Security So Secure It’s In Its Own Way
This just happened to a coworker of mine who is active-duty military. She’s been in a leadership class all day, so she left her military-issued laptop in my office for safekeeping while she’s in class.
For those not familiar with US military IT regulations, there are a great many things that cannot ever be plugged into a government computer’s USB ports — chiefly anything with internal memory such as flash drives, cameras, and cell phones. Doing so causes the government computer to report the unauthorized plug-in to the network, and the network security people take steps to secure the device from possible attack.
As mentioned, [Coworker]’s laptop has been sitting in its computer bag in my office since she left for her class, and nobody has touched it. A little bit after her class broke for lunch, [Coworker] got a phone call from her Chief Petty Officer. It seems the network security people had been frantically trying to reach [Coworker] about an unauthorized plug-in to her computer. Since she was in class and her phone was therefore turned off (Navy tradition says anyone whose phone rings during training has to buy donuts for the whole class the next day), they couldn’t reach her and therefore decided to shut off not merely her computer but her entire network access.
Once she’d turned her phone back on and started seeing all the calls from network security and her Chief, [Coworker] called the Chief to find out what was going on. After she was told about the “problem”, [Coworker] talked to me and found out that no one had been anywhere near her laptop at all. Confused, [Coworker] called the Chief again to find out how to fix the problem.
She was told it would be no problem. The Chief would annotate that he had counseled [Coworker] about network security, and she would have to retake the online network security annual training. Once these were accomplished, [Coworker] would be able to get back into the network to do her military job as Leading Petty Officer for the shop.
Most of the readers familiar with various IT disasters are doubtless nodding sagely as they can see where this is going. In order to regain access to the network, [Coworker] had to take a network security training course on the network, and all of her network access had been shut off. She couldn’t even get into the network from another computer because network security had killed all of her access rights.
After laughing until I was blue in the face, I strongly suggested she take the laptop to the network security office and kindly ask them how she could retake the security training if they’d shut off her access. She was too tired to get into a fight after a day in the classroom, so she called the Chief and told him someone else was going to have to handle the morning muster reports and other administrative tasks she normally handled until someone at network security realized the Catch-22 situation they had created.
Network security is actually a pretty important job for government workers — especially military — but some of the network security administrators are full-on caricatures who absolutely belong here on Not Always Right.