By Wade-Hahn Chan
March 12, 2007
The Lawrence Livermore National Laboratory in California may not be
wiping sensitive information from excess computers it disposes of,
according to a report  released by the Energy Departments inspector
The national security research lab has been slow to adopt departmentwide
policies for wiping information from unneeded computers before donating
or selling them, a process known as excessing, the report states.
Hard drives and other memory devices on excess machines must be wiped
clean or physically destroyed, according to DOE policy. The National
Nuclear Security Administration (NNSA) which oversees the lab dragged
its feet in implementing the policy at the lab, the IG said, and as of
this month, still hasnt fully implemented it. The lab excesses about
5,300 computers annually.
Lawrence Livermore has its own agencywide policy for excessing
computers, but the report states that it doesnt fully align with DOEs.
Lab officials did not check computers for embedded memory devices, didnt
test hard drives reused by the lab for sanitization and failed to
provide adequate documentation of wiped memory devices.
Despite the number of problems that we and others have identified over
the years with the departments efforts to appropriate excess computers
and other electronic memory devices, major department elements,
including the NNSA, did not timely implement department policy, said DOE
Inspector General Gregory Friedman, in a memo attached to the report.
The IG wrote that lab managers did not agree or disagree with the report
but said that certain corrective actions have been or will be initiated.
In January, Energy Secretary Samuel Bodman fired the NNSA chief
following serious security breaches at several national laboratories and
the discovery of a hard drive with classified information at a former
Visit the InfoSec News Security Bookstore