The report also finds that many PCs are not encrypted, and the disposal process for computers is not uniform
A report by the U.S. Department of Interior’s inspector general’s office does not paint a rosy picture of the department’s IT.
On the heels of a separate report alleging widespread failures around the tracking and managing of passports, the inspector general found that the department cannot locate roughly 18 percent of a sample of 2,500 computers in its inventory. Almost all of the unaccounted-for computers—more than 97 percent—belong to the Fish and Wildlife Service.
“The lack of accountability for desktop and laptop computers should be of great concern to the Department and its eight bureaus,” the report states.
The heart of the issue seems to be recordkeeping. Of the eight bureaus, only two—the Bureau of Land Management and the Office of Surface Mining—were judged to have kept good records of their computer inventory. Three of the bureaus kept no records whatsoever, and the remaining two had their recordkeeping rated “poor.”
Some 450 of the unaccounted-for computers belong to the Fish and Wildlife Service. Just 13 of the computers were formally identified as “missing” during the inventory process, possibly due to recordkeeping issues. Between October 2007 and November 2008, the Department of Interior lost 66 laptops, including 17 rated “high criticality,” the report notes. It also states the problem is potentially serious because the department’s computers are generally not encrypted.
The data control issues extended all the way to the end of the computers’ life cycles. While all of the bureaus had policies in place governing the disposal of machines, compliance with those policies varied widely.
“The methods used to demonstrate that computers were properly sanitized ranged from internal disposal forms with IT certification statements to labels placed on the equipment to IT Helpdesk logbooks,” the report states.
Michael Colombo, a regional manager for the inspector general’s office, noted in a letter to department officials that controlling data and machines was crucial due to the department’s various focuses.
“Given the department’s diverse missions, varying and often opposing constituencies, and controversial issues including environmental and Indian trust matters, infrastructure assets such as dams, bridges, and monuments, and land and minerals management activities, information control is essential,” he wrote.
The report recommends that the department implement a uniform departmentwide system for controlling chain of custody of machines, and incorporate sanitation procedures when it comes time to dispose of devices. The department should also require that the loss or theft of computers be reported to the department’s Computer Incident Response Center, and begin encrypting all portable computers in the department, the report states.