Speed Mission Debrief: Introduction
Government Resources
Follow your organization’s policy on non-email platforms, such as Teams, and webmail (a web-based service that checks e-mail remotely). If webmail is allowed, use caution as it may bypass built-in security features and other safeguards, such as encryption, and thus may compromise security. Communications in any format, including chats and SMS messaging, may be official records, which you should consider before deleting from any Government device.
Identity Authentication
In The News...Easily Cracked Passwords Put Systems at Risk
Following the Colonial Pipeline attack that exploited a weak password to cause gas shortages along the East Coast, the U.S. Department of the Interior conducted an internal test of the passwords throughout the Department. They were able to crack 21 percent of active user passwords, including accounts with elevated privileges. The most commonly re-used password was Password-1234, and five of the ten most re-used passwords included a variation of “password” combined with “1234”.
Malicious Code
In The News...Ransomware Attack Closes School
A ransomware attack shut down a school district’s network, causing the district to cancel classes for a day. The school’s cybersecurity team isolated the attack and shut down the network before information could be affected or compromised, but the shutdown affected basic functions necessary to run the school. The cause was identified as an encrypted download.
Social Engineering
Smishing is a type of social engineering that uses a Short Message Service (SMS) message to deceive you. SMS messages are commonly known as text messages. The goal is to obtain your personal information or gain access to your device. To protect against smishing:
- Do not reply or click the link in the message
- Delete the message
Vishing is a type of social engineering that uses voice calls to deceive you into giving up personal information or installing software that provides access to your devices or network. To protect against vishing:
- Let calls from unknown numbers go to voicemail. Legitimate callers will leave a message.
In The News... Callback Phishing Attempts Increase by 625%
Think that phishing e-mails only want you to open a link? A tactic on the rise is to e-mail a phony invoice, often for a pricey monthly subscription, along with a phone number to call if you have questions. Once called, the attacker guides you to install a tool on your computer that gives them remote access to do as they like with your data. Your e-mail filters are less likely to block the e-mail since it does not contain links or malicious code, and the use of legitimate tools makes the intrusion more difficult to detect.
Mobile Devices
When participating in the Bring Your Own Approved Device (BYOAD) program:
- Read and sign the User Agreement that includes the program’s requirements and policies
- Use of your personal device depends on your organization’s policies
- The approved device will be provisioned to employ necessary security measures to secure it and its data when accessed
Social Networking
The social networking app TikTok is banned on all Government devices.
Insider Threat
In The News... Navy Spy Sentenced to 232 Months in Prison
As a nuclear engineer with the Department of the Navy, Jonathan Toebbe worked with and had legitimate access to Restricted Data. Toebbe attempted to establish a covert relationship with a foreign government to sell Restricted Data and began corresponding via encrypted e-mail with an undercover FBI agent. Toebbe made dead drops of data cards containing Restricted Data, providing the decryption key to the undercover agent upon payment.
Accessibility
Section 508 of the Rehabilitation Act of 1973, as amended (29 U.S.C. § 794d) requires Federal departments and agencies to provide people with disabilities equal access to Federal electronic and information technology. The Information and Communications Technology (ICT) Final Standards and Guidelines (36 CFR Parts 1193 and 1194), effective as of 18 January 2018, addresses accessibility requirements covered by Section 508. The functional performance criteria (36 CFR Part 1194, Appendix C) require that information and communication technology provide:
-
At least one mode of operation for individuals who have:
- Sight impairment, including no vision, limited vision, and no perception of color (302.1-3)
- Hearing impairment, including no hearing and limited hearing (302.4-5)
- Speech impairment, including no speech (302.6)
- Mobility impairment, including limited manipulation and limited reach and strength (302.7-8)
- Features that make use simpler and easier for individuals with limited cognitive, language, and learning abilities (302.9)
DISA is proud to offer online training that is accessible to everyone, including individuals with disabilities. DISA tested this course for conformance with Level A and Level AA success criteria defined by the Web Content Accessibility Guidelines (WCAG) 2.0 (36 CFR Part 1194, Appendix A, E205.4), as well as compatibility with the popular screen reader JAWS. This course also offers several additional functions that offer alternative access to onscreen content.
All onscreen controls can be accessed without a mouse. Select Keyboard Navigation from the menu to learn more.
Audio descriptions of video and animated elements on screen are integrated into the main audio track where the narration is not otherwise sufficient to describe them. To access audio descriptions, select the AD button on the toolbar.
Audio can be read either through synchronized closed captioning or through a transcript of all the audio on a screen, contained within a pop-up browser window. To turn on closed captioning, select the CC button on the toolbar. To access a transcript of the current screen’s audio, select the Transcript button on the toolbar.
Speech is not required for this course.
This course offers flexibility to suit individual learning needs and styles. The course communicates information via auditory, visual, and written means. The course’s accessibility functions may also be used to transform auditory communication into written communication via closed captioning or the transcript, and to transform visual communication into auditory communication via the audio descriptions and/or a screen reader. In addition, the course is self-paced, allowing the opportunity to pause, review, and repeat information for as long as necessary to ensure understanding.
