http://www.cqpolitics.com/wmspage.cfm?docID=hsnews-000002716318 By Jeff Stein CQ National Security Editor May 2, 2008 Hundreds of employee laptops are unaccounted for at the U.S. Department of State, which conducts delicate, often secret, diplomatic relations with foreign countries, an internal audit has found. As many as 400 of the unaccounted for laptops belong to the department’s Anti-Terrorism Assistance Program, according to officials familiar with the findings. The program provides counterterrorism training and equipment, including laptops, to foreign police, intelligence and security forces. Ironically, the Anti-Terrorism Assistance Program is administered by the State Department’s Bureau of Diplomatic Security (DS), which is responsible for the security of the department’s computer networks and sensitive equipment, including laptops, among other duties. It also protects foreign diplomats during visits here. DS officials have been urgently dispatching vans around the bureau’s Washington-area offices to collect and register employee laptops, said department sources who could not speak on the record for fear of being fired. The inventory sometimes strips DS investigators of their laptops for “days, or weeks,” they said. The State Department’s Inspector General launched an audit of the equipment about three months ago. Only the first stage, or inventory of equipment, has been completed. A State Department official referred all questions regarding laptop losses to the Inspector General. A senior IG official, asking not to be identified, said he could “not comment on ongoing work.” Nita M. Lowey , D-N.Y., who heads a House Appropriations subcommittee that oversees State Department operations, said she was concerned about the security revelations. “The importance of safeguarding official laptops and office equipment containing sensitive information is not a new concern,” she said through a spokesman. “I intend to review the facts about this situation.” “Unaccounted for” does not necessarily mean the laptops have been lost. But they are “missing” until they have been found or otherwise accounted for. Auditors found that the department had lost track of $30 million worth of equipment, according to one official, “the vast majority of which . . . perhaps as much as 99 per cent,” was laptops. Calculating that the average State Department laptop costs $3,000, another official said, hundreds, perhaps as many as a thousand, were missing. It could not be learned how many employees have been issued laptops. On Feb. 6, the department’s Senior Assessment Team gathered at the State Department headquarters in Foggy Bottom to discuss the security of “personal identification information.” The department’s official in charge of computer equipment, John Streufert, warned the more than two dozen officials present that the department did not have good records of its inventory. A “significant deficiency” relating to laptops existed, Streufert said, according to a source who attended the meeting. Mark Duda, a representative of the Inspector General’s office at the meeting, warned the managers that they needed to get on top of the equipment issue before it “blows up.” He said a scandal loomed akin to the one that engulfed the Veterans Administration in 2006, when news broke that a VA official had taken home a laptop with the personal records of 26 million veterans, where it was stolen. The official who chaired the meeting, Christopher Flaggs, the department’s deputy chief financial officer, also warned that revelation of the laptop losses could develop into a “material weakness,” an accounting term-of-art that essentially means inventories are out of control. “It’s the worst flaw you can have in management control,” one close observer of the State Department’s problems said. It would have to alert the White House Office of Management and Budget (OMB) and Congress. There could be hearings, headlines, camera crews on the doorstep of State Department officials. That’s what happened in 1999, when a laptop containing the names of foreign agents working for the U.S. government was stolen from the State Department. The security of laptops has vexed federal officials, as well as private industry, for years. The CIA, FBI and other national security agencies have all lost significant numbers of laptops containing sensitive information. More than a year ago, the administration’s Identity Theft Task Force warned of security vulnerabilities within the government’s Internet technology systems. In May 2007, OMB had ordered all federal departments and agencies to “develop and implement a breach notification policy within 120 days.” Hints of the State Department’s laptop losses first surfaced March 31 in an anonymous post at an obscure Web site frequented by employees of the Bureau of Diplomatic Security, called Dead Men Working. “We’re not talking about a missing laptop or two,” said a poster who identified himself as “Steve.” “A Department-wide audit found hundreds of laptops unaccounted for and identified DS, now rushing to close the barn door before the scandal really breaks, as having the laxest control of any bureau in the agency,” Steve wrote. John Naland, a retired diplomat who is president of the American Foreign Service Association, said the alleged losses were worrisome, and perplexing. “If the missing ones might have contained classified data, this could be serious,” Naland said. “At my last overseas post, we did not have any laptops,” Naland continued. “But we sure did an annual serial number physical inventory of computers. Sometimes our initial count came up with discrepancies, but then we remembered that we returned one to Washington or whatever and that cleared up the paperwork discrepancy.” CQ © 2007 All Rights Reserved | Congressional Quarterly Inc. 1255 22nd Street N.W. Washington, D.C. 20037 | 202-419-8500 _______________________________________________ Attend Black Hat USA, August 2-7 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 40 hands-on training courses and 80 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 50 nations. Visit product displays by 30 top sponsors in a relaxed setting. http://www.blackhat.com
This archive was generated by hypermail 2.1.3 : Tue May 06 2008 - 01:50:31 PDT