Army to encrypt computers
- By Dawn S. Onley
- Aug 22, 2006
Fort Lauderdale, Fla.'The Army is kicking off a pilot program to begin encrypting data on notebook computers.
Lt. Gen. Steven Boutelle, Army CIO, said the service would also soon release a policy that instructs Army personnel to perform an accounting of notebooks and other mobile devices.
Both efforts are in response to data breaches that occurred in the Energy and Veterans Affairs departments, Boutelle said. The intent is to easily determine if a computer has been stolen and to encrypt data so information on that computer is protected. The Army must take a proactive role to secure mobile systems and can't wait for the next newspaper article to appear on another federal data breach, Boutelle told attendees at the Army LandWarNet Conference sponsored by AFCEA. The theme of the conference is "Delivering Joint Integrated Solutions to the Warfighter Today."
"We're going to give you guidance in the next few weeks to immediately identify all your notebook computers," Boutelle said. "Data at rest is data at risk. Don't be the one who loses that notebook computer and the data on it is not encrypted, after you've seen what's happened to the other federal agencies."
Once the guidance is released, the Army will require users to put a sticker on each notebook computer and mobile device, to categorize equipment by mobile device versus non-mobile and to label appropriately, and to halt the practice of removing mobile computers from secure areas unless the data on the systems is protected. Among the Army's accepted encryption software programs are PointSec, Credant Technologies and Microsoft's Encrypting File System.
"I know what I own now. Now it's my job to manage it properly," Boutelle said.
VA recently announced it would begin encrypting data
by mid-September after two data breaches. In May, thieves stole
a notebook and hard drive that contained the personal data of millions of veterans from the home of a VA employee. Law enforcement recovered
the items and arrested two men in the case.
Earlier this month, a desktop computer went missing
from the Reston, Va., offices of VA subcontractor Unisys Corp. The computer contained personal information on about 38,000 veterans who have sought care from two VA medical facilities in Pittsburgh and Philadelphia. The FBI, VA's inspector general and local law enforcement are conducting an investigation and Unisys offered a reward of up to $50,000 for information leading to recovery of the computer.
In June, the Energy Department revealed that names of more than 1,500 employees of the National Nuclear Security Administration had been stolen in a network incursion that occurred more than two years ago. NNSA didn't discover the breach until more than a year after it happened.
In response to the data breach at VA and several other agencies, the Office of Management and Budget in a June memo directed agencies
to encrypt data on mobile devices by Aug. 7.