Could a TV threaten your staff's security? -TEISS® : Cracking Cyber Security

Information Security / Could a TV threaten your staff’s security?

Could a TV threaten your staff’s security?

Security is the art and science of protecting people. Sometimes, the “personnel security” subdiscipline involves defending people against environmental threats like irritating repetitive noise … from a public television.

I’d like to share a personal opinion on workplace happiness: if your office has some areas featuring television monitors that you can’t control and some other areas without TVs, I suggest trying to situate your workstation away from the monitor if possible. I know it seems counter-intuitive, but there’s a reason for it. The same rule applies to areas that pipe in music that you can’t control: find a place away from the speakers.

I expect to receive my fair share of flak over this position. Heck, I can make the other side’s points as well as anyone: tuning a public monitor to a 24/7 news channel can help people stay up-to-the-minute on breaking stories, a 24/7 weather channel can help people respond to dangerous storms in time to save life and property, a business-specific feed helps people keep their notional finger on the pulse of the markets.

Further, looking away from your PC occasionally to let your mind refresh can be physiologically beneficial for your eyes and your blood pressure. Just because lots of broadcast media is disposable dreck doesn’t mean that TV and radio are utterly devoid of worth. Not at all.

What I’m on about is the problem of not having control over the devices in your workspace. Publicly-placed television monitors tend to be locked down so that they’ll only show owner-approved content. This is a rational and reasonable safety measure; no business wants a visitor changing the feed to something scandalous.

Similarly, music piped into public areas tends to be locked down so that listeners only encounter properly-licensed and inoffensive content. It makes sense to set your company’s broadcast equipment up to deliver approved content only, and then to lock the equipment so that it can’t be changed – either by accident or a malicious prankster’s deliberate action.

Never underestimate the lengths that people will go to for a laugh. I’ve known bored soldiers who would acquire remote controls just to mess with the TVs in their unit orderly room to shock or embarrass their sergeants.

Yet locking down your equipment means that the people who occupy the space where the TV monitors or radio speakers are located can’t change the channel. I know that seems blindingly obvious; didn’t I just say that preventing anyone from changing the content was both appropriate and necessary? Yes, I did and yes, it is. I argue that it’s necessary from the perspective of management to mitigate the threat of offending people. That said, what about the threat of driving workers barmy?

Writer Adam Johnson penned an article for CBC’s Radio Canada last month titled “Starbucks’ music is driving employees nuts. “ In it, he compared the use of music played at businesses to tactics used at the Guantanamo Bay Detention Camp. In his words:

"[It's] the same system that's used to … flood people out of, you know, the Branch Davidian in Waco or was used on terror suspects in Guantanamo — they use the repetition of music … I'm not suggesting that working at Applebee's is the same as being at Guantanamo, but the principle's the same." Johnson suggests that the piped-in music should be considered a workers’ rights issue; one that should be treated by health inspectors as an influential factor in evaluating and rectifying poor working conditions.

Later in the Radio Canada article, cognitive neuroscientist Jessica Grahn said that repetitive music in the workplace “… can be a very effective way of the external environment impinging, without our control, on our sensory processing. Because we can't close our ears, it's very effective if somebody else has control of our sonic environment. We can do nothing about that, and that can be pretty debilitating.”

I’ve always found the experience to be like a migraine headache. I was surprised to learn that the prolonged stress effects can truly be physiological.

I second Professor Grahn’s position. As a soldier, I spent a summer working in a signals battalion in Korea that – among other tasks – was responsible for broadcasting the U.S. Armed Forces Korea Network. The orderly room I worked out of was required to keep a television turned on all day every day. Whoever was assigned as the duty clerk wasn’t required to watch what was showing, but they were required to monitor the set to ensure that the picture and audio never dropped or degraded. If a glitch occurred, they sounded an alarm.

Seems like a great job, right? Sit indoors for eight to twelve hours at a stretch and watch soap operas instead of marching up and down mountains or digging foxholes. Except …. No. The soldiers I worked with went to extraordinary lengths to find excuses that would allow them to go somewhere else. Anywhere else. It didn’t matter how arduous the work was; the orderly room clerks couldn’t stand the repetitive content.

Sure, the job was a cake walk for the first week. By the second week, the TV became annoying background noise. By the third week, the sound started grating on one’s nerves like fingernails on a chalkboard. You didn’t even have to see the TV for it to affect you; you could close your eyes to the flickering images, but you couldn’t stop hearing the audio. By the fourth week, everyone had memorized all the repeated segments. [1] As soon as the first musical note or line of dialogue started, the rest of the segment flooded into the listener’s mind uninvited and impossible to drown out. By the fifth week, digging latrines in the sweltering summer heat seemed like a better option… because the field was free of adverts.

Security, remember, is operationally defined in the Oxford English Dictionary as “The state of being free from danger or threat.” In this case, the “danger” is the negative affect that repetitive aural input can have on the human mind. The more that a person is forced to listen to unwanted noise, the more the repeated sound grates on the nerves. That’s why looped music that can’t be changed, paused, or stopped is commonly used as a harassment or interrogation technique. We should be sensitive to our colleagues who might be exposed to continuous repeated audio content out of their control as it could become a perceived threat.

Finding oneself powerless in the workplace can hamper morale and discipline.

I propose that consideration of and opportunities for mitigation falls into our domain as security professionals. Maybe not exclusively ours, but we’re involved to detect, mitigate, and monitor the threat.

As a reminder, the UK government’s Centre for the Protection of National Infrastructure defines the subdiscipline of “Personnel and People Security” as being about “shaping and controlling the environment to promote vigilance and an effective security culture, and to influence and deter those seeking to cause harm.” Notice that it doesn’t say “those people outside the organisation seeking to cause harm.” Our own best intentions inside an organisation can become a hazard if deployed or maintained incorrectly.

That’s why security professionals often urge our business units to use their public television sets and overhead speaker systems judiciously. We understand that they serve a legitimate business purpose, and we approve of their deployment … so long as they’re used wisely. This means we keep televisions above the natural sight-line so the flickering images don’t compete for workers’ attention.

TVs and some speaker systems should also be muted by default so they’re not distracting when not specifically needed. We retain the ability to change broadcast systems as-needed … and to turn them off the moment they’re no longer required. Security control measures like these keep internal broadcast infrastructure viable as a business tool and prevents them from becoming an inadvertent threat to our colleagues’ health, morale, and sanity.

Personnel security is an oft-overlooked aspect of security, but it’s essential to every organisation’s success: without people, you don’t have an organisation. Just a building full of idling equipment … and, sometimes, some infinitely repeating commercials echoing among the empty workstations.

[1] Imagine military-produced adverts, only selling the viewer on re-enlisting rather than buying a specific brand of soap.

The following two tabs change content below.

Keil Hubert

Keil Hubert is the head of Security Training and Awareness for OCC, the world’s largest equity derivatives clearing organization, headquartered in Chicago, Illinois. Prior to joining OCC, Keil has been a U.S. Army medical IT officer, a U.S.A.F. Cyberspace Operations officer, a small businessman, an author, and several different variations of commercial sector IT consultant. Keil deconstructed a cybersecurity breach in his presentation at TEISS 2014, and has served as Business Reporter’s resident U.S. ‘blogger since 2012. His books on applied leadership, business culture, and talent management are available on Amazon.com. Keil is based out of Dallas, Texas.

Comments

Get the latest cyber news in your inbox

Join our community of cyber professionals today!