Computer Security

Discussion in 'Merchant Marine Academy - USMMA' started by doktrmom, Aug 13, 2009.

  1. doktrmom

    doktrmom Member

    Joined:
    Jun 19, 2009
    Messages:
    59
    Likes Received:
    0
    The following was gleaned from another forum. I am not a KPer but just a helicopter parent, I do have 10 years AD USARMY experience. I have seen with my 2013 DS that I often know stuff before he does because I have time to read the fine print/forums, hence I think this is important for parents to know and share. I can't help but think if more Mids had been a bit more honest in past years and taken internet/intranet security a bit more seriously our current PC's and Mids wouldn't be fussing with the "new restrictions". Most of which are just enhanced enforcements of previous restrictions they should have followed to start with. Doesn't anyone do personal responsibility and integrity anymore?

    The QUOTE,
    "Here's the latest from everyone's favorite, HDW:

    Folks:

    Working with the Campus Police and Investigators from the U.S. Department of Transportation’s Office of the Inspector General (OIG), we have recently completed an investigation of a security breach that came to our attention this past spring term. The implications of this security breach are quite serious, and chief among them is the perception of the OIG investigation team that our midshipmen view computer security, and efforts to comply with federal regulations in this area, as the object of derision. It is quite possible the US DoT CIO will be unwilling to continue supporting a number of the Academy’s previously approved exceptions to federal security policy, e.g., Skype, public instant messaging services, access to social networking sites, among others.

    Here’s what happened:

    In February and March, our normal surveillance disclosed a small number of (then Plebes) of members from the Class of 2012 replaced the Academy’s official version of Windows on their laptops with an unapproved version. This permitted the Plebes to circumvent all of the security features and protections of the Federal Desktop Core Configuration (FDCC) mandated by the President’s Office of Management and Budget. We called in each Plebe involved, provided personal counseling (once again), and restored the official version of Windows on their laptops. One Plebe—now resigned—used his iPhone to photograph a copy of the administrative password a contract staff member in DoIT had written on paper. The OIG investigators have since discovered the photograph.

    This Plebe used the administrative password to start a campaign of “unlocking” laptops in the Regiment. Most of the activity was restricted to members of the Class of 2012, but there were a few midshipmen from the Classes of 2009 and 2010 involved as well. The administrative password was passed from one midshipman to the next by email. Armed with their illegally obtained administrative rights, some midshipmen installed hacking software, other software, and managed to avoid all of the web access restrictions judged to be necessary by the Superintendent and Commandant. The “seminal Plebe” also bragged that he had managed to hack into the Academy’s grading system database. [There is no evidence supporting this claim, yet.]

    This particular Plebe went on to organize a group of like minded Plebes at an internet gambling site featuring numerous games of chance, including Poker. The Plebes involved in gambling wagered thousands of dollars among themselves. Needless to say, some won and others lost. Campus Police investigated a rash of thefts in the barracks involving cash and (allegedly legally obtained) prescription drugs. Once the police investigation lead to gambling over the internet our respective investigations converged.

    This past week, two special investigators from the OIG interviewed two members of the Class of 2012. What emerged from those interviews is distressing and is likely to appear in the OIG’s formal report. The two interviewed report that attempts to circumvent federally mandated security restrictions is wide spread in the Regiment, everyone involved knows this activity is unauthorized, violates Superintendent’s Instructions, and is illegal. Yet, they engage in these activities nevertheless. Apparently, they view safety in the numbers of those involved.

    We have managed to convince the folks at the Department and the Maritime Administration that the Academy merits exceptions from federal regulations and policies, because we give computer security the very serious attention it merits, our students adhere to Academy and federal regulations, and midshipmen are subject to ongoing scrutiny within the Regiment. The two special investigators were presented with evidence this is not the case. Much is now at risk since the current administration—unimpressed with the cybersecurity efforts of the previous administration—is starting a very rigorous campaign for complete compliance with zero tolerance for those who fail to do so.

    Security does not belong to me. It’s a shared responsibility involving each of you, the administration, and most critically, the Regiment. These young men and women in the Regiment are better students, better observers than most of us are willing to acknowledge. They hear the disparaging remarks some of our colleagues are all too willing to offer (about security—and other topics), and these off-the-cuff remarks become the bedrock of students’ attitudes. There are all manner of illegal IT products in the barracks that remain in place despite ongoing inspections by midshipmen and company officers. The activities involving the illegally obtained administrative password were widely known within the Regiment.

