It’s happened again. One of my co-workers needs me to get a file off a machine so that I can take care of an issue.
Fortunately, the password is written on a sticky note under the keyboard. Took a minute to find it, but I knew it had to be there. It had to be there because this station group is terrified of IT, has no skills to manage it and has hobbled its management, engineering, and frankly, every productive employee to the rule of the IT department.
The IT department preaches fear. If we don’t change our passwords every five days, if the passwords are not gibberish designed to be un-memorizable and if we’re not prohibited from reusing passwords in any manner, the world will come to an end. “Believe me!” claims a tattooed couch-potato wearing a T-shirt emblazoned with the firm belief that vaccines are a conspiracy. He’s tossing red meat about what will all happen when — not if — the IT system is attacked.
THE LESSON OF 2000
Y2K was a lesson. For months, we filled out paperwork and planned. Hundreds of hours. Yards of file folders filled with documentation of protections for the coming disaster.
At one point, I explained that the toilets were not date-aware and thus would need no remediation. The conversation did not go well. HR insisted that I treat the IT/security team with more respect, and my boss said “just play along.”
I have a document with plenty of pictures and descriptive text showing me in front of a “vulnerable” (by definition; any pre-1980 device was vulnerable) transmitter with no brains whatsoever, showing it a clock as the clock artificially clicked past midnight simulating the date of doom. This “proof” of Y2K compliance was accepted.
I have a lot of tools. Some of them are software. Little utilities like a VSWR calculator or a text parser for a particular SNMP device. I connect the USB drive, and find a spread sheet from an old project I want to use as a template for today’s project. I print it out, then come back to see a computer screen listing the files on my tool drive that Symantec has identified as evil and is deleting. I try to stop/reverse this, but I’m locked out, the blood bath over. Time lost, not saved.
I foolishly go to the IT folks for help or sympathy. I’m told I violated the rules. I had the drive scanned by IT a few weeks ago just so I could do exactly this. They go into a rant of alternative facts. The GM hears this, but says nothing. They are thrilled that they tightened the Symantec end point protection, and their bot killed something. This is a victory. A demonstration of power. They drone on about how we need to build walls.
I go back to work. The phone buzzes with an email… there’s one every day. IT is changing the guest password. Again.
We have few guests. No rational person would care if they logged in, and now I have to change the signs in the lobby and conference rooms. They don’t. Not because they are lazy, but because they have absolutely no idea that there are consequences to their actions. Guest internet is a hole in their wall.
I follow the link to SharePoint, look up my un-memorizable password, because no way would just putting the new public guest password in the email be difficult, slow or secure enough.
Mention that IT voodoo wastes resources, and you get a rant on how someone is going to log into the lobby from a black van in the parking lot and steal our internet and compromise our systems. Management bows.
The equation is simple: Maybe waste resources or risk being culpable when an IT apocalypse comes. Who am I to say this risk is imaginary? I’m not the IT “professional.”
I’m quiet, but I’ll make three notes (because I can) in this anonymous column:
1. As a radio station group that specializes in playing music anyone can get from any number of sources, I don’t think a cyber-terror attack is going to be that big of a loss to society.
2. Security is a good thing, to a point, but what’s going on here is irrational, counterproductive and just plain stupid. The cyberterrorists are down the hall, and it’s more than OK, it’s absolutely critical, that any useful employee beat the system. Every time you leave a note with a critical password where it will save the station, you are doing god’s work.
3. Broadcast engineers are generally a lot better at IT than IT people are at broadcasting, and broadcasting is our business.
“It’ll be great. It’ll be the best IT system ever.” There are a lot of IT emperors leading parades in invisible clothes. Why are we following?
The Wandering Engineer is an industry stalwart who has been in broadcasting since the days of Marconi and Tesla. He gives his thoughts on the current state of broadcast engineering and the broadcast engineer.