Stupid Management Policies

So, this is something that has bothered me for a long time. The military, and by extension the federal government, certainly appears to be run by incompetent imbeciles. Of course, nearly everyone knows this already so I’m probably not saying anything that isn’t already known. But I need to vent.

Recently, a military command had an “outbreak” of a computer virus. The number of infected computers dropped though; it started out at over 150, then dropped to 30 or so, and finally something 7 computers were actually infected. I don’t know why the numbers dropped; normally they go up when a virus is detected.

This particular virus is transferred via USB thumb drives, much like the old viruses that moved via floppies. Because military personnel, especially senior officers, can’t seem to follow policies, the virus was transferred from the unsecure network to the secure networks; people would copy files from the Internet or email and “need” to put them onto their classified system for some reason.

Now, this is a blatant violation of several security policies, but they do it anyways. Additionally, even though anti-virus software is installed on all computers, it’s not set up to automatically scan new media. In my opinion, this is quite stupid. The capability has been there for more than decade; I remember having to wait when I inserted a floppy disk so the AV software could scan it.

So, rather than enforcing their policies or auto-scanning the thumb drives when inserted, senior leadership has decided that the best way to prevent another outbreak is to lock down the USB ports on all computers. In my technical opinion, these people are morons. It’s just another case of the uneducated making knee-jerk policies without getting advice. Well, advice from the frontlines; they probably have a gaggle of “yes men” to agree with them.

The problem, as I see it, is that you haven’t stopped the spread of viruses. Sure, you can’t transfer files via thumb drive. So now users are required to transfer files using CDs. Hello, you’ve simply moved the virus vector. And now the virus is confined to non-writable media; it can’t be quarantined and removed from the disc. Since no one is scanning their media, a single disc can do just as much damage as a thumb drive can; maybe more because the virus can’t be removed from the disc.

Another problem is that a lot of people have to deal with satellite images, recon photos, maps, and other large data files. One group needs some maps that take up 90 GBs. Previously they were transferring files with a USB hard drive. Now, they have to burn DVDs; 90GBs is a lot of DVDs.

Of course, the network can’t handle massive file transfers, much less the storage. Heck, at least once a month the SharePoint portal goes down (that’s another gripe). So, even if people wanted to enforce the network policies, the network can’t handle it.

I figure it will last for a few weeks until someone who is high enough gets tired of this BS and changes the policy. Of course, that’s assuming that the policy affects the higher mucky-mucks; they have a tendency to avoid these atrocious policies. However, they will still have to deal with people griping and complaining. If someone is smart, he would use the excuse that a vital brief may have to be held up because the new policies prevent him from getting the data. That would get leadership to fix the policy in a hearbeat.