Individual OPSEC & Personal Security September 1, 2017
Michael Chesbro 38
Information Security (INFOSEC) and Operations Security (OPSEC)
for Government Employees
Encryption
Encryption is an essential function in protecting the content of your electronic communications.
Encryption works by taking data (text, pictures, video, audio files, etc.) and scrambling that data
so that it becomes unintelligible. Decryption is the reversal of the encryption process, thereby
returning the encrypted data back to its original form so that it can once again be understood. The
exact process of encryption and decryption can be mathematically complex, and is beyond the
scope of our discussion here. What is important to understand however is that a strong
encryption algorithm, properly implemented, will protect the content of your communications
from being understood by anyone who does not possess the proper key to decrypt your messages
and return them to an intelligible form.
Digital certificates, also called S/MIME (Secure / Multipurpose Internet Mail Extension)
certificates, allow you to digitally sign and encrypt your electronic communications. A digital
certificate may be included with your official / business e-mail account. If you have a
government issued common access card (CAC) or personal identity verification (PIV) card your
digital certificate is contained in the chip on the card. (A common access card (CAC) is a smart
card used by service members and employees of the United States Department of Defense
(DoD). The Personal Identity Verification (PIV) card is used by employees of other non-DOD
Federal agencies.) The advantage of having a digital certificate on a CAC or PIV is that it allows
you to carry it from one place to another, and log-in to government computers at multiple
locations.
If you already possess a CAC you can use it to send and receive encrypted e-mail and access
CAC restricted web-sites and programs (such as ActivClient, AKO, OWA, DKO, JKO, NKO,
BOL, GKO, Marinenet, AF Portal, Pure Edge Viewer, ApproveIt, DCO, DTS, TENS, Disa
Enterprise Email) from your personal computer at home. To use your CAC from home you will
need a CAC reader attached to your computer. You may be able to have a CAC reader issued to
you by your agency, or you can purchase one from places like Amazon.Com for around $10-$20.
Smart Card Readers: http://amzn.to/2wvTjKR / http://amzn.to/2vDkR4E
In many cases, your CAC reader will be plug-and-play, allowing you to access CAC restricted
web-sites and send and receive encrypted e-mail without additional installations. However, if
you have trouble getting your CAC to work from home, detailed instructions are available at
https://militarycac.com/ that explain how to set up your home computer to work with your CAC.
If you don’t have a CAC or PIV you can still obtain a personal digital certificate from various
non-government certificate authorities. Of course, a personal digital certificate won’t grant you
access to government computer networks, but it does allow you to send digitally signed and