http://washingtontimes.com/apps/pbcs.dll/article?AID=/20080329/NATION/670184430/1001 By Jerry Seper The Washington Times March 29, 2008 More than 90 weapons and 230 laptop computers belonging to the Drug Enforcement Administration have turned up missing over the past five years and, despite efforts by the agency to address weaknesses in tracking the items, "significant deficiencies" remain, a report said yesterday. The lost and stolen weapons include pistols, rifles, shotguns and a submachine gun, said a 105-page report by the Justice Department's Office of Inspector General, which also noted that DEA officials could not say how 198 of the 231 laptop computers came to be missing. Inspector General Glenn A. Fine said the DEA was unable to provide assurance that 226 of the 231 lost or stolen laptop computers did not contain "sensitive or personally identifiable" information, adding that few of the missing laptops were protected by encryption software. "The DEA has made improvements to its internal controls over weapons and laptop computers since our 2002 audit, such as conducting physical inventories and reconciling these inventories to its financial system records," Mr. Fine said. "However, we concluded that the DEA still requires significant improvement in its overall controls on weapons and laptops." DEA spokesman Garrison K. Courtney said yesterday the agency has made significant improvements in its rate of loss for laptops, adding that in instances when weapons were lost or stolen, "appropriate disciplinary actions" were taken. He noted that the IG's report said the DEA was following the appropriate methodology in regard to the inventory of weapons and laptops. "DEA has recently implemented new interim policy regarding the detailed reporting of lost, stolen and missing laptop computers by all DEA personnel, as well as reporting potential losses of sensitive information ... that may have been contained on lost and stolen laptops," Mr. Courtney said. Mr. Fine blamed "carelessness" by DEA agents as resulting in many of the instances of lost or stolen weapons, saying some agents had failed to follow policy regarding not leaving their weapons unattended or temporarily stored. He said 64 percent of the stolen weapons were taken from official government or privately owned vehicles. According to the report, one weapon was stolen after the agent left it on a boat loading dock, walked away and came back later to discover it was gone; three weapons were stolen from the DEA's traveling road museum; two others were taken by unknown moving company employees; one was lost when an agent left it on the top of his car and drove off; and another was lost after an agent said it might have "fallen into trash basket at work." Mr. Fine also said that while the DEA could not provide the circumstances under which the vast majority of laptop computers turned up missing, many of the documented computer losses could have been avoided if employees were more careful and complied with DEA policies. He said one laptop was left in a taxi and another was stolen from checked luggage. In its written response to the IG's report, the DEA disagreed with a recommendation that all its laptop computers be encrypted, saying that as of December 2007, DEA laptops that process sensitive information already have full disk encryption but others . including those used to support electronic surveillance, computer forensics, polygraph examinations and other digital monitoring functions . are exempt from the security requirements. The DEA said the exemption was required because of problems discovered during attempts to load mission-support applications on laptops installed with encryption software. The agency said the software caused video surveillance and control capabilities to be slowed down to a point of inoperability. "The majority of DEA's laptops are used as stand-alone computing devices," Mr. Courtney said. "DEA's policy, prior to 2007, did not allow sensitive data or classified information to be processed on stand-alone laptops." In his report, Mr. Fine said DEA employees were not internally reporting lost or stolen weapons and laptops in a timely manner and the agency was not informing the Justice Department of weapon and laptop losses. He said the DEA was not ensuring that relevant information about the lost weapons and laptops was being entered in the National Crime Information Center (NCIC) database,. "The DEA's failure to report losses and enter relevant information in the NCIC database also reduces the DEA's chances of recovering this lost property," he said. Mr. Courtney said that in April 2007, the DEA implemented a new policy regarding the loss or theft of firearms and that all reported incidents are now being "reported accurately and entered into NCIC." ___________________________________________________ Subscribe to InfoSec News http://www.infosecnews.org/mailman/listinfo/isn
This archive was generated by hypermail 2.1.3 : Sun Mar 30 2008 - 22:46:40 PST