US Federal Agencies Welcome Data Theft

July 30th, 2008 by Agent Smith (3) DLP,Data Encryption,Data Theft & Loss,In The Spotlight,Laws & Standards,endpoint security,security breach

After 15 months of investigation into 24 major US federal agencies, the Government Accountability Office (GAO) has release a report showing that key US Departments still don’t take data security seriously. Given the list of breaches we’ve been covering affecting everyone from colleges and hospitals to the US Army, I’d say it’s high time they started!

According to the report quoted by Vnunet.com, around 70 percent of laptops and handhelds used by agency failed to comply with Office of Management and Budget (OMB) rules and didn’t use encryption making the data available to anyone intending to steal it. The OMB rules are not even close to being new, as they decided all federal laptops should be encrypted back in 2007.

“We are recommending that OMB clarify governmentwide encryption policy to address agency efforts to plan for and implement encryption technologies,” said the report.

“We are also making recommendations to selected agencies to properly install and configure FIPS-compliant encryption technologies, to develop policies and procedures to manage encryption, and to provide encryption training to personnel.”

Other practices of extremely low levels of security (or should we say non-existent security) include Nasa employees refusing to deploy encryption software on their laptops and members of the Department of Education who weren’t told encryption software was installed so they of course weren’t using it. From what I know if they’re using Windows, whenever a new program is installed, you have a quite nagging message in your Startup Menu. How patient must one be to simply ignore it over and over again :)

3 Responses to “US Federal Agencies Welcome Data Theft”

  1. Captain Advantage Says:
    August 2nd, 2008 at 12:26 am

    So if it took this long for the GAO to put out a report that includes a survey from last summer in 2007, doesn’t that make the data suspect? Surely improvements have been made since then. There are a number of encryption pros like the guys at Credant who are helping the feds solve the problem. I think an education program is in order for government employees if there is not seveeral already in place.

  2. What we’re reading, week of 8/4 « VPN Haus Says:
    August 4th, 2008 at 6:04 pm

    [...] US Federal Agencies Welcome Data Theft [...]

  3. Alina Says:
    August 5th, 2008 at 6:29 am

    It usually takes this long for such a report. But from what I’ve seen in older reports, the situation hasn’t changed much. You are right, having a serious educational program might help more than just creating new rules no one cares about.

Leave a Reply

© Endpoint Security Info 2010. Wordpress Theme by Arcsin

blogarama - the blog directory Technology Blogs - BlogCatalog Blog Directory Blog Directory Find Blogs in the Blog Directory
valid CSS valid XHTML