http://www.gcn.com/print/26_13/44394-1.html By Joab Jackson GCN 06/04/07 issue The Energy Department has launched a new effort to keep tighter control of its mobile computing units, following the recent disclosure that the department has lost 1,415 laptop PCs during the past six years, agency officials said. DOE Secretary Samuel Bodman expects to take immediate actions to correct this, department spokeswoman Megan Barnett said. Were moving in a serious and deliberative manner. DOE notified Congress of the lost laptops late last month. The figure represents approximately 2 percent of its current inventory of laptop computers; about 71,874 units are used either by agency personnel or contractors. Since his appointment in 2005, Bodman has recognized that management deficiencies have been an issue throughout the history of the department, Barnett said. He has been working to fully identify weaknesses and correct them at their source in regard to computer inventory control. Barnett added that the laptop issue is is something that has been developing over many years. As a result of the findings, which track missing units up until June 2006, Bodman ordered a full inventory of laptops, which subsequently recovered 100 of the units. The agency has already been taking a number of other steps to minimize future losses, Barnett said. For instance, the agency has implemented a rule that requires employees to report missing property within 24 hours of noticing the loss. The agency plans to beef up its reporting capabilities to better detail the circumstances of the loss. Senior managers will have to verify that their offices are in compliance with these policies. In addition, the agency has been stressing that employees take better care of the property that is checked out. Those who get laptops must now sign a statement acknowledging their responsibility for the equipment. And closer scrutiny will be in place to ensure employees return all equipment that has been checked out when they leave DOE. During the next 120 days, DOE will take additional steps. For instance, contractor performance plans are being revised to spell out the responsibility for keeping track of equipment. Contractors must do inventories and make sure the equipment is updated. Property management performance will be part of business management performance, Barnett said. None of the individuals to whom the missing laptops were issued were disciplined. DOE said none of the stolen or lost laptops carried classified information. Two possibly held personal information one had a resume and the other carried a performance evaluation and one possibly contained an internal Office Use Only document. The reported loss of personal computers is the latest in a long line of disclosure by government agencies. Earlier last month, the Transportation Security Administration alerted the FBI and Secret Service of a lost hard drive containing information on 100,000 current and former workers. In February, the Justice Departments inspector general found that 160 FBI laptop PCs had been lost or stolen during a 44-month period. And last November, the Armys Accessions Command in Fort Monroe, Va., reported that a laptop PC with personal information on 4,600 scholarship applicants for the Reserve Officer Training Corps had gone missing. In May 2006, the Veterans Affairs Department had one of the most notable losses, when a laptop with information on as many as 26 million veterans was stolen from a VA employees home. The laptop was recovered, and its information had not been accessed. In August 2006, VA instituted a policy of encrypting all its laptop PCs. Last September, Rep. Tom Davis (R-Va.), then chairman of the Government Reform Committee (now ranking member), introduced the Federal Agency Data Breach Protection Act, which calls for stronger rules about agencies disclosing data loss. The act never made it out of committee, however. Why cant anyone take this more seriously? Usually, heads roll when something like this happens in the private sector. But in the public sector, the consequences seem minimal, said Adam Thierer, a senior fellow at the Progress and Freedom Foundation, a Washington think tank covering technology issues. These machines should be bolted to the desk. And there should be some straightforward rules that are in place, he said. GCN senior writer Patience Wait contributed to this story. _____________________________________________________ Attend Black Hat USA, July 28-August 2 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 30 hands-on training courses and 90 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 70 nations. Visit product displays by 30 top sponsors in a relaxed setting. Rates increase on June 1 so register today. http://www.blackhat.com
This archive was generated by hypermail 2.1.3 : Fri Jun 08 2007 - 07:26:28 PDT