Some Justice laptops lack encryption, IG finds

Department's IG finds 10 of 40 laptops tested from the Criminal Division didn't have required protections

A quarter of a sampling of laptops from the Justice Department's Criminal Division recently tested by the department's inspector general didn't have the required encryption.

The IG found that 10 of 40 mobile computers it tested – overall, the division has about 800 laptops – weren’t encrypted. According to an audit by the IG, all of the unencrypted workstations came from the division’s International Criminal Investigative Training Assistance Program (ICITAP), one of seven sections in the criminal division.

The IG also found that some laptops didn’t have the baseline configurations required by the department, and one unencrypted laptop from ICITAP had an unauthorized peer-to-peer network, Limewire, installed and running. The computers without the baseline configurations came from ICITAP and the division's Computer Crimes and Intellectual Property section.

Meanwhile, the IG found weaknesses in the oversight of data security policies in contracts the division uses for litigation support services. In particular, seven of the nine contractors tested that held one type of contract processed sensitive information from Justice on laptops without encryption.

“This is a troubling issue that must be quickly addressed,” the IG wrote in a report released April 1 that detailed the audit’s findings. The audit was done from July through December 2009.

The IG made 10 recommendations, all of which Justice agreed with. The department concurred with recommendations to:

  • Ensure that all of the division’s laptops are encrypted.
  • Give all laptops to the division's Information Technology Management staff for encryption before use.
  • Formalize laptop encryption procedures.
  • Ensure the IT Management staff approves baseline configurations on all laptops used to process Justice data.
  • Maintain a record of encryption for all of the division’s laptops.
  • Enhance procedures to ensure inventory of laptops is accurate.
  • Ensure contractor-owned computers that process Justice data are encrypted and make sure contractors know the proper rules for handling department data.
  • Put proper language in related contracts.

Despite agreeing to the recommendations, the Criminal Division said in a written response to a draft of the report that the audit found less than 2 percent of the division’s laptops that did not satisfy encryption requirements. The division also said the noncompliance with encryption requirements was limited to one section and was the result of “an isolated occurrence several years ago.” The division also said that laptops identified as unencrypted "have since been reimaged and encrypted, or excised."

The IG agreed that the lack of encryption may have been caused by “an isolated occurrence several years ago.” However, auditors disagreed with the division's assertion that the audit showed that less than 2 percent of laptops weren’t compliant. The IG noted that 10 of the 40 – or 25 percent of computers tested -- weren’t encrypted, and it can’t be assumed that the division's 759 untested computers all had encryption.

About the Author

Ben Bain is a reporter for Federal Computer Week.

Featured

  • Defense
    The U.S. Army Corps of Engineers and the National Geospatial-Intelligence Agency (NGA) reveal concept renderings for the Next NGA West (N2W) campus from the design-build team McCarthy HITT winning proposal. The entirety of the campus is anticipated to be operational in 2025.

    How NGA is tackling interoperability challenges

    Mark Munsell, the National Geospatial-Intelligence Agency’s CTO, talks about talent shortages and how the agency is working to get more unclassified data.

  • Veterans Affairs
    Veterans Affairs CIO Jim Gfrerer speaks at an Oct. 10 FCW event (Photo credit: Troy K. Schneider)

    VA's pivot to agile

    With 10 months on the job, Veterans Affairs CIO Jim Gfrerer is pushing his organization toward a culture of constant delivery.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.