Jump to content

That Cyber Thread


17D_guy

Recommended Posts

I'll try to keep all the ranting consolidated to this place and answer your questions here. Of course most of the keyboard ninja stuff isn't going to be anywhere you can google it, so it won't be here either. But I'll post what I can and answer any questions you throw my way.

Anyone having fun with the change in policy about the USB hard drives?

Link to comment
Share on other sites

Anyone having fun with the change in policy about the USB hard drives?

No idea what you are talking about, but from the sound of it I'm sure we'll experience the fun shortly. Care to give the inside scoop?

Link to comment
Share on other sites

Can we ask communications questions in the cyber thread too since 85% of Air Force cyber stuff is just comm with a futuristic sounding name?

The Enterprise Service Desk system sucks. Sorry, that's a rant, not a question... Why does the Enterprise Service Desk system suck?

zb

  • Upvote 1
Link to comment
Share on other sites

Can we ask communications questions in the cyber thread too since 85% of Air Force cyber stuff is just comm with a futuristic sounding name?

The Enterprise Service Desk system sucks. Sorry, that's a rant, not a question... Why does the Enterprise Service Desk system suck?

zb

I think the least they could do is have a system that takes your number to call you back when there's a wait, because "5 minutes" is always 50+ minutes. It would save a lot of people having to wait on hold for indeterminate amounts of time.

  • Upvote 1
Link to comment
Share on other sites

Anyone having fun with the change in policy about the USB hard drives?

I chose to interpret the new rule as "no connecting anything via USB while the machine is connected to the network, unless that anything is on this list"

So I pull the RJ45 cable out, do my biz, (STS), and get back in the network.

Isn't everyone doing this?

Link to comment
Share on other sites

Can we ask communications questions in the cyber thread too since 85% of Air Force cyber stuff is just comm with a futuristic sounding name?

The Enterprise Service Desk system sucks. Sorry, that's a rant, not a question... Why does the Enterprise Service Desk system suck?

zb

A general on high cut the funding/manning 50% off the top before it was even formed. (Allegedly Gen Lord, but that's rumor)

AF Space decided to do it again after a year.. cause.. sequestration. And technology, which didn't exist and didn't have a project for, would solve the problem.

At least that's what I'm told.

Isn't the vESD working great for you? Because of it's success we might be able to take more manpower cuts at the bases.

I chose to interpret the new rule as "no connecting anything via USB while the machine is connected to the network, unless that anything is on this list"

So I pull the RJ45 cable out, do my biz, (STS), and get back in the network.

Isn't everyone doing this?

Just.. no. I bet you take it home and plug into your home machine as well don't you? You should ask you "Cybersecurity Liaison" about that interpretation.

So is thread the equivalent of a BO.net Customer Support Line?

"Have you tried turning it off, then on again?"

"Flip the CD so that the words are facing up when you insert it into the tray."

I don't have admin rights, so you're going to have to call the ESD.

No idea what you are talking about, but from the sound of it I'm sure we'll experience the fun shortly. Care to give the inside scoop?

Our IAO has been running around all week, having to do with this. Sounds fun.

Wanted to verify before I posted it, and for some reason the actual order probably shouldn't be posted here, so I'm not going to post it.

However, for some strange reason this AF article speaks about it from 2 years ago.. now they're just actually enforcing it.. mission be damned.

http://www.luke.af.mil/news/story_print.asp?id=123360066

Flash media is banned and the only device authorized for use is an external spinning hard drive. Solid-state disk drives aren't allowed and are still considered flash media.

Flash media includes: USB flash drives, eReaders, digital cameras, MP3 players, smartphones, personal digital assistants, flash media cards, solid state hard-drives and wireless network air-cards.

There's a waiver process.. we got a week to do it for the whole base. OG, specifically the TRS, was not happy.

I guess Cyber Leaders don't understand most of you zipper suited sun gods don't have set desks that no one else occupies. Or don't care.. either way.

Edited by 17D_guy
Link to comment
Share on other sites

Isn't the vESD working great for you? Because of it's success we might be able to take more manpower cuts at the bases.