Help
| Name | Description |
|---|---|
| Menu | Select the MENU to access additional options and settings. |
| Dashboard | Select DASHBOARD from the Menu to return to the Challenge dashboard. |
| Tools Status | Select TOOLS STATUS from the Menu to view the status of the tools available to collect. |
| Information | Select INFORMATION from the Menu to view information about the Challenge. |
| Glossary | Select GLOSSARY from the menu to view the Challenge glossary. |
| Resources | Select RESOURCES from the menu to view additional Challenge-related resources. |
| Tutorial | Select TUTORIAL from the menu to play the Challenge tutorial. |
| Accessibility | Select ACCESSIBILITY from the menu to view accessibility information. |
| Keyboard Navigation | Select KEYBOARD NAVIGATION for keyboard controls for navigating the Challenge. |
| Media Settings | Select MEDIA SETTINGS to select options for the playback of multimedia in the Challenge. |
| System Specifications | Select SYSTEM SPECIFICATIONS to view the system specifications with which the Challenge is compatible. |
| Help | Select HELP for assistance with navigation. |
| Exit | Select EXIT to leave the Challenge. The next time you access the Challenge, you will be returned to the Dashboard. |
| Audio Transcript | Select TRANSCRIPT to display the entire narration script for the screen in a separate window. |
| Audio Description | Select AUDIO DESCRIPTION to toggle integrated audio descriptions of multimedia content on or off. |
| Closed Captioning | Select CLOSED CAPTIONING to toggle synchronized closed captioning of audio narration on or off. |
| Pause/Resume | Select PAUSE to stop the current play. To resume the audio and screen animation, select PLAY. |
| Play Head Control | Drag the play head back and forth or use the directional arrows provided at either end of the bar to jump backward or forward in the screen audio and animation. |
| Replay | Select REPLAY to restart the current screen from the beginning. |
| Next | Select NEXT to move to proceed forward through the Challenge. |
Information
Purpose:
Provide initial and annual refresher training on DoD cybersecurity policies and best practices.
Note that the examples provided in this course are created for training purposes only and do not endorse a commercial entity or its products or services.
Audience:
All authorized users of DoD information systems, including civilian and military employees and contractors both within the U.S. and deployed overseas, as well as members of the Intelligence Community (IC).
Estimated Duration:
70 minutes
Course Objectives:
-
Identify high-risk actions to avoid and best practices to use to keep
DoD, IC, and personal information and information systems secure
- Identify cybersecurity and why it is important
- Identify the different types of information and the requirements to protect each content type
- Identify the different forms and methods of cyber attacks
- Identify the types of technologies that are particularly vulnerable to attacks
Keyboard Navigation
The first interactive object on each screen is the “Skip to Content” button. Select this button to bypass the top navigation menu and shift focus to the content area of the current screen.
Interact with course controls and review course content with the following keys:
- Tab: cycles forward through each interactive element
- Shift + Tab: cycles backward through each interactive element
- Enter: activates the selected interactive element
- Spacebar: selects a checkbox when multiple selections are permitted
- Up and Down arrows: selects one radio button when a single selection is permitted
- Up and Down arrows when using JAWS: reads each line of text
After the screen content, there will be a “Skip Navigation” button. Select this button to bypass the bottom navigation menu and shift focus to the “Done” button.
Each course menu and navigation feature can also be activated with its respective access key:
- Menu: m
- Skip Back: w
- Pause/Play: p
- Skip Forward: f
- Replay: r
- Closed Captioning: c
- Audio Description: a
- Transcript: t
- Next: n
To use these keys, hold “alt” and select the desired key. Depending on the browser or screen reader, you may need to hold both “alt” and “shift” before selecting the desired key.
Screen Reader Assistance
Most of the visual content on each screen is also conveyed through the audio narration in combination with the provided audio descriptions. To access additional content or to complete a knowledge check, wait for the audio to finish and select “Skip to Content”, then use the down arrow to read the screen, or the tab key to access interactive buttons or controls.
Settings
Menu
Resources
System Specifications
| Component | Compatible, Tested Specifications |
|---|---|
| Operating systems |
Windows 10 macOS 13.3 Ventura Red Hat Enterprise Linux 7.5 |
| Internet browsers |
Microsoft Edge 116 Google Chrome 116 Mozilla Firefox 117 Safari 16.5 |
| Mobile environments |
Apple iPad (8th Generation)
Samsung Galaxy Tab A7
|
| Security | JavaScript enabled |
| Accessibility | JAWS 2021 |
| CPU | >2 GHz |
| RAM | >4 GB |
| Display | Minimum 1024 x 768 resolution with 32-bit color |
| Audio | Speakers or headphones required |
| PDF viewer | Adobe Acrobat Reader 10.0 |
Tools Status
