Violations mean harsh consequences for computer users

U.S. Army Europe personnel are being reminded of the risks and consequences of connecting their personal computers or other devices to government-operated networks.

Because the ability to monitor USAREUR networks and react to any threat activity is vital to defending those networks, USAREUR has “very robust” defensive and detection capabilities and can monitor all systems and network traffic, said Gerald Holland ,with the USAREUR Communications directorate’s (G6) Information Assurance Program Management, Policy.

“The USAREUR network is a weapon system. Commanders must protect and defend cyberspace as vigilantly as they would protect and defend any other area of operation,” according to an information assurance reference guide provided to commanders.

Plugging personal equipment into a government network creates unnecessary security risks, Holland said, and the Army goes to great lengths to protect its networks.

If personal devices are located they will be removed and the offender will be subject to penalties. Personal systems are more prone to infection or compromise, as users connect these devices to other networks that may not have the same safeguards as USAREUR.

Once connected, personal systems could disrupt protected networks by introducing existing or new variants of malicious software, according to  Solomon Kiakona, operations lead for U.S. Army Cyber Command’s Regional Computer Emergency Response Team-Europe.

If a personal computer is connected to an official network, commanders have authority to take immediate and necessary action, said Holland, of USAREUR’s G6. The system is immediately removed from the network and the user can face harsh consequences.

Holland pointed out that all users of official U.S. government information systems are required to complete yearly information assurance training, as well as sign an “acceptable use policy” document that outlines these prohibitions and consequences. “There is no excuse to say you didn’t know,” he said.

To find out more, read Army Regulation 25-2 (Information Assurance) and Army in Europe Regulation 25-2 (Army in Europe Information Assurance).