    “From those receiving much, much is expected.” Here at the Academy, we can believe that our midshipmen should be offered every opportunity, every creature comfort that students elsewhere now regard as an entitlement. Within the Department and the Maritime Administration a different attitude prevails. While there is some dispute on the magnitude of the taxpayer’s contribution to the cost of an Academy education, the attitude often expressed in Washington, DC is: Compliance with Federal regulations is not an unreasonable price to pay for the many advantages an Academy education offers. Federal regulations prohibit gambling. Federal regulations prohibit the use of government networks for gaining access to adult themed materials. Federal regulations prohibit access to Skype, public instant messaging services, use of USB ports on personal computers, and the use of flash drives.

    We may very well have “undone” the exceptions we’ve worked hard to win where Skype, public instant messaging services, use of the USB ports (i.e., desktop printers), and flash drives are concerned. Whether or not we can yet convince the Department and the Maritime Administration that we are mindful of security here, that we have every intention of following Federal regulations, much remains to be repaired.

    V/r,

    HDW | CIO | US Merchant Marine Academy
    "
     
  2. jscam87

    jscam87 Member

    Joined:
    Dec 30, 2008
    Messages:
    223
    Likes Received:
    0
    THAT was very well written. I don't have any questions...
     
  3. kpskilegac

    kpskilegac Member

    Joined:
    Jan 8, 2009
    Messages:
    155
    Likes Received:
    3
    date of letter

    what is the date of the above letter - anyone know???
     
  4. 2013Parent

    2013Parent Member

    Joined:
    Jan 26, 2009
    Messages:
    353
    Likes Received:
    0
    It appears from the above that Skype is not an approved thing for KP Midshipmen. Can someone here, on reliable good authority, confirm whether or not Skype is acceptable for Mids to use or NOT. Please. If we just think and don't know, can one of you more well connected posters please inquire?

    The only reason I am asking is that I personally know several Midshipmen that are using it now. Even Plebes. None of these seem interested in jeopordizing their existence at KP nor do them seem interested in being catergorized as law breakers or law circumventing troublemakers. :eek:
     
  5. KPmid719

    KPmid719 Member

    Joined:
    Jul 23, 2009
    Messages:
    24
    Likes Received:
    0
    Skype is approved for use through an "exemption" clause with DOT's current IT policies. If you read the letter it states that this "exemption" could now be in jeopardy. However, as it stands, skype is good to go.
     
  6. KP13Mom

    KP13Mom Member

    Joined:
    Apr 10, 2009
    Messages:
    245
    Likes Received:
    1
    skype

    I believe Skype is good to go with upperclassmen. Shirley Anthony, USMMA Parent liason coordinator uses it. I was under the impression from my DS that Plebes are not to be using Skype but would be able to later-maybe after recognition?
     
  7. KPmid719

    KPmid719 Member

    Joined:
    Jul 23, 2009
    Messages:
    24
    Likes Received:
    0
    Correct, skype is prohibited (as well as any other VOIP/ Webcam Software) for plebes untill after recognition.
     
  8. TX2KP

    TX2KP Member

    Joined:
    Nov 21, 2008
    Messages:
    128
    Likes Received:
    0
    Posting on CC

    Here is the official complaint letter created by a midshipman, signed by members of the regiment and handed in to the RC

    M/N Alexander Wingate 1/C
    The United States Merchant Marine Academy
    Main Deck, 4th Company
    Platoon Commander

    Formal Complaint on the DoIT Policy: 07AUG2009

    The new policy outlined by the DoIT and enforced by the Commandant has raised many concerns of the practicality and purpose of such stringent requirements on midshipmen computers. As laid out in the letter to the parents of the Class of 2013,

    Each entering Plebe Class receives a standard set of computer related items. A great deal of thought and effort is reflected in the equipment and software you are each issued. The hardware and software you’ve received is more than sufficient to support your success at Kings Point.
    (USMMA Parents Page).

    According to this message, all items are provided to the midshipman for the efficient and proper use of his computer and accompanying accessories. However, this statement is not only misleading, it is down right false. Any member of 2010, 2011, or 2012 Engineers can explain to the workers in DoIT that AUTOCAD is next to impossible to complete in a timely manner without the use of an external mouse. While at sea, members of 2010, 2011, and now 2012 have found that an external hard drive is downright necessary to ensure the protection of the sea projects by backing up their files. However, these items are not only not issued, but considered contraband.

    One of the principles guiding the entrance of each Plebe Class is that no Plebe will enjoy the benefits of additional computer hardware and software unless all Plebes benefit in a similar manner. Not all families are in a position to provide their Plebes with wireless input devices, additional hard drives, additional display devices, and so on. Every Plebe pursues a degree, a USCG License, and an Officer’s Commission on a level playing field.

    Three final points: First, you are issued a 16 GB flash drive to back-up the contents of your laptop hard drive. You do not need, and cannot have, an additional hard drive. (USMMA Parents Page).

