Agency Can't Locate 20% of its PCs

Credit EligibleAs a GovInfoSecurity.com annual member, this content can be used toward your membership credits and transcript tracking. Click For More Info

The Interior Department can't locate many of its laptop computers, potentially exposing sensitive and personally identifiable information, the department's inspector general says in a new report.

The IG reports that nearly 20 percent of a sample of more than 2,500 departmental computers could not be located. Extrapolate that percentage to the 70,000 Interior employees using laptops, some 14,000 portable PCs aren't accounted for. "The department, as a whole, does not readily know where or to whom its desktop and laptop computers are assigned," says the report entitled Evaluation of the Department of the Interior's Accountability of Desktop and Laptop Computers and their Sensitive Data.

The report also said that most departmental-issued personal computers are not encrypted. "Compounded by the department's lack of computer accountability, its absence of encryption requirements leaves the department vulnerable to sensitive and personally identifiable information being lost, stolen or misused" Michael Colombo, Western regional manager of Interior's IG office, wrote in a memo accompanying the report.

Of the department's eight bureaus and headquarters, only five deem PCs as sensitive property that would allow them to be tracked by the property management system. And among those five - the Bureau of Land Management and Office of Surface Mining - the IG rated only two as having a good record in inventorying their laptops. Though the Fish and Wildlife Service designates laptops as sensitive property, the IG rated its recordkeeping as poor, noting that the service was unable to provide basic physical location information on 95 percent of the computers it sampled.

Click to Get Updates on the Latest Information Security News

Company* Title* Email* Subscription Type: HTML Text Government Enews General Government Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Banking Enews General Banking Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Credit Union Enews General Credit Union Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Need Help?

Not having laptops registered in the property management system doesn't mean that all bureaus don't track their portable computers. Twenty-five of 66 Interior-issued laptops reported missing in the 13-month period ended last November were assigned to employees at the U.S. Geological Survey, yet - as the IG reported - the agency was able to readily identify and provide accurate information about the missing computers to auditors.

Still, the IG called for Interior to establish a uniform, department-wide system-controlled chain of custody property systems for computers. Among its other recommendations:

• Incorporate information sanitization procedures in conjunction with property disposal procedures;
• Require that the loss or theft of all computers be reported to the department's Computer Incident Response Center; and
• Take immediate steps to encrypt all PCs throughout the department. The IG found that most departmental desktop and laptop computers are not encrypted.