DOE rapped over computer disposal

A review of the way the Energy Department deals with excess property turned up computers that still had readable data and a lack of policies on how DOE should deal with used machines.

A random sample of 40 computers in DOE's excess property holding area in Germantown, Md., found that three machines had not been properly cleared, leaving recoverable information and data, according to a General Accounting Office report.

The report, "Safeguarding of Data in Excessed Department of Energy Computers," also found that DOE "does not have standardized instructions, verification procedures, or training for agency or contract employees on how to properly clear excessed computers."

The DOE's federal property management regulations require that all software, information and data be cleared from computers before still-useful machines are transferred to other agencies, schools, prisons and nonprofit organizations.

At the time of the review, which took place from August through November 2000, GAO interviewed officials from nine DOE headquarters program offices regarding their policies for handling excess computers. Of the 10 facilities surveyed, only one complied with federal property management regulations. And of the random sample from Germantown, seven computers had the operating system software still installed, and three had not been cleared of readable information.

In submitting the report to the House Science Committee, GAO made three recommendations to the department:

Develop and implement standard written procedures on how to clear hard drives of all software and data. Require an independent verification that the procedures have been done before turning in the computers. Emphasize the procedures in the computer security training and awareness program that is required of all DOE employees and contractors. In a March 14 letter to GAO, Joseph Mahaley, acting director of the Office of Security and Emergency Operations at DOE, agreed with the findings and recommendations of the draft report and said efforts are under way to solve the problems.

Also, as part of its Cyber Security Management Program, the office of DOE's chief information officer is preparing a manual to be issued this summer that includes procedures for:

Sanitizating media during the disposal phase of an system's life cycle. Sanitizing electronic media for reuse. Ensuring that need-to-know criteria are applied to workers granted access to classified data archives. Verifiying that sanitization has been effective.

Featured

  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Stay Connected