Is this really how it's viewed by comm? 90% of my problems revolve around computers and phones mysteriously dropping off the network, ports becoming deactivated for no apparent reason, etc. vESD requires a network connection to work, and you can't submit a ticket for one computer from a different computer. Plus there isn't an option in vESD to fix normal DSN phone lines, only iphones and VOIP. Love the grey area that keeps my tickets in purgatory for weeks!
The best thing you guys have done is the new program that allows people to select and install software updates.

There's a waiver process.. we got a week to do it for the whole base. OG, specifically the TRS, was not happy.

I guess Cyber Leaders don't understand most of you zipper suited sun gods don't have set desks that no one else occupies. Or don't care.. either way.

This is why consolidated support is the worst idea in the world. When we had 1 comm dude in the sq he understood how ops ran, and could be redirected to a higher priority tasking if needed. Nowadays comm hides behind an automated phone tree and rack up their "completed tickets" by "completing" them after two failed attempts to contact you by phone (TDY much?). I get with the way the AF is these days you guys are busy, but it's things like this that just highlight how out of touch comm is with the rest of the AF.

Manning is down across the force and there is always a desk jockey somewhere making additional work for everyone. "It's just one waiver (that everyone will have to do)"..."it's just another 2875 (that everyone will have to fill out)"..."it's just another CBT (that's required annually for everyone)". If you create a process that requires someone to fill out paperwork, then you should have to fill out an equivalent amount of paperwork as well. Maybe that would make people stop levying additional workload requirements on an already strained workforce.

Sorry for the rant. I told myself I'd avoid this thread, but I just couldn't. It's not directed at you specifically. I know there are plenty of good comm guys out there (I have them on speed dial when I need work done) and you are likely one, but comm is a major perpetrator of the "Mission Suppression Group".

Link to comment
Share on other sites

Love the grey area that keeps my tickets in purgatory for weeks!

You mean they at least kept your ticket open? I got a "we are pleased to inform you that your ticket has been resolved and closed" message in my civilian email without ever actually speaking or dealing with anyone, or having my actual problem resolved. What's your secret?

Note that this was after the initial call about my official email not working where after a 20 minute conversation with the "help desk" the guy told me that they would email my official email about the problem. Me: "Did you miss the part over the last 20 minutes where I gave you every single specific piece of information about how my email doesn't work?" Guy: "Oh yeah…do you have an alternate address?"

zb

Link to comment
Share on other sites

Is this really how it's viewed by comm?

Plus there isn't an option in vESD to fix normal DSN phone lines, only iphones and VOIP. Love the grey area that keeps my tickets in purgatory for weeks!
The best thing you guys have done is the new program that allows people to select and install software updates.

From the Cyber folks in the field, or have been in the field - no. But, we're run by AFSPC now. So, who knows, do we have a career Cyber officer in leadership yet? The ESD is being sold in the discussions as a success for "consolidating support" which is.. technically correct. It did consolidate things there. But overall, I think even the MAJCOM's (not AFPSC) are going - "Not worth."

vESD couldn't help with local DSN lines. Those are still run out of your CS just like old times. They have 0 ability to work that issue at all. The DSN switch (POTS - Plain Old Telephone Switch) is running the old copper in the ground usually. They're all from the 70's, end of life on support and maintenance and not tied into the network. AF is paying millions for continued support.

We're (big AF) attempting to switch to VoIP, but the AF's not doing an enterprise solution. Every base I've been to so far has homegrown their own solution. Just like we did with old networks. It's difficult - my Amn aren't trained as well as they used to be, I've got less of them, and the tech's getting harder and harder to do in tiny shops.

That program is a Microsoft product. Run Advertised Programs, right?

This is why consolidated support is the worst idea in the world. When we had 1 comm dude in the sq he understood how ops ran, and could be redirected to a higher priority tasking if needed. Nowadays comm hides behind an automated phone tree and rack up their "completed tickets" by "completing" them after two failed attempts to contact you by phone (TDY much?). I get with the way the AF is these days you guys are busy, but it's things like this that just highlight how out of touch comm is with the rest of the AF.

Manning is down across the force and there is always a desk jockey somewhere making additional work for everyone. "It's just one waiver (that everyone will have to do)"..."it's just another 2875 (that everyone will have to fill out)"..."it's just another CBT (that's required annually for everyone)". If you create a process that requires someone to fill out paperwork, then you should have to fill out an equivalent amount of paperwork as well. Maybe that would make people stop levying additional workload requirements on an already strained workforce.

