Feb 10, 2009

Off-Site Computer Recall

From: Wallace, Terry C Jr
Sent: Mon Feb 09 09:08:13 2009


Off-Site Computer Recall

On Friday there was a recall of all "off site" computer equipment. The intent of this recall is to physically "touch" all such equipment by LANL property professionals, and then to allow equipment that is required for off-site work to be authorized and moved back to the off-site locations. I realize that this disrupts some work, but the intent is to make this process as simple and timely as possible. Recent events have highlighted some potential issues with off-site equipment; LANL has over 40,000 bar-coded computer related equipment, a fraction of which is off-site. The off-site computer equipment presents a number of risks, including information loss, property loss, and inappropriate use of government resources and equipment.

The Lab wishes to provide an environment that will enable Laboratory employees to perform their work and enable creative contributions after-hours and while on travel in a secure manner. We must be absolutely confident that all off-site equipment is accounted for, and that this equipment is authorized for use considering the risks associated with off-site use. The wall-to-wall inventory of the computer equipment is the first step of our risk mitigation strategy. There are a number of anecdotes I would like to use to highlight the risk: (1) There are a significant number of staff that have multiple computers presently approved for off-site use. For some, multiple computers may be appropriate for the work done, but for many others this may represent unnecessary risk associated with equipment loss or theft; (2) All LANL computers that have "normal" work files including email or proposals may contain sensitive information. This sensitive information could be OUO or even PII. For example, until a few years ago, all NSF proposals required a cover sheet with the PI's name and social security number. Thus, storing a complete proposal on one's lab computer amounts to storing PII (even today many resumes include a social security number). Losing a computer with non-encrypted PII is a security infraction that LANL must report within a day; (3) Although the LANL policy allows for "incidental" personal use, government equipment must never be used for personal gain or for a private business, to visit inappropriate websites, or be used by a third party (including a family member). Off-site computers present the opportunity for forbidden use, and care must be taken to ensure that only LANL work is performed, and stored on these computers.

Early next week LANL will issue clear policy on what is needed to justify off-site computer equipment. Again, we want to have an environment that recognizes that staff are extremely dedicated and creative, and that off-site work is essential to how we function. At the same time we have to recognize the risk, and we will require strong justification for off-site equipment. We will forward the details of the inventory process early next week. There will be some exceptions to the immediate inventory. These include computers that are part of research projects housed at other facilities; computers associated with those of Change of Station and away from the Lab; computers in the LOFT program; Sun Ray and other computing platforms that are strictly media-less (containing no memory or disk storage) and special circumstances approved by Associate Directors. We will make future arrangements for these situations. All other computers need to come in - these computers will be checked, and if reauthorized for off site use, be available for off site use within a day.

I do appreciate that disruption this recall will create. I work on my LANL laptop every night and weekend, and will be similarly impacted. I am also acutely aware of the risk we presently have with our off-site equipment, and it is appropriate to mitigate that risk with a minimal impact on our productivity. Early next week we will also post a FAQ page to address situations that will arise.

Terry
------------
Principal Associate Director
Science, Technology and Engineering
Los Alamos National Laboratory

ph: 505-667-8597
fx: 505-667-5450

32 comments:

Anonymous said...

Terry says he is so very sorry, but the lashings *will* continue until morale improves. The LANS Director, Dep. Director, PADs and ADs all get a nice salary and big bonus by over reacting to any NNSA concerns. 'Nuf said?

Anonymous said...

oh so sad! "i feel your pain..."

i'm *sure* he's bringing in his laptop so it can "physically touched" by the some property bean counter. what a load of crap!

"Early next week LANL will issue clear policy on what is needed to justify off-site computer equipment." how about this...I WORK FROM HOME, JUST LIKE YOU DO JACKASS! i just hope the justification includes yet another lecture on PII. every time something happens at the lab, whether it be Be contamination or fork lift accidents, we always have to hear about cyber security and PII from our fearless leader. I'm not looking forward to the next few weeks.

Anonymous said...

Do all of these computers really have to be drug into work?

The bar code was scanned when I purchased the computer and I have the property removal form!

Whatever happened to trust?

I have a Q clearance so I am defacto trusted with a lot of important classified information!

Anonymous said...

You have to bring the damned computers in to work because if you don't my bonus will be reduced!

Now, shutup and comply!

MIKEY!

Anonymous said...

Good Job Terry. Keep America safe from petty thieves. Nobody will steal a LANS computer and sell it for crack now. Way to put that Phd to work. You are just the sort of guy we all want for our leader next summer when Mikey cashes out.

Anonymous said...

