IG cites CBP for laptop security issues

U.S. Customs and Border Protection needs to bolster its protection of laptop computers, according to a Homeland Security Department audit.

In a December 2006 report, DHS’ Office of the Inspector General said CBP has failed to establish a standard laptop configuration that meets minimum security requirements and has also lagged in devising effective patching procedures. Additionally, CBP lacks sufficient inventory management controls, the report notes.

“As a result, sensitive information stored and processed on CBP’s laptop computers may not be protected adequately,” according to the IG’s office.

The report, citing DHS’ Computer Security Incident Response Center, said 12 security incidents involving stolen DHS laptops were reported in 2005. Those thefts included laptops from CBP, the Secret Service, Immigration and Customs Enforcement (ICE), and the Science and Technology Directorate.

The report states that CBP developed a standard build for its laptops, based on DHS server configuration guidelines for Microsoft Windows 2000. The build, which includes antivirus capability, a personal firewall and a hard-drive encryption, is loaded onto a server as a software image and installed on new laptops.

OIG tested a sample of 256 CBP laptops and found that the standard build was not consistently implemented. The audit discovered that 16 percent of the tested laptops were not running Windows 2000. Those laptops were running operating systems such as Linux and Windows 3.1, 95, 98, ME, NT and XP.

OIG said the security features of CBP’s standard build, while enhancing data protection, lack “certain critical controls.” The redacted report, however, does not identify those controls.

Further, the the IG’s report states that patches and updates were missing from laptops because most of the units included in the audit “are used as secondary or shared laptops.” Those laptops do not regularly connect to the CBP network, which distributes patches, according to the report.

In addition, some Border Patrol locations link to the ICE network, rather than CBP.

CBP is working toward laptop security improvement, according to OIG. “CBP officials stated that they have already taken or plan to take corrective action to address the weaknesses we identified,” the report states.


  • Workforce
    Avril Haines testifies SSCI Jan. 19, 2021

    Haines looks to restore IC workforce morale

    If confirmed, Avril Haines says that one of her top priorities as the Director of National Intelligence will be "institutional" issues, like renewing public trust in the intelligence community and improving workforce morale.

  • Defense
    laptop cloud concept (Andrey Suslov/Shutterstock.com)

    Telework, BYOD and DEOS

    Telework made the idea of bringing your own device a top priority as the Defense Information Systems Agency begins transitioning to a permanent version of the commercial virtual remote environment.

Stay Connected