This hit my radar about a week and a half ago, but it wasn’t quite as sexy as some other stories I blogged. That said, it’s pretty serious when an organization with this much on the line is incapable of defining and adhering to very simple processes:
The State Department does not have an accurate accounting of its laptop computers, including ones meant for classified use, and has failed to encrypt machines as it is supposed to do to protect sensitive information, according to a new report by the department’s inspector general.
Inspectors found that 27 laptops, worth $55,000 were missing out of a sample of 334 from four State Department bureaus, the report states.
“Because the content and the encryption status of the missing laptop computers are unknown, there is a risk that PII (Personally Identifiable Information) and other sensitive Department information may be susceptible to unauthorized access and use,” it says.
Encryption is not rocket science, but inventory? That’s trivially easy. Checking out a library book is a more stringent procedure.
The fix is easy, necessary, and urgent. This is the sort of thing that demands to be corrected immediately.