HomeFeaturesDailyBriefingsRapidReconSpecial ReportsAbout Us

ITs Fundamental

A fundamental aspect of any security effort is knowing what it is you are trying to protect. In the information age, and the age of the massive, sensitive data breach, the idea that any organization much less one of this import would not have mastered this concept is mind boggling.

At the risk of being accused of crystal ball gazing, the odds that IT would generally get short shrift in an agency dedicated to largely intellectual pursuits is probably pretty high; particularly so if a Stimson-like attitude prevails. But like Stimson, who later saw the value in what he had earlier derided, recovering from this condition and securing future efforts is easily done if - in the wake of the inevitable congressional hearings - a budget request for hard disk encryption and device tagging/tracking is submitted.

2 Comments

The loss of sensitive information and data breaches unfortunately have occurred before, and recently, are happening more frequently. The referenced theft of veteran's data occurred two years ago. Since then, for example, NIH laptops with sensitive patient information was lost.

As Congresswomen Lowey was quoted:

“The importance of safeguarding official laptops and office equipment containing sensitive information is not a new concern,” she said through a spokesman.

The CQ article further clarifies, that “Unaccounted for” does not necessarily mean the laptops have been lost. But they are “missing” until they have been found or otherwise accounted for.

It is hard to control the human factor. My only computer is a laptop. It never leaves my possession when traveling. I rarely, if ever, will leave it in my car. I think that some basic and obligatory "training" for people using government laptops is required. If it is already in place, then more stringent rules are needed. Maybe a prohibition of removing work computers from locations is required. Of course, that doesn't consider the risks associated with portable memory that can easily be taken from the workplace, lost or misplaced. The problem really is that with portable memory, data security has been made more challenging.

Though we are not far from the day when all permanent memory on a computer may become obsolete,through long distance high speed wireless, in which case most processing and all memory would be left to the 'base' computer. Needless to say, this will also present its own security challenges, but with effective encryption and log on protects,it should be a step forward in that respect.Bear in mind that it is not just laptops, but everything from classified paper documents, to memory sticks, to cds, which have gone missing with sensitive information. The difference with modern media is the quantity of private information lost at once.