AOH :: ISNQ4138.HTM

Energy gets tough on laptop use




Energy gets tough on laptop use
Energy gets tough on laptop use



http://www.gcn.com/print/26_13/44394-1.html 

By Joab Jackson
GCN 
06/04/07 issue

The Energy Department has launched a new effort to keep tighter control 
of its mobile computing units, following the recent disclosure that the 
department has lost 1,415 laptop PCs during the past six years, agency 
officials said.

DOE Secretary Samuel Bodman expects to take immediate actions to correct 
this, department spokeswoman Megan Barnett said. Were moving in a 
serious and deliberative manner.

DOE notified Congress of the lost laptops late last month.

The figure represents approximately 2 percent of its current inventory 
of laptop computers; about 71,874 units are used either by agency 
personnel or contractors. Since his appointment in 2005, Bodman has 
recognized that management deficiencies have been an issue throughout 
the history of the department, Barnett said. He has been working to 
fully identify weaknesses and correct them at their source in regard to 
computer inventory control.

Barnett added that the laptop issue is is something that has been 
developing over many years.

As a result of the findings, which track missing units up until June 
2006, Bodman ordered a full inventory of laptops, which subsequently 
recovered 100 of the units. The agency has already been taking a number 
of other steps to minimize future losses, Barnett said.

For instance, the agency has implemented a rule that requires employees 
to report missing property within 24 hours of noticing the loss. The 
agency plans to beef up its reporting capabilities to better detail the 
circumstances of the loss. Senior managers will have to verify that 
their offices are in compliance with these policies.

In addition, the agency has been stressing that employees take better 
care of the property that is checked out. Those who get laptops must now 
sign a statement acknowledging their responsibility for the equipment. 
And closer scrutiny will be in place to ensure employees return all 
equipment that has been checked out when they leave DOE.

During the next 120 days, DOE will take additional steps. For instance, 
contractor performance plans are being revised to spell out the 
responsibility for keeping track of equipment. Contractors must do 
inventories and make sure the equipment is updated. Property management 
performance will be part of business management performance, Barnett 
said.

None of the individuals to whom the missing laptops were issued were 
disciplined. DOE said none of the stolen or lost laptops carried 
classified information. Two possibly held personal information one had a 
resume and the other carried a performance evaluation and one possibly 
contained an internal Office Use Only document.

The reported loss of personal computers is the latest in a long line of 
disclosure by government agencies. Earlier last month, the 
Transportation Security Administration alerted the FBI and Secret 
Service of a lost hard drive containing information on 100,000 current 
and former workers. In February, the Justice Departments inspector 
general found that 160 FBI laptop PCs had been lost or stolen during a 
44-month period. And last November, the Armys Accessions Command in Fort 
Monroe, Va., reported that a laptop PC with personal information on 
4,600 scholarship applicants for the Reserve Officer Training Corps had 
gone missing.

In May 2006, the Veterans Affairs Department had one of the most notable 
losses, when a laptop with information on as many as 26 million veterans 
was stolen from a VA employees home. The laptop was recovered, and its 
information had not been accessed. In August 2006, VA instituted a 
policy of encrypting all its laptop PCs.

Last September, Rep. Tom Davis (R-Va.), then chairman of the Government 
Reform Committee (now ranking member), introduced the Federal Agency 
Data Breach Protection Act, which calls for stronger rules about 
agencies disclosing data loss. The act never made it out of committee, 
however.

Why cant anyone take this more seriously? Usually, heads roll when 
something like this happens in the private sector. But in the public 
sector, the consequences seem minimal, said Adam Thierer, a senior 
fellow at the Progress and Freedom Foundation, a Washington think tank 
covering technology issues. These machines should be bolted to the desk. 
And there should be some straightforward rules that are in place, he 
said.

GCN senior writer Patience Wait contributed to this story.


_____________________________________________________
Attend Black Hat USA, July 28-August 2 in Las Vegas, 
the world's premier technical event for ICT security 
experts. Featuring 30 hands-on training courses and 
90 Briefings presentations with lots of new content 
and new tools. Network with 4,000 delegates from 
70 nations.   Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on 
June 1 so register today. http://www.blackhat.com 

Site design & layout copyright © 1986-2014 CodeGods