongressional Research Service Report on Terrorist Use of the Internet: Information Operations in Cyberspace

This report describes the ways that international terrorists and insurgents use the Internet, strategically and tactically, in pursuit of their political agendas. This discussion covers terrorist information operations in cyberspace but does not discuss similar activities in other domains. The government response is also discussed in terms of information operations. Technical aspects of cybersecurity and network intrusion detection are outside the scope of this report.

Congressional Research Service Report on SpywareCongressional Research Service Report on Spyware: Background and Policy Issues for Congress

The main issue for Congress over spyware is whether to enact new legislation specifically addressing spyware, or to rely on industry self-regulation and enforcement actions by the Federal Trade Commission and the Department of Justice under existing law. Opponents of new legislation argue that industry self-regulation and enforcement of existing laws are sufficient. They worry that further legislation could have unintended consequences that, for example, limit the development of new technologies that could have beneficial uses. Supporters of new legislation believe that current laws are inadequate, as evidenced by the growth in spyware incidents.
tabAcademic Work in Cyberspace 
Naval Postgraduate School Thesis on Optimizing Security of Cloud Computing within the DoDNaval Postgraduate School Thesis on Optimizing security of cloud computing within the DoD

What countermeasures best strengthen the confidentiality, integrity and availability of the implementation of cloud computing with the DoD? This question will be answered by analyzing threats and countermeasures within the context of the ten domains comprising the Certified Information System Security Professional (CISSP) Common Body of Knowledge (CBK). The ten domains that will be used in this analysis include access control; telecommunications and network security; information security governance and risk management; application security; cryptography; security architechture and design; operations security; business continuity planning and disaster planning; legal regulations, compliance, and investigation; and physical security. The results of this research provide a comprehensive guide for any DoD entity attempting to secure its cloud solution.
tabAir Force Cyber History 
CYBER HERITAGE FACT OF THE WEEK

12 May 1960--The Defense Communications Agency (DCA) was established on May 12, 1960, with the primary mission of operational control and management of the Defense Communications System (DCS). The initial core of DCA members were gathered at Wake Hall, one of a complex of three buildings (which included Midway Hall and Guam Hall) on the site where the parking lot of the Robert F. Kennedy Stadium in Washington, D.C., stands today. Rear Admiral William D. Irvin became the first DCA Director and by September, 1960, had moved his staff of 34 to the 4th floor of the Navy facility in Arlington, Va. The Defense Communications Agency was the forerunner to the Defense Information Systems Agency (DISA).

Microsoft Windows 1.0 activation screen shot

AFCYBER(P) Activation Memo - September 07


24th Air Force Heritage Pamphlet 201124th Air Force Heritage Pamphlet - 2011

This pamphlet walks through the existing history of cyberspace integration into the operations of the U.S. Air Force. It provides insight into how 24th Air Force came into being, and provides documentation of the historical records that exist in the evolution of this manmade domain and the operations conducted in, from and through cyberspace.



Air Forces Cyber Documentation

The development of cyberspace operations within the U.S. Air Force has taken years of transformation and input from many different leaders across the force. Listed below are documents which have laid the foundation for all future cyberspace operations within the U.S. Air Force.

Cyberspace added to Mission Statement - December 2005

Establishment of an Operational Command for Cyberspace - September 2006

Operational Cyberspace Command "Go Do" Letter - November 2006

Air Force Cyberspace Mission Alignment - August 2009

Cyber Wingman Principles - November 2009

Declaration of Full Operational Capability - October 2010
tabAFNIC Book of the Month 
To provide cyber professionals relevant and current readings on cyberspace operations and theory, the Air Force Network Integration Center commander offers the following monthly book as suggested reading. The books suggested are offered to help cyber professionals see aspects of cyberspace from new perspectives. While readers may or may not agree with authors' points of view, the goal of the book of the month is to encourage thinking outside the average constrains of daily cyberspace operations.

Hope you enjoyed last month's book, Who Controls the Internet?


April 2012 The Starfish and the Spider: The Unstoppable Power of Leaderless Organizations
book cover: what the dormouse saidBy Ori Brafman and Rod A. Beckstrom

This month we look at the book The Starfish and the Spider: The Unstoppable Power of Leaderless Organizations

If you cut off a spider's leg, it's crippled; if you cut off its head, it dies. But if you cut off a starfish's leg it grows a new one, and the old leg can grow into an entirely new starfish.
What's the hidden power behind the success of Wikipedia, craigslist, and Skype? What do eBay and General Electric have in common with the abolitionist and women's rights movements? What fundamental choice put General Motors and Toyota on vastly different paths? How could winning a Supreme Court case be the biggest mistake MGM could have made?