    The passage states that not only will the Class of 2013 receive 16 GB flash drive, but any items such as hard drives are prohibited. It goes on to state that any items not issued cannot be “enjoyed” since not all families are able to provide them with such. This statement creates two problems: 1) any items not issued are no longer acceptable and 2) no one in the regiment may have more than another in the setting of computer technology. In order to properly address these issues, they have each been divided into separate explanations and related to REAL WORLD examples on and off campus.

    Issue No. 1: The Use of Unacceptable Items
    According to the DoIT policy to be enforced by the Commandant of Midshipmen, the use of any items not issued to them during the course of their time on campus is prohibited. There are multiple items limited by such a claim: 1) external mouse, 2) external hard drives (dealt with in the explanation to issue 2), 3) external speakers, 4) external monitors, and 5) external keyboards. These are merely examples of a few common items commandeered by the regiment of midshipmen in order to facilitate their work on computers while spending time on campus. As ideal as it may seem to limit what midshipmen may have due to the unavailability of such items to others, this will only go to detract from the everyday requirements placed on midshipmen by both the Regiment and the Academics Department. A prime example of this is the printers provided upon entry to the Academy. On day one, each class is issued one computer, one flash drive, and a printer equipped with ONE set of printer ink. By the argument of DoIT, not only can midshipman not utilize paper that is not issued to them, but they cannot refill or buy new printer cartridges once their initial batch is empty merely because not everyone can afford them. In the same right, the concept that any items that have not been issued to a midshipman are not acceptable is quite impractical. One would be hard pressed to search a midshipman’s room and not come up with at least one item that has not been issued to them. In fact each class has been required to purchase certain items prior to their arrival at Kings Point. This concept continues today with the purchase of Books and Uniforms that do not come out of the funding from Congress, but rather the midshipman’s tuition. In fact, the computer each class receives was not due to an “issue” but rather a common purchase by the Academy utilizing the money provided in the Midshipman Tuition. Therefore, by the Academy’s argument that an individual my not have anything he or she was not issued, each class should only have a printer, a few wires, and the inability to use the Academy’s Internet Access.

    Issue No. 2:
    If the standard has been set that no one midshipman may have any items not issued since one may have more than another, the Academy would find itself in serious debt. The Class of 2010 was issued a flash drive much like the Class of 2013. However, the 2013 has one capable of 16 GB while 2010’s was only able to hold 2 GB. Therefore, the Academy would find itself purchasing new computer items every year including computers, printers, and software. It is thereby absolute necessary to have an external hard drive purchased by the midshipman to makeup for the lack of provided storage space. If such a justification can be made for the prohibiting of extra computer items, then what is to say that this justification isn’t proper for all aspects of the Academy? If this claim is legitimate, as DoIT would contend, then by their standards, the entire policies set forth by the Government require re-evaluation. By this token, all members of the military, civilian contractors, and other governmental employees should be required to be paid the same amount, since no one individual should “enjoy additional benefits”. In the set of the Academy, the entire class rate system would not only become null and void, but all individuals would revert to one set of rates. This would thereby destroy the purpose of midshipmen officers and their training constituted in the Academy’s Mission. Now, it is clear that it is in no one’s best interest to change Government or Academy policy to such an extreme, yet if the argument offered by DoIT is deemed legitimate, then one is thereby saying, it is legitimate in any element of the Academy.

    Conclusion:
    The institution of such a policy based on the statement made by DoIT on the USMMA Parents Page page in cohesion with the continuing policy outlined by Howard Wiener in the email sent to the Regiment (07AUG2009, 1355) does more to harm the Academy and its midshipmen than help. The goal is to seemingly make those individuals who cannot afford items feel better that the Academy will not allow anyone to display such frivolous behavior. This will undoubtedly come at the cost of lost work due to improper space to back-up files, the inability to use the printers, the detriment in work due to lack of necessary tools such as the external mouse, and the overall decreased morale of the midshipmen. I humbly ask the governing members of the Academy in parallel with DoIT to review the question of whether such a blanket policy is really worth it. I leave you all with a quote that seemingly has echoed itself in my mind from the moment I heard this policy would become enacted.

    The theory of Communism may be summed up in one sentence: Abolish all private property. – Karl Marx, The Communist Manifesto


    Very Respectfully Submitted,
    Midshipman Alexander R. Wingate 1st Class
    The United States Merchant Marine Academy
    Fourth Company Platoon Commander, Main Deck
    Class of 2010

    Created: 07AUG2009
    KP12345 is offline
     
  9. jasperdog

    jasperdog Member

    Joined:
    Jul 25, 2009
    Messages:
    1,032
    Likes Received:
    17
    I hope I'm not the only one who thinks M/N Wingate's argument is well written.

    Awesome job at tying it all together.