Sorry for the rant. I told myself I'd avoid this thread, but I just couldn't. It's not directed at you specifically. I know there are plenty of good comm guys out there (I have them on speed dial when I need work done) and you are likely one, but comm is a major perpetrator of the "Mission Suppression Group".

Consolidated support isn't bad if you do it correctly. If you have the right people and processes it works out fine. Not when some GO is looking to save $$ and thinks that tech is going to replace having an Amn come and fix your print drivers. Google has consolidated support, works for them. Why? It's manned and trained appropriately and isn't looked at as a cost center.

The commanders I've had since I commissioned have been very involved with the Ops side of the house. I'd look to your local leadership if you're not seeing, or at least hearing about, a cyber officer once in a while. I'm all over the OG areas I can get into and I take all the calls I get. But.. with the deployment rates I'm sure my number gets lost.

But, now the IAO's err.. Cybersecurity Liaison and C4I shops are aware of me. If yours isn't I'd push them to get in touch with the SCO flight commander (Ops Flt) for something that needs working.

Speaking of those desk jockeys, we're usually the ones feeling that pain first. This past two weeks we've gotten compliance orders and me and my CC have just stared at them wondering how to break the news to the base about it. We can't without looking like complete incompetent tools. So we look like tools. Then look like even bigger tools when they HHQ changes the due date..3 times. It's been a rough week.

For some reason Cyber has.. a triple chain of command? Base CC, MAJCOM/A6, DISA, Network Operations Sq/Center, and finally the 624th/AFCyber. We receive and are required to comply with all these organizations on tasks.

Somehow.. the Base CC doesn't know about the MAJCOM taskings.

The MAJCOM tracks the 624th taskings, but isn't aware of the separate NOSC taskings.

The NOSC gets some of their taskings from the 624th, others are it's own.

DISA doesn't give a fuck about anything.

Actually as I'm writing this I'm realizing I'm forgetting other orgs.. but I don't care about fixing it. Point made.

Anyway, is this split the same on the Ops side?

Link to comment
Share on other sites

vESD couldn't help with local DSN lines. Those are still run out of your CS just like old times. They have 0 ability to work that issue at all. The DSN switch (POTS - Plain Old Telephone Switch) is running the old copper in the ground usually. They're all from the 70's, end of life on support and maintenance and not tied into the network. AF is paying millions for continued support.

We're (big AF) attempting to switch to VoIP, but the AF's not doing an enterprise solution. Every base I've been to so far has homegrown their own solution. Just like we did with old networks. It's difficult - my Amn aren't trained as well as they used to be, I've got less of them, and the tech's getting harder and harder to do in tiny shops.

That program is a Microsoft product. Run Advertised Programs, right?

Yeah we were fooled into the whole VOIP thing recently. Base comm dude told us what phones to buy to get us up to speed, so we did. By the time they arrived via GSA they didn't have power supplies and our ports won't support PoE, so we had to order those via GSA. When they finally arrived we had to wait for an investigation to close out on an equipment account before we could get unlocked to even submit work tickets. Then when we did submit, the base comm squadron said they no longer support those phone models and have moved onto a new hotness. Unit comm squadron (we are a tenant) is left with the burden and are unsure if they can support...also since it was an office purchase they don't want to take ownership so I'm stuck trying to work a comm problem despite it not being my j-o-b. So now I have a huge box of phones gathering dust in my office that I try to deal with when I'm not on TDY.

For some reason Cyber has.. a triple chain of command? Base CC, MAJCOM/A6, DISA, Network Operations Sq/Center, and finally the 624th/AFCyber. We receive and are required to comply with all these organizations on tasks.

Somehow.. the Base CC doesn't know about the MAJCOM taskings.

The MAJCOM tracks the 624th taskings, but isn't aware of the separate NOSC taskings.

The NOSC gets some of their taskings from the 624th, others are it's own.

DISA doesn't give a fuck about anything.

Actually as I'm writing this I'm realizing I'm forgetting other orgs.. but I don't care about fixing it. Point made.

Anyway, is this split the same on the Ops side?

I'm sure some units have similar issues, but not nearly as bad as you guys have it. Sounds jacked.

