[ISN] Energy halts use of classified discs, drives

From: InfoSec News (isn@private)
Date: Mon Jul 26 2004 - 03:27:22 PDT


By Sarita Chourey 
Published on July 23, 2004

Energy Secretary Spencer Abraham ordered today all Energy Department
operations to halt using controlled removable electronic media (CREM)  
to improve media protection procedures.

Abraham's directive follows an announcement earlier this month that
Los Alamos National Laboratory employees had lost two Zip discs
containing classified material. Lab workers are searching for the
discs amid more than 2,000 safes and vaults. The lab's director has
halted all operations at Los Alamos, and Abraham has directed that
classified operations will not resume until Energy's deputy secretary,
Kyle McSlarrow, and the National Nuclear Security Administration's
administrator, Linton Brooks, confirm that newly implemented
corrective actions improve CREM management.

"While we have no evidence that the problems currently being
investigated are present elsewhere, we have a responsibility to take
all necessary action to prevent such problems from occurring at all,"  
Abraham said in a statement.

CREM includes all types of classified hard drives or computer discs.

In May, Abraham called for a variety of security reforms, including
several that affect the way the agency protects classified data. Among
the reforms is an initiative to move toward disk-free computer
environments and keyless security possibly involving a biometric

At the recommendation of McSlarrow and Brooks, Abraham announced a
CREM stand down and details of a plan, effective July 26. "These
procedures are designed to guarantee a complete inventory of our
classified electronic holdings and make certain that specific
individuals can be held responsible and accountable for future
problems," Abraham said in a statement.

Some elements of the plan include:

* A 100 percent initial physical inventory of accountable CREM
  followed by weekly inventories.

* Trained staff will control repositories for all accountable CREM.

* Create a formal checkout process for all accountable CREM.

* An independent validation team will verify the protocols before the
  operation gets back to normal.

The halt to the use of classified discs and hard drives will continue
at Energy facilities until each "conducts appropriate training,
reviews security procedures, ensures complete and accountable
custodial responsibility, and arranges for a complete inventory,"  
Abraham said.

Help InfoSec News with a donation: http://www.c4i.org/donation.html

This archive was generated by hypermail 2.1.3 : Mon Jul 26 2004 - 04:29:58 PDT