Agency Tasked With Keeping Nuclear Secrets Can't Keep Track Of Its Computers
from the good-to-know dept
Stories about government agencies losing computers with sensitive information have become depressingly common. Last month it was revealed that the FBI tends to lose three or four laptops every month, either through theft or carelessness. But the FBI can feel better about itself knowing it’s not the only agency with this problem. An audit of the National Nuclear Security Agency found that it’s lost 20 desktop computers (how do you misplace those?) and that some of the computers it is using were not part of its official inventory. Since the NNSA’s job is to safeguard the country’s nuclear secrets, this news is not particularly comforting. What makes it even worse is the fact that the agency has failed 13 of these audits over the last four years, so it’s not as though this news could be characterized as a wake up call that will prompt better practices. Nope, it looks like the government, across many agencies, is chronically ill-equipped to keep track of its own belongings (though it’s not as if that’s any surprise).
Comments on “Agency Tasked With Keeping Nuclear Secrets Can't Keep Track Of Its Computers”
Duh?
Look at the people. They employ people based on their degree’s, not intelligence and common sense. If you lost a laptop in the private sector that contained secure information and failed to have taken every precaution possible, you would be burned at the stake in a heart beat.
It always astounds me how they “lose” computers. I have never lost a computer. It’s really easy, if I’m traveling, the laptop never leaves my side and thats regardless of the sensitivity of the information I’m carrying at any given time. Now, the agency losing desktops is just crazy, but I know how it happens. Manager level employees have a system go down, don’t want to go through the appropriate channels and waist weeks getting a new one, so they just hop on DELLs site and order a new one. The old one just gets stuck in storage until they decide to haul it to the dump. Through this process they fail to document is and it vanishes. The real hope is that the hard drive is not with it when it does it’s disappearing act.
Re: Duh?
I love how we have apps like kill disk that can wipe a drive to gov’t (DOD) standards (with a licensed copy). Even the free copy and do random pass and zero bytes. Unless the disk was severely damaged and couldn’t be read anymore. So now it appearers govt standards is nothing more than our gov’t is worth.. the trash. Lets loose our most secret data so we can blame some terrorist organization or jon doe for selling them. Makes me feel all warm and fuzzy to know a nuclear war will be caused by some IT intern/jackass who wanted to go to lunch 10 mins earlier and not document the disposal of a computer.
Ummm
4 laptops a month really isnt that bad. Im surprised it isnt more like 20 or thirty.
Those desktop statistics are pathetic, however…
Lost computers
Guys EVERY government agency has this problem – and it’s not related to computers – it’s ANY property. The most boring job around is to keep track of property. It’s typically given to clerks that had no hope of getting into community college. Many can hardly type so no go on keeping a database up to date. Property stays in the system forever (explaining why Frieden calculators are still on a lot of lists valued at $3K each).
Every agency has this problem – none have the guts to say – ‘this is no way to manage valuable property – let’s do what industry does’ (in fact industry shares this problem also)!
Most ‘lost’ property is probably trash. The information on lost computers can be dangerous however.
If the govt cared, they’d use cheap and readily available strong encryption software. Then damage would be much less likely. Don’t count on ANYTHING they do making much sense though.
Destroying Data
If you really want do destroy data that’s on a hard drive, you don’t run data deletion utilities. You shred the drives.
Re: Destroying Data
D’oh! “want do destroy” => “want to destroy” :-/
Re: Re: Destroying Data
I used to do this for a government site in the UK
First format, then autoclave, then shred – the best bit is Compaq (our supplier at the time) used to insist on always receiving the drive back if we needed to do a swap out in case of failure or replacement…
They were absolutely insistent at a management level so we used to exchange bags of shredded harddisks for new ones
In a major refresh we would just put them all in one big bag once a week and weigh the bag – both our side and their technicians used to get lots of laughs out of it ;0)
The people who run the property book are always government lifers on the ROAD program: Retired On Active Duty. You have a group of people whose only job is to shuffle papers all day and they won’t eve do that. Every year when we do our hand receipt audit we file pages and pages of corrections for items that were turned in, transferred, disposed of, or have errors in thier listing. And every year they send us the exact same printout as the year before. We have a $20K server that was never added to the property book and $15K vertical file systems not on there but a $10 adding machine and a $20 weather radio are on the list every year. Failing a property book audit ls like people jaywalking: it happens all the time and the people enforcing the law really don’t care.
BS
Most of you have no idea what you are talking about.
I work for a major gov’t Agency (US) and have for over thirty years.
Government workers are no different than private sector workers. As a matter of fact, a lot of people bounce back and forth between the two several times during their careers. So any characterization of Government workers as slouches is ridiculous.
I support computer systems at the desktop level, and have been responsible for property inventory in the past.
A major issue with all US government agencies I have known is that property inventory clerks are not doing that as a primary duty, it is always “other duties as assigned”. This always puts that duty on the back burner.
Another issue is that, unless an agency deliberately does something about it, the guys that dispose of old property are not usually the ones responsible for keeping track of that property.
Most of the time, when an agency has property listed as “lost”, that doesn’t mean that it has been stolen, especially if it is a desktop unit. What it does mean is that it was disposed of, and somebody didn’t do the paperwork. If they have set up the procedures properly, and people follow them, the units HAVE been through the desk shredding process, but you just can’t find the paperwork to prove it, cause some noob didn’t fill it out.
Our Agency finally got its act together when we got hauled up in front of Congress and they wanted to know what had happened to a very large dollar figure’s worth of property that we “couldn’t find”. As it turned out, most of it had been disposed of, and a lot of it was stored but not properly being accounted for. But it took us almost a year and a lot of heartache to find out, so a newer, tighter set of rules and procedures have been implemented to make it easier, on a bureaucratic basis, to do things right.
In short, you “lose” a desktop computer when nobody knows where somebody else moved it, and the two aren’t talking to each other. It may be right under your nose, but if you own thousands of PCs just like it, finding that one unit isn’t easy!
Even if you use property numbers in the PC’s name, your admins may know it’s there, cause they can see it on the network, but that doesn’t tell you WHERE it is! In the case of some gov’t agencies, that could be anywhere in the US, or the world… in your hands, but exactly whose, and on which desk? Until you can physically find it, you must list it officially as lost.
These stories don’t tell you about that, as this information isn’t part of the database.
correction
dang, “desk” shredding should have been “disk” shredding…!
Disk Wiping
Poor mans way to wipe a disk: dban.sourceforge.net
Best way is to melt that sucker down!
conclusion?
So, government workers aren’t incompetent, just frighteningly disorganized. I can live with that.