After five years of ground-breaking research, Ori Brafman and Rod Beckstrom share some unexpected answers, gripping stories, and a tapestry of unlikely connections. The Starfish and the Spider argues that organizations fall into two categories: traditional "spiders," which have a rigid hierarchy and top-down leadership, and revolutionary "starfish," which rely on the power of peer relationships.

The Starfish and the Spider explores what happens when starfish take on spiders (such as the music industry vs. Napster, Kazaa, and the P2P services that followed). It reveals how established companies and institutions, from IBM to Intuit to the US government, are also learning how to incorporate starfish principles to achieve success. The book explores:

* How the Apaches fended off the powerful Spanish army for 200 years
* The power of a simple circle
* The importance of catalysts who have an uncanny ability to bring people together
* How the Internet has become a breeding ground for leaderless organizations
* How Alcoholics Anonymous has reached untold millions with only a shared ideology and without a leader

The Starfish and the Spider is the rare book that will change how you understand the world around you.
tabCyber Tip of the Week 
lock logoWhy are network security warnings important?

Like the real world, technology and the internet present dangers as well as benefits. Equipment fails, attackers may target you, and mistakes and poor judgment happen. Just as you take precautions to protect yourself in the real world, you need to take precautions to protect yourself online. For many users, computers and the internet are unfamiliar and intimidating, so it is appropriate to approach them the same way we urge children to approach the real world.

What are some warnings to remember?

· Don't trust candy from strangers - Finding something on the internet does not guarantee that it is true. Anyone can publish information online, so before accepting a statement as fact or taking action, verify that the source is reliable. It is also easy for attackers to "spoof" email addresses, so verify that an email is legitimate before opening an unexpected email attachment or responding to a request for personal information.

· If it sounds too good to be true, it probably is - You have probably seen many emails promising fantastic rewards or monetary gifts. However, regardless of what the email claims, there are not any wealthy strangers desperate to send you money. Beware of grand promises--they are most likely spam, hoaxes, or phishing schemes. Also be wary of pop-up windows and advertisements for free downloadable software--they may be disguising spyware .

· Don't advertise that you are away from home - Some email accounts, especially within an organization, offer a feature (called an autoresponder) that allows you to create an "away" message if you are going to be away from your email for an extended period of time. The message is automatically sent to anyone who emails you while the autoresponder is enabled. While this is a helpful feature for letting your contacts know that you will not be able to respond right away, be careful how you phrase your message. You do not want to let potential attackers know that you are not home, or, worse, give specific details about your location and itinerary. Safer options include phrases such as "I will not have access to email between [date] and [date]." If possible, also restrict the recipients of the message to people within your organization or in your address book. If your away message replies to spam, it only confirms that your email account is active. This may increase the amount of spam you receive.

· Lock up your valuables - If an attacker is able to access your personal data, he or she may be able to compromise or steal the information. Take steps to protect this information by following good security practices. Some of the most basic precautions include locking your computer when you step away; using firewalls, anti-virus software, and strong passwords; installing appropriate software updates; and taking precautions when browsing or using email.

· Have a backup plan - Since your information could be lost or compromised (due to an equipment malfunction, an error, or an attack), make regular backups of your information so that you still have clean, complete copies. Backups also help you identify what has been changed or lost. If your computer has been infected, it is important to remove the infection before resuming your work. Keep in mind that if you did not realize that your computer was infected, your backups may also be compromised.
tabUS-CERT Self Help Center 
US-CERT Self Help CenterThe United States Computer Emergency Readiness Team's mission is to improve the nation's cybersecurity posture, coordinate cyber information sharing and proactively manage cyber risks to the nation while protecting the constitutional rights of citizens of the United States. They are the operational arm of the National Cyber Security Division at the Department of Homeland Security. Below are links to information provided by US-CERT to assist the public with operating cyberspace technology in a more secure manner. For more information, visit the US-CERT Website.

US-CERT Monthly Activity Summary - September 2011


Recognizing and avoiding e-mail scamsRecognizing and avoiding e-mail scams

This is an introduction to what e-mail scams are, how they work, and how to avoid them.


