Lab not wiping sensitive data before discarding machines, DOE finds

Excessing of Computers Used for Unclassified Controlled Information at Lawrence Livermore National Laboratory [.pdf]

Related Links

The Lawrence Livermore National Laboratory in California may not be wiping sensitive information from excess computers it disposes of, according to a report released by the Energy Department’s inspector general’s office.

The national security research lab has been slow to adopt departmentwide policies for wiping information from unneeded computers before donating or selling them, a process known as “excessing,” the report states.

Hard drives and other memory devices on excess machines must be wiped clean or physically destroyed, according to DOE policy. The National Nuclear Security Administration (NNSA) — which oversees the lab — dragged its feet in implementing the policy at the lab, the IG said, and as of this month, still hasn’t fully implemented it. The lab excesses about 5,300 computers annually.

Lawrence Livermore has its own agencywide policy for excessing computers, but the report states that it doesn’t fully align with DOE’s. Lab officials did not check computers for embedded memory devices, didn’t test hard drives reused by the lab for sanitization and failed to provide adequate documentation of wiped memory devices.

“Despite the number of problems that we and others have identified over the years with the department’s efforts to appropriate excess computers and other electronic memory devices, major department elements, including the NNSA, did not timely implement department policy,” said DOE Inspector General Gregory Friedman, in a memo attached to the report.

The IG wrote that lab managers did not agree or disagree with the report but said that “certain corrective actions have been or will be initiated.”

In January, Energy Secretary Samuel Bodman fired the NNSA chief following serious security breaches at several national laboratories and the discovery of a hard drive with classified information at a former employee's home.

Featured

  • Government Innovation Awards
    Government Innovation Awards - https://governmentinnovationawards.com

    Congratulations to the 2020 Rising Stars

    These early-career leaders already are having an outsized impact on government IT.

  • Cybersecurity
    cybersecurity (Rawpixel/Shutterstock.com)

    CMMC clears key regulatory hurdle

    The White House approved an interim rule to mandate defense contractors prove they adhere to existing cybersecurity standards from the National Institute of Standards and Technology.

Stay Connected