http://www.gcn.com/online/vol1_no1/43200-1.html By Jana Cranmer GCN Staff 02/26/07 The FBI has reduced notebook PC losses by 312 percent since 2002, but the bureau has failed to adequately report whether stolen computers contain classified or sensitive data, the Justice Department Office of the Inspector General said in an audit report [1] last week. When losses occur, the FBI must timely report the loss, be able to identify the contents of lost laptops and determine whether the laptop is encrypted, the bureaus IG said in a follow-up report to a 2002 analysis. In addition, the FBI must investigate these losses and thefts, enter required data into the National Crime Information Center and report the losses to the DOJ as required. The IGs most troubling discovery was the FBI could not determine in many cases whether the lost or stolen laptop computers contained sensitive or classified information. The FBIs data was incomplete, auditors found. Of the 160 notebooks that disappeared between February 2002 and September 2006, employees filed only 152 forms to provide information about whether the notebooks contained sensitive or classified information. This information could include counterintelligence or counterterrorism case information, personal identifying information or classified information on FBI operations, the report said. The forms revealed that eight missing notebooks contained sensitive classified information, but these forms failed to provide a complete picture of the losses. The auditor said 43 other forms did not state whether the lost notebook contained sensitive or classified information. Without knowing the contents of these lost and stolen laptop computers, it is impossible for the FBI to know the extent of the damage these losses might have had on its operations or on national security, the audit said. In addition to the insufficient information reported on these forms, employees reported in a less than timely manner that 38 notebooks were missing -- more than 10 days after their disappearances -- delaying loss investigations. After discovering the FBIs insufficient tracking of missing notebooks, auditors recommended that the FBI: * Maintain adequate records on how many notebooks are authorized to hold classified information. * Document the disposal of excess notebooks and hard drives to ensure sanitation of all sensitive or classified information prior to disposal. * Report weapon and notebook losses to DOJ. * Ensure that property is recovered from employees before they leave the FBI. * Adhere to its policy on property storage. The bureau agreed with most of the recommendations and plans to implement them. While the Inspector General acknowledged that the loss of certain resources is inevitable in an organization the size of the FBI we nevertheless stand committed to increasing the institutional and personal accountability to further increase the progress we have made in minimizing the loss of information technology components, said FBI assistant director John Miller in response to the audit. [1] http://www.usdoj.gov/oig/reports/FBI/a0718/final.pdf ______________________________________ Subscribe to the InfoSec News RSS Feed http://www.infosecnews.org/isn.rss
This archive was generated by hypermail 2.1.3 : Tue Feb 27 2007 - 00:40:10 PST