[ISN] Laptops, weapons missing at DEA

From: InfoSec News (alerts@private)
Date: Sun Mar 30 2008 - 22:22:21 PST


http://washingtontimes.com/apps/pbcs.dll/article?AID=/20080329/NATION/670184430/1001

By Jerry Seper
The Washington Times
March 29, 2008

More than 90 weapons and 230 laptop computers belonging to the Drug 
Enforcement Administration have turned up missing over the past five 
years and, despite efforts by the agency to address weaknesses in 
tracking the items, "significant deficiencies" remain, a report said 
yesterday.

The lost and stolen weapons include pistols, rifles, shotguns and a 
submachine gun, said a 105-page report by the Justice Department's 
Office of Inspector General, which also noted that DEA officials could 
not say how 198 of the 231 laptop computers came to be missing.

Inspector General Glenn A. Fine said the DEA was unable to provide 
assurance that 226 of the 231 lost or stolen laptop computers did not 
contain "sensitive or personally identifiable" information, adding that 
few of the missing laptops were protected by encryption software.

"The DEA has made improvements to its internal controls over weapons and 
laptop computers since our 2002 audit, such as conducting physical 
inventories and reconciling these inventories to its financial system 
records," Mr. Fine said. "However, we concluded that the DEA still 
requires significant improvement in its overall controls on weapons and 
laptops."

DEA spokesman Garrison K. Courtney said yesterday the agency has made 
significant improvements in its rate of loss for laptops, adding that in 
instances when weapons were lost or stolen, "appropriate disciplinary 
actions" were taken. He noted that the IG's report said the DEA was 
following the appropriate methodology in regard to the inventory of 
weapons and laptops.

"DEA has recently implemented new interim policy regarding the detailed 
reporting of lost, stolen and missing laptop computers by all DEA 
personnel, as well as reporting potential losses of sensitive 
information ... that may have been contained on lost and stolen 
laptops," Mr. Courtney said.

Mr. Fine blamed "carelessness" by DEA agents as resulting in many of the 
instances of lost or stolen weapons, saying some agents had failed to 
follow policy regarding not leaving their weapons unattended or 
temporarily stored. He said 64 percent of the stolen weapons were taken 
from official government or privately owned vehicles.

According to the report, one weapon was stolen after the agent left it 
on a boat loading dock, walked away and came back later to discover it 
was gone; three weapons were stolen from the DEA's traveling road 
museum; two others were taken by unknown moving company employees; one 
was lost when an agent left it on the top of his car and drove off; and 
another was lost after an agent said it might have "fallen into trash 
basket at work."

Mr. Fine also said that while the DEA could not provide the 
circumstances under which the vast majority of laptop computers turned 
up missing, many of the documented computer losses could have been 
avoided if employees were more careful and complied with DEA policies. 
He said one laptop was left in a taxi and another was stolen from 
checked luggage.

In its written response to the IG's report, the DEA disagreed with a 
recommendation that all its laptop computers be encrypted, saying that 
as of December 2007, DEA laptops that process sensitive information 
already have full disk encryption but others . including those used to 
support electronic surveillance, computer forensics, polygraph 
examinations and other digital monitoring functions . are exempt from 
the security requirements.

The DEA said the exemption was required because of problems discovered 
during attempts to load mission-support applications on laptops 
installed with encryption software. The agency said the software caused 
video surveillance and control capabilities to be slowed down to a point 
of inoperability.

"The majority of DEA's laptops are used as stand-alone computing 
devices," Mr. Courtney said. "DEA's policy, prior to 2007, did not allow 
sensitive data or classified information to be processed on stand-alone 
laptops."

In his report, Mr. Fine said DEA employees were not internally reporting 
lost or stolen weapons and laptops in a timely manner and the agency was 
not informing the Justice Department of weapon and laptop losses. He 
said the DEA was not ensuring that relevant information about the lost 
weapons and laptops was being entered in the National Crime Information 
Center (NCIC) database,.

"The DEA's failure to report losses and enter relevant information in 
the NCIC database also reduces the DEA's chances of recovering this lost 
property," he said.

Mr. Courtney said that in April 2007, the DEA implemented a new policy 
regarding the loss or theft of firearms and that all reported incidents 
are now being "reported accurately and entered into NCIC."


___________________________________________________      
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn 



This archive was generated by hypermail 2.1.3 : Sun Mar 30 2008 - 22:46:40 PST