TPI is short for Two Person Integrity and its weaponized counterpart is the No Lone Zone but with less attitude, ie, nobody carries a gun doing TPI unlike No Lone Zones which were rooms stuffed with nuclear weapons and guarded by armed guards whenever the locks and alarms were off. But, back to the subject at hand, the i in TPI and that would be me.
TPI for crypto came about because one day a few people woke up and realized that literally anybody who ever had routine access to cryptographic keys used for secure telecommunications could sell them to the Russians and nobody would ever figure it out. So yeah, we were in the cryptographic business for about 70 years before any of the clever dicks picked up on that. Once they did it was decreed that all crypto would require two person integrity when in the custodian's hands. We went from having one custodian per command to having at least 4 of them.
It required a change in the way we did business because some things were not designed from the outset for TPI and the largest among things not designed for TPI was the actual vault or crypto rooms. They only had one lock on the door and it was usually a combination lock that only the custodian had access to. The solution initially was easy enough, you let one custodian keep that combination and all the crypto would be locked inside the vault in safes which had a combination that he didn't know. Easy.
We branched out and while the one lock entry stayed common in my world, the safes started to get multiple combinations because that's the nature of things. The single access controlled by one lock to the vault or crypto room was necessary because there is an enormous amount of paperwork required to keep and maintain crypto records and the crypto itself and it is best done in the vault by the primary custodian.
Where it got tricky was in the mobile units that took cryptographic keys and keying materials into the field and stored it inside a TPI safe. Since the people going into the field varied each time, it was necessary to set the locks on that safe each time it went out on a trip and one of the trickier things to learn for some morons is how to set a safe combination. Can you guess what happens when a moron tries to set a combination and slams the safe closed and the combination set into the safe fails to open the safe? Yeah, two things happen depending on whether you have gone into the field or not. First, you need to call a locksmith. Two, you no longer have any way to secure TPI crypto without posting a 24 hour guard and impressing on said guards that that guy! is not to be allowed to access the safe unless that other guy! is with him.
If you do this in the field and it goes wrong you also have lost the ability to go to New Day on your radios and depending on the length of time left in the crypto key segment set in each radio and device, you and everyone else involved look like idiots.
I/me had my alternate custodians go over setting safe combination locks until they got it right every time and could show me that they were following the damned procedures step by step until they got to the end which also meant opening and closing the combination lock with the safe door/drawer open. As custodian for two mobile units I also made damn sure the combinations were changed before leaving for the field and wonder of wonders, that they were written down and stored appropriately.
I later worked in the Program Office/In Service Engineering Agent where the mobile surveillance systems went for upgrades and repairs and just about every one of them required one or two new safes every year because, drilled, wasn't it?
Unforced errors are the worst.
1 comment:
The day after a new spark: Over the Satellite Orderwire, "can you bump your Teds?" Then the whole system blinks.
Post a Comment