Guess I don't see the purpose of dragging in all the computers so people can "touch them." What does this have to do with someone having their computers stolen? Unless a higher up is p!ssed because this person had 3 at home?
Further, didn't LANL just go through a 100% inventory not too long ago? I remember people schlepping in their computers so the property people could scan the bar code.

Anonymous said...

UC trusted most people, not all. LANS trusts no one, with a few exceptions. A policy of overkill in order to cover your ass with Congressional committees in the face of possible hearings (again) is much more important than employee trust or morale or productivity. After all, award fees are at risk. You exist to support LANS, not they you. Get used to it.

Anonymous said...

"Whatever happened to trust?"

it's long gone. That's the new model: the Q buys you nothing, you're always a suspect, and you can get nabbed any time for things you did not do.

And NNSA wonders why people are leaving? How thick are these guys anyway?

Anonymous said...

Jesus, quit whining and bring your computer in and get it inventoried. Then STFU. Some people have real problems.

Anonymous said...

"Early next week LANL will issue clear policy on what is needed to justify off-site computer equipment." (Wallace)

This should be fun. I can only imagine the new types of justification required to use a LANL laptop outside of the lab.

Has anyone in LANS upper management considered what the outcome of their policy might be? Many of the scientists at LANL may decide to buy their own laptop and do their lab travel and off-hours work on it. Is this really what LANS wants to see happen? These would be laptops that are totally out of the control of LANL and perhaps used by other family members. The work on these laptops would be unclassified, but could still have the possibility of generating embarrassing problems for LANL, such as lab internal emails that would be more easily exposed to outside eyes.

Anonymous said...

8:22 If you don't work at LANL, you don't have much to add here. Please take your own advice.

Anonymous said...

Does anybody see the similarity between LANL upper management and the Wall Street CEOs?

All that Mikey and Terry give a shit about are thier bonuses. Meanwhile productivity and morale are in the dumper. Goot employees are leaving and it is impossible to recuit top-level talent.

But, Mikey and Terry and others continue to get their bonuses.

Anonymous said...

I don't think that using your personal computer from home or travel will allow VPN to the LANL network.

Anonymous said...

I don't think that using your personal computer from home or travel will allow VPN to the LANL network.

2/11/09 7:42 AM

No, but it will allow you to work on proposals, memos, do some types of code development, and use your crypto-card to read web based LANL emails and to check the LANL Data Warehouse for things like "Government Use Only" budget data and employee info. And when you are done with it, this personally owned laptop with various types of LANL info on it probably won't be properly sanitized. Is this really what NNSA and LANS want to see happen?

Anonymous said...

I wonder if Terry has ordered his Director's name plate for his office door? It's only a matter of time.

Anonymous said...

> Do all of these computers really
> have to be drug into work?

Yes. And not only drug into, but drug tested at work. They'll be made to piss in a cup to see what kind of contraband PII they may have been illicitly abusing.

Yes, they need to be "touched."

Greg Close said...

Is it really such a big morale issue and inconvenience to bring in the laptops? I'm just asking, because I sincerely do not understand the uproar. As a pure matter of fiscal responsibility, having authorized lab equipment brought on site for an annual physical inventory seems pretty normal - this sort of thing is pretty common in the "real world." It's not a matter of trust, it's a matter of due diligence. That doesn't mean it's not aggravating or inconvenient, but is it really worth all this indigence?

Anonymous said...

Anonymous at 2/11/09 10:26 AM writes:

"...it will allow you to work on proposals, memos, do some types of code development, and use your crypto-card to read web based LANL emails and to check the LANL Data Warehouse for things like "Government Use Only" budget data and employee info. ..."

Thanks a lot! That will be the end of us being allowed to access Emails and do other things via our personal computers.

Anonymous said...

About 8 years ago, we had a similar recall of off-site computer equipment. They wanted to "touch" everything, not just bar-coded things such as computers and printers, but all other stuff such as monitors, UPS, etc.

I made a deal with our division's property office that one of their people could stop by my house after work to scan and touch the stuff and I would give him a beer. That was acceptable and it saved me from having to unplug a bunch of stuff and schlepp it the office.

Of course, that was in the time of John Browne and we were still trying to be a scientific laboratory rather than a bonus factory.

Anonymous said...

HI greg

i don't think the issue is that we have to bring in the laptops (actually it's all lab equipment). my issue personally is that this is a knee-jerk reaction to an incident that happened and some DOE/NNSA pencil pusher cannot look at his own inventory list to see what is off site. i mean, if they can't pinpoint their off-site inventory to within 10,000 (or 39,970), then that's a problem. ironically, the property person comes around our offices once a year to scan everything. if we have a computer at home that needs to be brought in, then they asks that you bring it within a week for scanning. I don't mind that, but it hurts my productivity to have this laptop quarantined for a month. unlike some people who can do without work computers at home, my job (and others) depend on it.

