Agency Can't Locate 20% of its PCs

IG: Data at Risk by Absent Inventory Controls The Interior Department can't locate many of its laptop computers, potentially exposing sensitive and personally identifiable information, the department's inspector general says in a new report.

The IG reports that nearly 20 percent of a sample of more than 2,500 departmental computers could not be located. Extrapolate that percentage to the 70,000 Interior employees using laptops, some 14,000 portable PCs aren't accounted for. "The department, as a whole, does not readily know where or to whom its desktop and laptop computers are assigned," says the report entitled Evaluation of the Department of the Interior's Accountability of Desktop and Laptop Computers and their Sensitive Data.

The report also said that most departmental-issued personal computers are not encrypted. "Compounded by the department's lack of computer accountability, its absence of encryption requirements leaves the department vulnerable to sensitive and personally identifiable information being lost, stolen or misused" Michael Colombo, Western regional manager of Interior's IG office, wrote in a memo accompanying the report.

Of the department's eight bureaus and headquarters, only five deem PCs as sensitive property that would allow them to be tracked by the property management system. And among those five - the Bureau of Land Management and Office of Surface Mining - the IG rated only two as having a good record in inventorying their laptops. Though the Fish and Wildlife Service designates laptops as sensitive property, the IG rated its recordkeeping as poor, noting that the service was unable to provide basic physical location information on 95 percent of the computers it sampled.

Not having laptops registered in the property management system doesn't mean that all bureaus don't track their portable computers. Twenty-five of 66 Interior-issued laptops reported missing in the 13-month period ended last November were assigned to employees at the U.S. Geological Survey, yet - as the IG reported - the agency was able to readily identify and provide accurate information about the missing computers to auditors.

Still, the IG called for Interior to establish a uniform, department-wide system-controlled chain of custody property systems for computers. Among its other recommendations:

  • Incorporate information sanitization procedures in conjunction with property disposal procedures;
  • Require that the loss or theft of all computers be reported to the department's Computer Incident Response Center; and
  • Take immediate steps to encrypt all PCs throughout the department. The IG found that most departmental desktop and laptop computers are not encrypted.

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.