    ACTA NON VERBA!
     
  10. wac2013

    wac2013 Member

    Joined:
    Aug 14, 2009
    Messages:
    118
    Likes Received:
    0
    i for one think that its a very well written argument, although i doubt it will do much of anything in terms of changing policy. as it was presented to us in the briefing we were give, alot of this stems from new government policies, especially those involving devices that use bluetooth (as alot of the accesories listed do) because that particular technology is particularly easy to hack. i dont really know enough about it to be able to explain why, but thats what we were told. i hope the letter goes somewhere, id really like to be able to use a mouse:thumb:
     
  11. zonker

    zonker Member

    Joined:
    Jan 7, 2008
    Messages:
    168
    Likes Received:
    0
    Are external WIRED mouse/keyboard ok?
    USB variety?
    Original variety?(separate plug for mouse & keyboard -- often green & purple plug in more recent times)
    ---
    Admit to still scratching my head that DOD and DHS service academies allow, but DOT doesn't? Odd, huh.
     
  12. wac2013

    wac2013 Member

    Joined:
    Aug 14, 2009
    Messages:
    118
    Likes Received:
    0
    nope. NOTHING external other than what was issued to us. in regards to the DOD and DHS, what we were told (because thats all we know around here-lol) is that they are planning to revise their IT protocols in the near future. apparently, IT security is a big new thing with the new administration. who's to say?
     
  13. KP2013dramamama

    KP2013dramamama Member

    Joined:
    Jul 11, 2009
    Messages:
    554
    Likes Received:
    3
    Great reads from the start of this thread. Now, this question is for plebe candidates and their parents. Did you all get in writing that you were 1) not allowed to use Skype? 2) But could use IM'ng? Parents did you receive any letter regarding the above 2 questions. I'd hate to have any troubles caused by misinformation, be it through the forum, or from a midshipmen or rumorville. Thanks:thumb:
     
  14. wac2013

    wac2013 Member

    Joined:
    Aug 14, 2009
    Messages:
    118
    Likes Received:
    0
    nothing in writing that im aware of, but from what i understand, were allowed to use IM and the IM function on skype, but not the videochat. that seems to be the functioning consensus at any rate. ill check and see if i can dig up anything solid on that.
     
  15. icelander27

    icelander27 USMA Cadet

    Joined:
    Aug 5, 2008
    Messages:
    122
    Likes Received:
    0
    Here at WP Skype and all other Peer 2 Peer software has been banned.
     
  16. 2013Parent

    2013Parent Member

    Joined:
    Jan 26, 2009
    Messages:
    353
    Likes Received:
    0
    I am not sure of the Command Structure for a Plebe, other than EVERYONE is above them!......Who does a Plebe report to? Next in line? and so forth.....anyway.....in any event, the use of Skype is, well, unclear.

    Who has told what and in Military parlance, given the order, and even what the order is....again, unclear......ask 100 Plebes and you will get different answers.....Maybe not 100 different answers, but enough difference among pretty intelligent young people to know, the communicaton may need a bit of focus.

    Skype is a software application. It allows users to make voice calls over the Internet. Other features include instant messaging, file transfer and video conferencing. It's been around several years.

    Some Plebes have been told "No Skype"....some have been told..."ok to use the IM".....others have been told; "No Video calls"......

    I am guessing that all the other classes are permitted to use all it's features, but boy, that sure seems like a much greater risk than a wired mouse, wireless mouse or even Mickey Mouse :biggrin:
     
  17. KPmid719

    KPmid719 Member

    Joined:
    Jul 23, 2009
    Messages:
    24
    Likes Received:
    0
    Here is your clear answer for the use of skype for plebes: It is NOT allowed. Skype as a whole, not just certain parts either. It is in their standards of conduct, which they have all received and should have reviewed.
     
  18. 2013Parent

    2013Parent Member

    Joined:
    Jan 26, 2009
    Messages:
    353
    Likes Received:
    0
    Wow....i guess WAC2013 (and many others) missed that in their documentation........"Standard of Conduct" ..... Thanks!
     
  19. wac2013

    wac2013 Member

    Joined:
    Aug 14, 2009
    Messages:
    118
    Likes Received:
    0
    yea, should have revised my post. i read those last night, we keep getting revised standards and recs and all sorts of stuff. sometimes it takes a bit til you get around to reading them. no skype.

    frankly, i dont use it anyway, but i doubt its gonna stop many people:rolleyes:
     
  20. 2013Parent

    2013Parent Member

    Joined:
    Jan 26, 2009
    Messages:
    353
    Likes Received:
    0
    So, Facebook IM ok, Skype IM a no go.....correct? I am just asking because it it not my intention to be an unaware participant in something that is forbidden.
     

Share This Page