Apr 4, 2007

Classified Computers Missing

ROGER SNODGRASS Monitor Assistant Editor

A recent inspection of the Counterintelligence Directorate of the Department of Energy found that 20 desktop computers were missing. At least 14 of them were known to process classified information, according to a new report by the Inspector General, and the other six "may have been used to process such data." "Further," the IG reported, "the inventory records were so imprecise and inaccurate that the directorate had to resort to extraordinary means to locate 125 computers" that should have been easy to find.

A previous inspection had already found one computer reported missing in the more recent inspection. At the time it was found, it was labeled unclassified, but counterintelligence officials reported it later as having processed secret information. The problems focused on DOE headquarters in Washington, but noted that loan agreements for 96 computers in field offices had expired.

The directorate is supposed to protect the department's sensitive data and operations against espionage or other intelligence activities by foreign parties. In response, the office "instituted multiple measures to help strengthen its control of accountable property," a senior counterintelligence official replied on Mar. 15. Measures include creating a position that would have responsibility for property accountability.

The inspection report noted in turn that the response did not include an implementation plan with target dates for completing each recommendation and left that up to higher management to pursue. The primary purpose of the report on internal controls at the counterintelligence directorate was to set in motion a more thorough search to find out what happened to the missing computers, whether they were lost or stolen, or disposed of as counterintelligence officials believe.

A summary letter noted that they did not report the computers as lost or stolen until after the inspection took place.

"Problems with the control and accountability of desktop and laptop computers have plagued the department for a number of years," the IG stated in his memo to Energy Secretary Samuel Bodman, attaching a list of 12 prior reports on sensitive property in the last four years.

After reviewing a security breach at Los Alamos National Laboratory that occurred in October 2006, Inspector General Gregory Friedman testified to a congressional investigative committee that department-wide recommendations had been made to correct deficiencies.

His remarks implied that other facilities under the department's control may also have had open computer ports and unsecured classified computer racks. Some of them, like LANL, may not have had segregated critical security functions nor limited computer access and privileges to those who specifically required it.

In a statement at the beginning of that hearing, Rep. John Dingle, D-Mich., committee chair, said, "The time has come to focus on the adequacy of the tools DOE possesses to effectively penalize contractors and the lab for security failures and whether DOE ever intends to use them ... We need to determine in today's hearings whether such penalties are sufficient to effectively improve security at Los Alamos."

During a visit to Los Alamos this week, Sen. Jeff Bingaman was asked about the recent report and whether Congress had a handle on where the responsibility rests for security breaches at DOE and its contractors.

Bingaman chairs the Senate Energy and Natural Resources Committee with responsibility for DOE.

He said he was aware of the report and was not sure there was a handle.

"Frankly, I do not understand why some things become a big story in the media and others do not," he said.

[View the Inspector General's report here.]


Anonymous said...

Ok, that's it! We need to get rid of these pesky computers causing all of these security incidents! We don't have a paperless office like we were promised with their use and all they are causing are security incidents.

Guns kill people.

Computers cause security incidents.

If we could just get rid of the computers, there would be no more security incidents!

Anonymous said...

Looks like the DOE took down the Inspector General's report; I'm coming up with a "page not found" when trying to access the link you provided. Go figure.

Pinky and The Brain said...

We're not sure what we did wrong but the link to the Inspector General's report is fixed now. Thanks for pointing that out!

Anonymous said...

A quick look makes it look like another accounting error. The systems were probably salvaged or given to the Indians (a favorite DOE trick).

Let's be on the watch for an Indian Reservation with nuclear secrets!!!

Anonymous said...

An accounting error! Shut them down!!! (At least make them stop issuing policies for a month. Please?)

Anonymous said...

odd the Lab didn't bother running a story or provide a link to this on the News Bulletin pages but we got all the scoop of the Chimayo fanatics festival.

When someone else loses classified material the news isn't a blip in the media. When the Lab does.....