Honestly, part of me thinks this is a non-issue b/c who knows how much lab equipment is stolen on site in a year. the only real issue is that there shouldn't have been 3 laptops for one person off site. at least I hope that's the real issue here. i mean it's not like the guy sold the 3 laptops for drug money or a gambling trip to vegas...it was an unfortunate incident. i think that policy is going to change so that you need strong justification to have anything more than 2 computers off site.

also, allowing only 1 computer off site doesn't reduce the risk of that computer being stolen. and if we can't be trusted with a $1000 or $2000 piece of equipment, then they should recall all Q clearances and have everyone undergo the process again.

Anonymous said...

Anonymous at 2/11/09 12:21 writes:

"Honestly, part of me thinks this is a non-issue b/c who knows how much lab equipment is stolen on site in a year."

Actually, from the property inventory data, very VERY little tagged property disappears. At the end of the annual inventory effort, there are usually quite a few items that were not located. BUT, nearly all of them show up during the following year's inventory.

This is clearly an over-reaction to a minor issue. Whether or not it is appropriate for the person to have had three laptops off-site is strictly a matter for his GL to decided based on the specifics of his assignment.

This is just another nail in the coffin of turning LANL into a work-free safe and secure place.

Clearly they do not want us to be working at home! I predict that it won't be long until we are no longer permitted to be on-site outside of normal workhours. The time clocks will come soon after that!

Anonymous said...

"I predict that it won't be long until we are no longer permitted to be on-site outside of normal workhours. The time clocks will come soon after that!" - 3:17 PM

Our group has already been criticized because we don't have an official sign-in / sign-out board up for everyone in the office. Trust me, what you mentioned in your post is coming. Just give it a little more time and it will become a new LANS enforced policy.

Anonymous said...

"This is just another nail in the coffin of turning LANL into a work-free safe and secure place." (3:17 PM)

How many more nails will it take? I think we have already arrived!

Anonymous said...

I can't believe the number of whiners on this thing. Is bringing in your laptops for inventory that inconvenient and difficult for you? Do you really feel that put upon?

It seems the ones with the real morale problems are the people who work at LANL and then post here to tear it apart.

It's not perfect but what are you doing to fix things besides calling management names and all crying on each others shoulders? Do you people need some cheese to go with all that whine?

You are aware that your posts on this blog are being used to make the case that the lab is again/still dysfunctional, aren't you? I wouldn't be surprised if it is TRotS posters trying to promote whatever destructive agendas they have by making the posts.

We now return you to your regularly-scheduled pity party...

Frank Young said...

It's not again/still dysfunctional? OK, I'll bite. What would you call it?

Anonymous said...

"I have a Q clearance so I am defacto trusted with a lot of important classified information!"

You are part of an elaborate experiment on what it takes to demoralize and render ineffective a formely effective workforce.

Mr. Wallace actually works for Phillip Zimbardo

Anonymous said...

so stop working after hours at home

fk the DOE and Dr. fu man Chu

Anonymous said...

A widespread work stoppage may get the attention of LANS management, especially if it includes whatever Group managers are not gutless. Maybe it's time to start calling the folks who've been trying to establish union representaion here for the last decade.

Anonymous said...

Heck, all we really have to do to get senior management attention is to fail to submit our timesheets.

Come to think of it, that might be the only thing we can do that would REALLY get their attention. A work stoppage will barely raise eyebrows, as we learned in 2004.

Then, we submit a massive labwide timesheet correction request the following week. Preferably onto some already-overspent R code. I expect this would induce cardiac arrest in half the management team.

Anonymous said...

"A work stoppage will barely raise eyebrows, as we learned in 2004."

There is a big difference between a work stoppage because your management tells you to stop, vs one where your management tells you to work. Eyebrows will be raised.

Anonymous said...

"Heck, all we really have to do to get senior management attention is to fail to submit our timesheets." - 7:27 AM

According to new LANS policies, if you don't enter a correct charge code for your time, you don't get paid for that pay period. Care to test it out?

Anonymous said...

"I have a Q clearance so I am defacto trusted with a lot of important classified information!"

Well, it means that you have access authorization up to the TS/RD level, but it doesn't mean that you are "trusted" by anyone. At least that's been my experience working at an SC funded site. And from what I've read (and heard), not much different on the NNSA side. Perhaps a long time ago, things were different..