The following was gleaned from another forum. I am not a KPer but just a helicopter parent, I do have 10 years AD USARMY experience. I have seen with my 2013 DS that I often know stuff before he does because I have time to read the fine print/forums, hence I think this is important for parents to know and share. I can't help but think if more Mids had been a bit more honest in past years and taken internet/intranet security a bit more seriously our current PC's and Mids wouldn't be fussing with the "new restrictions". Most of which are just enhanced enforcements of previous restrictions they should have followed to start with. Doesn't anyone do personal responsibility and integrity anymore?
The QUOTE,
"Here's the latest from everyone's favorite, HDW:
Folks:
Working with the Campus Police and Investigators from the U.S. Department of Transportation’s Office of the Inspector General (OIG), we have recently completed an investigation of a security breach that came to our attention this past spring term. The implications of this security breach are quite serious, and chief among them is the perception of the OIG investigation team that our midshipmen view computer security, and efforts to comply with federal regulations in this area, as the object of derision. It is quite possible the US DoT CIO will be unwilling to continue supporting a number of the Academy’s previously approved exceptions to federal security policy, e.g., Skype, public instant messaging services, access to social networking sites, among others.
Here’s what happened:
In February and March, our normal surveillance disclosed a small number of (then Plebes) of members from the Class of 2012 replaced the Academy’s official version of Windows on their laptops with an unapproved version. This permitted the Plebes to circumvent all of the security features and protections of the Federal Desktop Core Configuration (FDCC) mandated by the President’s Office of Management and Budget. We called in each Plebe involved, provided personal counseling (once again), and restored the official version of Windows on their laptops. One Plebe—now resigned—used his iPhone to photograph a copy of the administrative password a contract staff member in DoIT had written on paper. The OIG investigators have since discovered the photograph.
This Plebe used the administrative password to start a campaign of “unlocking” laptops in the Regiment. Most of the activity was restricted to members of the Class of 2012, but there were a few midshipmen from the Classes of 2009 and 2010 involved as well. The administrative password was passed from one midshipman to the next by email. Armed with their illegally obtained administrative rights, some midshipmen installed hacking software, other software, and managed to avoid all of the web access restrictions judged to be necessary by the Superintendent and Commandant. The “seminal Plebe” also bragged that he had managed to hack into the Academy’s grading system database. [There is no evidence supporting this claim, yet.]
This particular Plebe went on to organize a group of like minded Plebes at an internet gambling site featuring numerous games of chance, including Poker. The Plebes involved in gambling wagered thousands of dollars among themselves. Needless to say, some won and others lost. Campus Police investigated a rash of thefts in the barracks involving cash and (allegedly legally obtained) prescription drugs. Once the police investigation lead to gambling over the internet our respective investigations converged.
This past week, two special investigators from the OIG interviewed two members of the Class of 2012. What emerged from those interviews is distressing and is likely to appear in the OIG’s formal report. The two interviewed report that attempts to circumvent federally mandated security restrictions is wide spread in the Regiment, everyone involved knows this activity is unauthorized, violates Superintendent’s Instructions, and is illegal. Yet, they engage in these activities nevertheless. Apparently, they view safety in the numbers of those involved.
We have managed to convince the folks at the Department and the Maritime Administration that the Academy merits exceptions from federal regulations and policies, because we give computer security the very serious attention it merits, our students adhere to Academy and federal regulations, and midshipmen are subject to ongoing scrutiny within the Regiment. The two special investigators were presented with evidence this is not the case. Much is now at risk since the current administration—unimpressed with the cybersecurity efforts of the previous administration—is starting a very rigorous campaign for complete compliance with zero tolerance for those who fail to do so.
Security does not belong to me. It’s a shared responsibility involving each of you, the administration, and most critically, the Regiment. These young men and women in the Regiment are better students, better observers than most of us are willing to acknowledge. They hear the disparaging remarks some of our colleagues are all too willing to offer (about security—and other topics), and these off-the-cuff remarks become the bedrock of students’ attitudes. There are all manner of illegal IT products in the barracks that remain in place despite ongoing inspections by midshipmen and company officers. The activities involving the illegally obtained administrative password were widely known within the Regiment.
“From those receiving much, much is expected.” Here at the Academy, we can believe that our midshipmen should be offered every opportunity, every creature comfort that students elsewhere now regard as an entitlement. Within the Department and the Maritime Administration a different attitude prevails. While there is some dispute on the magnitude of the taxpayer’s contribution to the cost of an Academy education, the attitude often expressed in Washington, DC is: Compliance with Federal regulations is not an unreasonable price to pay for the many advantages an Academy education offers. Federal regulations prohibit gambling. Federal regulations prohibit the use of government networks for gaining access to adult themed materials. Federal regulations prohibit access to Skype, public instant messaging services, use of USB ports on personal computers, and the use of flash drives.
