ROGER SNODGRASS Monitor Assistant Editor
A recent inspection of the Counterintelligence Directorate of the Department of Energy found that 20 desktop computers were missing. At least 14 of them were known to process classified information, according to a new report by the Inspector General, and the other six "may have been used to process such data." "Further," the IG reported, "the inventory records were so imprecise and inaccurate that the directorate had to resort to extraordinary means to locate 125 computers" that should have been easy to find.
A previous inspection had already found one computer reported missing in the more recent inspection. At the time it was found, it was labeled unclassified, but counterintelligence officials reported it later as having processed secret information. The problems focused on DOE headquarters in Washington, but noted that loan agreements for 96 computers in field offices had expired.
The directorate is supposed to protect the department's sensitive data and operations against espionage or other intelligence activities by foreign parties. In response, the office "instituted multiple measures to help strengthen its control of accountable property," a senior counterintelligence official replied on Mar. 15. Measures include creating a position that would have responsibility for property accountability.
The inspection report noted in turn that the response did not include an implementation plan with target dates for completing each recommendation and left that up to higher management to pursue. The primary purpose of the report on internal controls at the counterintelligence directorate was to set in motion a more thorough search to find out what happened to the missing computers, whether they were lost or stolen, or disposed of as counterintelligence officials believe.
A summary letter noted that they did not report the computers as lost or stolen until after the inspection took place.
"Problems with the control and accountability of desktop and laptop computers have plagued the department for a number of years," the IG stated in his memo to Energy Secretary Samuel Bodman, attaching a list of 12 prior reports on sensitive property in the last four years.
After reviewing a security breach at Los Alamos National Laboratory that occurred in October 2006, Inspector General Gregory Friedman testified to a congressional investigative committee that department-wide recommendations had been made to correct deficiencies.
His remarks implied that other facilities under the department's control may also have had open computer ports and unsecured classified computer racks. Some of them, like LANL, may not have had segregated critical security functions nor limited computer access and privileges to those who specifically required it.
In a statement at the beginning of that hearing, Rep. John Dingle, D-Mich., committee chair, said, "The time has come to focus on the adequacy of the tools DOE possesses to effectively penalize contractors and the lab for security failures and whether DOE ever intends to use them ... We need to determine in today's hearings whether such penalties are sufficient to effectively improve security at Los Alamos."
During a visit to Los Alamos this week, Sen. Jeff Bingaman was asked about the recent report and whether Congress had a handle on where the responsibility rests for security breaches at DOE and its contractors.
Bingaman chairs the Senate Energy and Natural Resources Committee with responsibility for DOE.
He said he was aware of the report and was not sure there was a handle.
"Frankly, I do not understand why some things become a big story in the media and others do not," he said.
[View the Inspector General's report here.]