Credential Guard prevents attackers from accessing computers by separating the login process from the operating system. Attackers have long used the old process of utilizing a computer’s cache or user name and password store in the computer memory to gain access, Newton said.
On a base the size of Wright-Patterson and with the number of computers being used, the effort to bring all installation systems in line with the mandate is no small undertaking, Newton said. Wright-Patterson has 34,950 systems, both non-secure and secure, which require either a new computer or a computer migration to make the transition.
“The installation currently is reporting over 70 percent completion for both systems,” Newton said. “We feel confident that the mandate will be met.”
If organizations have an approved waiver excusing them from the March 31 deadline, they will not be removed from the network. She also added that systems that are not Windows 10 compliant and which do not have an approved waiver on April 1, will be then removed from the network.
“Cybersecurity is a top priority for this installation, the Air Force and the DoD,” Newton said. “The 88th CS is committed to migrate all available systems they manage.”
There are even more technology changes on the horizon for Wright-Patterson in the form of enhanced cybersecurity capabilities and Newton named two in particular.
“Cloud Hosted Enterprise Services, an email migration, is coming,” Newton said. “CHES is the suite of Air Force collaborative tools to migrate email, instant messaging and SharePoint into commercial, Microsoft, cloud-based datacenters. This system includes the migration to Office 365 and is scheduled for the base in the April-May 2018 timeframe.”
Another cybersecurity initiative is the Joint Regional Security Stack or JRSS. The base is scheduled to be a part of the Air Force DoD mandate to move to a Joint Information Environment. JRSS replaces the current Air Force NIPRNet Gateway System.
“JRSS provides two sets of security equipment side-by-side to provide top-level security for each base to provide enhanced redundant computer network defense equipment and transport,” Newton said. “Wright-Patt will have two JRSS stacks assigned to it, providing dual redundancy and a third alternate stack available for inbound and outbound traffic.”