The federal agency can't locate 20% of its computers and, because it has no encryption requirements, the missing PCs could be vulnerable to data theft or loss.
The Department of the Interior can't specifically locate 20% of a sample of 2,500 computers -- largely in the Fish and Wildlife Service -- and is definitely missing at least 13 computers, according to a report by the department's inspector general. To make matters worse, the department has no encryption requirements, so there's concern that missing PCs might be vulnerable to data theft or loss.
In many cases, the Interior Department can't even tell where or to whom agency computers are assigned, the report noted. Fish and Wildlife Service records were singled out as especially poor. The Interior Department's accountability is bad enough that the 13 computers identified as missing wouldn't have even been identified as such if not for the inspector general's report.
Between October 2007 and November 2008, the department reported the loss of 66 laptops, including 17 losses identified as "high criticality." The agencies with the highest reported incidence of loss were actually the ones most able to provide information on the locations of their laptops to the inspector general, suggesting that these numbers could be even higher.
"Given the department's diverse missions, varying and often opposing constituencies, and controversial issues including environmental and Indian trust matters, infrastructure assets such as dams, bridges, and monuments, and land and minerals management activities, information control is essential," the inspector general wrote in the report.
Despite policies mandated by the Federal Information Systems Management Act and other regulations, including rules that say computers should not be left unattended in plain view and that organizations should establish policies to protect their systems from unauthorized access, the Department of the Interior doesn't require that any hardware that costs less than $5,000 -- that would cover most PCs -- be tracked in an asset management system, and the current tracking system doesn't have proper backing, according to the report.
That system, run by the National Business Center, only recently began, and the report says that it's "facing challenges" because the various Interior Department subagencies individually report laptop purchases to the NBC.
The report recommends that the department take a number of steps to improve asset management, including establishing a consistent chain of custody for computers, consistently wiping drives clean before disposing of PCs, reporting all losses or thefts to a centralized Computer Incident Response Center, and immediately encrypting all departmental PCs.
InformationWeek Analytics has published an independent analysis on what executives really think about security. Download the report here (registration required).
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.