Speaking as someone with some military experience, almost certainly the second. Military computers are locked down excessively, often in ways that are actually counter to real security. Policy is reactionary, and is all-too-often simultaneously too narrow and too broad (in orthogonal ways) which ends up impacting usability while not really adding any security.