Avoiding online gaming risksPlaying it safe: avoiding online gaming risks

This paper discusses technological and social risks associated with online gaming.


Banking securely onlineBanking securely online

This paper discusses risks associated with online banking and provides some practices for using it safely.



Using social networking services securelySocializing securely: using social networking services

This paper describes some security risks associated with social networking services and offers tips to minimize these risks.


Cyber threats to mobile phonesCyber threats to mobile phones

This paper describes cyber threats to smartphones and feature phones, describes some of the consequences of such attacks, and offers tips on protecting your mobile phone.

Using wireless technology securelyUsing wireless technology securely

This is an overview of the risks associated with wireless technology and some practices for using it safely.


Risks of ignoring software license agreementsSoftware license agreements: ignore at your own risk

This paper provides an overview of the risks computer users may incur by blindly agreeing to terms contained in software licensing agreements.


Spyware overviewAn overview of spyware

This paper provides an overview of spyware and some practices to defend against it.



Router securitySmall office/home office router security

This paper provides information on home routers and how to increase your router security.


Basics of cloud computingThe basics of cloud computing

This paper provides information on what cloud computing is, how it can help small businesses and home users, and possible security concerns.
tabAir Force PKI Information 
Air Force Public Key InfrastructureA vital element of the Department of Defense strategy in defending its information is the use of a common, integrated DoD Public Key Infrastructure to enable network security services through the enterprise. PKI is significant in implementing the DoD strategy to protect information assets.

The Air Force PKI System Program Office provides information products for all Air Force users to understand new initiatives taking place as new technologies are implemented to provide better protection to Air Force information. Linked below is information on current initiatives. For further information, you can contact the Air Force PKI Help Desk at afpki.helpdesk@us.af.mil.

Air Force PKI Newsletter - Summer 2011The Key to PKI: Air Force PKI Newsletter
Summer 2011

The Key to PKI is published quarterly with the approval of the Air Force PKI System Program Office program manager. The Air Force PKI SPO is the Public Key Infrastructure Section of the Information Assurance Branch, Cryptologic Systems Division, Hanscom Cyber/Netcentric Directorate, Lackland Air Force Base, Texas.

SIPRNet Hardware Token Fact SheetSecret Internet Protocol Router Network Hardware Token Fact Sheet

A new smart card, known as a hardware token, is being evaluated for use on the Secret Internet Protocol Router Network (SIPRNet).

Similary to the Common Access Card, the SIPRNet token contains individual PKI certificates used for network logon, Website authentication, and secure e-mail.

SIPRNet Hardware Token Frequently Asked Questions

Smart Card Logon Next Generation Fact SheetSmart Card Logon / Next Generation Fact Sheet

Smart Card Logon / Next Generation is evolving technology that will empower most Air Force network users with the ability to log on to multiple unclassified Air Force network accounts with a single Common Access Card.

 Inside 24AF

ima cornerSearch
GeneralImagesVideo
  View All RSS RSS feed

tabCyber Stories of Interest
 Judson student leads IT team to victory
 10 Tips for Building a Solid Cybersecurity Strategy
 New Interest in Hacking as Threat to Security
 Study Predicts Cloud Computing Could Replace PCs by 2014
 The new face of war in the 21st century
 Cyber Command combines offense, defense in planning
 Securing U.S. Cyberspace
 What If There Were a Cyberwar and Nobody Knew About it?
 Alert on Hacker Power Play
 CYBER LEADER:Extending, Maintaining and Defending the Air Force Network
 Strategy for defending cyberspace is mind-boggling
 ‘First in, Last out’ : Tinker, Robins combat comm groups served throughout operations in Iraq
 Bill would allow DHS to impose cybersecurity standards
 39th IOS graduates first international SMC student
 “First in, Last Out”
tabCyberspace Organizations
 24th Air Force finds its place in cyberspace
 National Security Council - Cybersecurity
 U.S. DoD Cyber Strategy
 U.S. Cyber Command
 Army Cyber Command
 Fleet Cyber Command
 DoD Cyber Crime Center
 National Security Agency
 Defense Information Systems Agency
 Air Force Network Integration Center
 Air University
 Air Force Institute of Technology

The Official Web Site for 24th Air Force
Site Map      Contact Us     Questions     Security and Privacy notice     E-publishing