Counterspies' PCs missing, an Energy report shows

Energy inspection report (.pdf)

The Energy Department, which repeatedly has bungled information technology security in recent years, took two more hits related fully or in part to the problems in recent reports from its inspector general.

DOE’s apparent loss of 14 desktop computers that had processed classified information surfaced in a report titled “Internal Controls Over Computer Property at the Department’s Counterintelligence Directorate.”

The inspection report states that DOE’s counterspies couldn’t locate 20 desktop computers that were part of its documented inventory. In addition to the 14 desktops that were known to have held classified data, the report noted that, “The remaining six computers may have been used to process such data.”

“Further[more], the inventory records were so imprecise and inaccurate that the directorate had to resort to extraordinary means to locate an additional 125 computers,” the report states. “Those computers should have been readily accessible, had property recordkeeping been current and complete.”

The report also states that:
  • The Counterintelligence Directorate hadn’t entered an additional 57 computers in its property inventory.
  • The directorate’s loan agreements for 96 computers that had been transferred from headquarters to field offices had expired.
  • DOE officials had failed to put the proper security classification labels on 74 computers, as the department’s rules require.
“Problems with the control and accountability of desktop and laptop computers have plagued the department for a number of years,” the auditors observed. “As we found in several recent reviews, strict property management procedures need to be consistently applied to ensure the control of sensitive property, such as computers.”

DOE officials concurred with several recommendations the auditors offered on the computer inventory control issue. But the report noted that the officials failed to provide planned corrective actions with target completion dates, so further action by senior managers would be necessary. DOE responded by describing actions it had taken in response to previous similar reports, such as appointing an official responsible for keeping track of its inventories, and mandating the immediate reporting of property relocations.

DOE added that although not all its records complied with department policy, there were records that had been created in another format.

In a second report, titled “The Department’s Efforts to Implement Common Information Technology Services at Headquarters,” the inspector general’s office said DOE hadn’t fully met its goals in adopting a common operational environment.

The standardized IT framework, which cost the department $980 million in fiscal 2006, calls for a consolidated environment covering desktop support, application hosting and equipment distribution services. Various organizations at DOE headquarters had been managing the functions separately when the department launched the reorganization.

The department called the project Extended Common Integrated Technology Environment at first, but then renamed it the Department of Energy’s Common Operating Environment (DOE-COE).

The department’s chief information officer is overseeing the DOE-COE project. The IG’s audit found that:
  • Five major organizations, accounting for 40 percent or 2,473 users from a total covered workforce of 6,199, hadn’t been migrated to the common environment within the project’s first 12 months, in a delay that eliminated $15 million of possible savings.
  • In some organizations, officials did not cut off services provided to workers who had been shifted to the new environment, a mistake that cost $700,000 in needless user fees and caused “potential cybersecurity vulnerabilities.”
The auditors praised the DOE for completing the migration process for 23 of the 28 organizations within headquarters. But they cautioned that their review didn’t include DOE’s far-flung field offices.

The department’s CIO office agreed with the conclusions of the second report and described measures that it had taken to end the problems.

Wilson P. Dizard III writes for Government Computer News, an 1105 Government Information Group publication.

Featured

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

  • Census
    shutterstock image

    2020 Census to include citizenship question

    The Department of Commerce is breaking with recent practice and restoring a question about respondent citizenship last used in 1950, despite being urged not to by former Census directors and outside experts.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.