Changes to your e-mails are coming to make us all more secure.
The Digital Signature Enforcement Tool, which currently prompts users to provide a digital signature when an e-mail contains an active hyperlink or attachment, has been reconfigured to scan e-mails and attachments for personally identifiable information. The tool was first introduced to Outlook in 2009 by the Air Force Life Cycle Management Center and is now rolling out in Air Forces Central Command.
"The AFCENT DSET upgrade will prompt users to digitally sign and encrypt emails containing PII,” said Col. Stamatis Smeltz, AFCENT Director of Communication. “This upgrade enforces additional security measures to reduce PII breaches and will protect our network and warfighters from social-engineering emails and phishing attacks.”
The tool itself is straightforward to use, and will give users simple prompts to follow in sending e-mails. In addition, there is a function allowing information which was falsely identified as PII to still be sent.
"While our software solution will support the Air Force's efforts to reduce PII breaches, it is still important for personnel to be aware and vigilant with their handling of documents containing PII," said Lt. Col. Carlos Alford, 379th Expeditionary Communications Squadron commander.
PII includes items such as social security numbers, driver's license information and financial information. Breaches occur when this information is inadvertently released. User awareness is one of the biggest issues associated with PII breaches.
"When users send PII that is not protected, that puts information at risk for being intercepted by adversaries.” Alford said. “These adversaries can then use that information to target users to gain access the network. Air Force network users must do their due diligence when sending an e-mail containing PII. They need to make sure the information is protected."
DSET capability should encourage users to be more involved in the process of preventing PII breaches. "It makes users more aware that they need to double check their e-mails; the responsibility for preventing breaches ultimately falls on them," Alford said.
“As our adversaries continue to look for targets, DSET adds a means of digitally protecting our Airmen from harm by ensuring their personal information is secure," Smeltz said.
Users have multiple tools at their disposal to protect PII if encrypting e-mail is not feasible, but if electronic transmission of PII is operationally required, users can leverage approved Department of Defense file exchange services at: https://safe.amrdec.army.mil/safe/.
Training is also available at: https://afpki.lackland.af.mil/html/dsetv16.cfm.
Additional training on how to encrypt Microsoft Office documents can be accessed at: http://www.24af.af.mil/shared/media/document/AFD-140701-064.pdf.