Link to comment
Share on other sites

For some reason Cyber has.. a triple chain of command? Base CC, MAJCOM/A6, DISA, Network Operations Sq/Center, and finally the 624th/AFCyber. We receive and are required to comply with all these organizations on tasks.

Somehow.. the Base CC doesn't know about the MAJCOM taskings.

The MAJCOM tracks the 624th taskings, but isn't aware of the separate NOSC taskings.

The NOSC gets some of their taskings from the 624th, others are it's own.

DISA doesn't give a fuck about anything.

Actually as I'm writing this I'm realizing I'm forgetting other orgs.. but I don't care about fixing it. Point made.

Anyway, is this split the same on the Ops side?

I'm sure some units have similar issues, but not nearly as bad as you guys have it. Sounds jacked.

Not nearly as bad as you describe, 17D_Guy, but the closest thing I've seen are flying units co-located with NAF/AOC/MAJCOM on the same base. Lines get blurry real quick when you have anyone from any of those higher echelons calling the flying squadron tasking them outside of the normal chain. Examples: A3V calling/emailing squadron stan/eval directly. AOC/AMD Plans calling squadron tactics asking for "help". Not that I've ever experienced this first hand, but I hear the list can go on and on.

By the way, I still don't know what a NAF does in the first place... still waiting for a good answer on that one.

  • Upvote 1
Link to comment
Share on other sites

How can we get comm (cyber?) to stop force restarting mission critical equipment to perform routine windows updates, during mission critical times, with only 30 seconds of notice?

Good question. I'm going to give the benefit of the doubt and assume mission critical isn't the DTS machine before 1630L on a Friday.

Depends on your base and the system. If it's a PMO system, it might actually be out of the hands of the local CS to handle (ex. PEX).

If it is within their hands they can create a ticket to load a certain subset of these machines to restart at different times. We have a rolling 3 hr window (or we're supposed to) where all the machines are restarted on base during the week.

Again, I have feelers (STS - did I do that right?) in the OG for times when they can't restart/patch/network down and we've worked around it. Again, it takes communication and better communication that "we're Ops and we said you can't turn it off." I'm not assuming you're doing that, but I've seen it personally.. and then I restarted their shit.

I'm bombed on valium, so I hope that made sense.

As always, your CS is probably severely undermanned and poorly trained.

Yeah we were fooled into the whole VOIP thing recently. Base comm dude told us what phones to buy to get us up to speed, so we did. By the time they arrived via GSA they didn't have power supplies and our ports won't support PoE, so we had to order those via GSA. When they finally arrived we had to wait for an investigation to close out on an equipment account before we could get unlocked to even submit work tickets. Then when we did submit, the base comm squadron said they no longer support those phone models and have moved onto a new hotness. Unit comm squadron (we are a tenant) is left with the burden and are unsure if they can support...also since it was an office purchase they don't want to take ownership so I'm stuck trying to work a comm problem despite it not being my j-o-b. So now I have a huge box of phones gathering dust in my office that I try to deal with when I'm not on TDY.

This is fishy as.. something fishy. PM me if you'd like and I can do a little research into your phones and support. I'd need like.. number of phones, types of switches.. technical shit.

Your whole beginning is so very aircrew.

I'm guessing your Unit CS is a element of like.. 30 people? That sucks.

Overall the old phones should still be able to interface with the VoIP system without a problem. Unless.. the CS did something stupid and upgraded to a new carrier (ex. CISCO -> Nortel or vice-versa) and then yes, you're fucked. However, if you are a tenant unit and relatively small you might be able to drop some cash for your own solution at your GSU location. I don't know your finances, but $10K might solve the problem if you've got the phones and the switches now.

Please see previous statement of Valium and have a nice day.

Did I mention that I loved this. It shall be used at work against my 2Lt.

Link to comment
Share on other sites

This is correct and part of the AFNET's intended design. It's called an Area Processing Center. Your email, and soon to be ShareDrives is (probably) no longer hosted at your base, it's happening remotely.

A new Area Processing Center that enables the Air Force to consolidate e-mail, Web, file-sharing and other information services for more than 160,000 active-duty Air Force, contractors, civilians and Air National Guardsmen into one location opened May 1 at Andrews Air Force Base, Md.

http://www.af.mil/News/ArticleDisplay/tabid/223/Article/123563/area-processing-center-consolidates-mail-file-sharing.aspx

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...