We may very well have “undone” the exceptions we’ve worked hard to win where Skype, public instant messaging services, use of the USB ports (i.e., desktop printers), and flash drives are concerned. Whether or not we can yet convince the Department and the Maritime Administration that we are mindful of security here, that we have every intention of following Federal regulations, much remains to be repaired.
V/r,
HDW | CIO | US Merchant Marine Academy "
The QUOTE,
"Here's the latest from everyone's favorite, HDW:
Folks:
Working with the Campus Police and Investigators from the U.S. Department of Transportation’s Office of the Inspector General (OIG), we have recently completed an investigation of a security breach that came to our attention this past spring term. The implications of this security breach are quite serious, and chief among them is the perception of the OIG investigation team that our midshipmen view computer security, and efforts to comply with federal regulations in this area, as the object of derision. It is quite possible the US DoT CIO will be unwilling to continue supporting a number of the Academy’s previously approved exceptions to federal security policy, e.g., Skype, public instant messaging services, access to social networking sites, among others.
Here’s what happened:
In February and March, our normal surveillance disclosed a small number of (then Plebes) of members from the Class of 2012 replaced the Academy’s official version of Windows on their laptops with an unapproved version. This permitted the Plebes to circumvent all of the security features and protections of the Federal Desktop Core Configuration (FDCC) mandated by the President’s Office of Management and Budget. We called in each Plebe involved, provided personal counseling (once again), and restored the official version of Windows on their laptops. One Plebe—now resigned—used his iPhone to photograph a copy of the administrative password a contract staff member in DoIT had written on paper. The OIG investigators have since discovered the photograph.
This Plebe used the administrative password to start a campaign of “unlocking” laptops in the Regiment. Most of the activity was restricted to members of the Class of 2012, but there were a few midshipmen from the Classes of 2009 and 2010 involved as well. The administrative password was passed from one midshipman to the next by email. Armed with their illegally obtained administrative rights, some midshipmen installed hacking software, other software, and managed to avoid all of the web access restrictions judged to be necessary by the Superintendent and Commandant. The “seminal Plebe” also bragged that he had managed to hack into the Academy’s grading system database. [There is no evidence supporting this claim, yet.]
This particular Plebe went on to organize a group of like minded Plebes at an internet gambling site featuring numerous games of chance, including Poker. The Plebes involved in gambling wagered thousands of dollars among themselves. Needless to say, some won and others lost. Campus Police investigated a rash of thefts in the barracks involving cash and (allegedly legally obtained) prescription drugs. Once the police investigation lead to gambling over the internet our respective investigations converged.
This past week, two special investigators from the OIG interviewed two members of the Class of 2012. What emerged from those interviews is distressing and is likely to appear in the OIG’s formal report. The two interviewed report that attempts to circumvent federally mandated security restrictions is wide spread in the Regiment, everyone involved knows this activity is unauthorized, violates Superintendent’s Instructions, and is illegal. Yet, they engage in these activities nevertheless. Apparently, they view safety in the numbers of those involved.
We have managed to convince the folks at the Department and the Maritime Administration that the Academy merits exceptions from federal regulations and policies, because we give computer security the very serious attention it merits, our students adhere to Academy and federal regulations, and midshipmen are subject to ongoing scrutiny within the Regiment. The two special investigators were presented with evidence this is not the case. Much is now at risk since the current administration—unimpressed with the cybersecurity efforts of the previous administration—is starting a very rigorous campaign for complete compliance with zero tolerance for those who fail to do so.
Security does not belong to me. It’s a shared responsibility involving each of you, the administration, and most critically, the Regiment. These young men and women in the Regiment are better students, better observers than most of us are willing to acknowledge. They hear the disparaging remarks some of our colleagues are all too willing to offer (about security—and other topics), and these off-the-cuff remarks become the bedrock of students’ attitudes. There are all manner of illegal IT products in the barracks that remain in place despite ongoing inspections by midshipmen and company officers. The activities involving the illegally obtained administrative password were widely known within the Regiment.
“From those receiving much, much is expected.” Here at the Academy, we can believe that our midshipmen should be offered every opportunity, every creature comfort that students elsewhere now regard as an entitlement. Within the Department and the Maritime Administration a different attitude prevails. While there is some dispute on the magnitude of the taxpayer’s contribution to the cost of an Academy education, the attitude often expressed in Washington, DC is: Compliance with Federal regulations is not an unreasonable price to pay for the many advantages an Academy education offers. Federal regulations prohibit gambling. Federal regulations prohibit the use of government networks for gaining access to adult themed materials. Federal regulations prohibit access to Skype, public instant messaging services, use of USB ports on personal computers, and the use of flash drives.
We may very well have “undone” the exceptions we’ve worked hard to win where Skype, public instant messaging services, use of the USB ports (i.e., desktop printers), and flash drives are concerned. Whether or not we can yet convince the Department and the Maritime Administration that we are mindful of security here, that we have every intention of following Federal regulations, much remains to be repaired.
V/r,
HDW | CIO | US Merchant Marine Academy "