Auditors: Energy lost counterspies' PCs

Department dawdled on IT standardization

The Energy
Department, which repeatedly hasbungled IT security in recent years, took two more hits fully
or partly related to problems in recent reports from its inspector

apparent loss of 14 desktop computers that had processed classified
information surfaced in a report
titled 'Internal Controls Over Computer Property at the
Department's Counterintelligence

The report stated
that DOE's counterspies couldn't locate 20 desktop
computers that were part of its documented inventory. In addition
to the 14 desktops that were known to have held classified data,
the report said, 'The remaining six computers may have been
used to process such data.

the inventory records were so imprecise and inaccurate that the
directorate had to resort to extraordinary means to locate an
additional 125 computers,' the report continued. 'Those
computers should have been readily accessible, had property record
keeping been current and complete.'

The report stated

  • The
    Counterintelligence Directorate hadn't entered an additional
    57 computers in its property inventory.

  • The
    directorate's loan agreements for 96 computers that had been
    transferred from headquarters to field offices had

  • DOE officials had
    failed to put the proper security classification labels on 74
    computers, as the department's rules require.

with the control and accountability of desktop and laptop computers
have plagued the department for a number of years,' the
auditors observed. 'As we found in several recent reviews,
strict property management procedures need to be consistently
applied to ensure the control of sensitive property, such as

DOE officials
concurred with several recommendations the auditors offered on the
computer inventory control issue. But the report noted that the
officials failed to provide planned corrective actions with target
completion dates, so further action by senior managers would be
necessary. DOE responded by describing actions it had taken in
response to previous, similar reports, such as appointing an
official responsible for keeping track of its inventories and
mandating the immediate reporting of property

DOE added that
while not all its records complied with department policy, there
were records that had been created in another format.

In a secondreport, titled 'The Department's Efforts to
Implement Common Information Technology Services at
Headquarters,' the Inspector General Office said DOE
hadn't fully met its goals in adopting a common operational

The standardized
IT framework, which cost the department $980 million in fiscal
2006, calls for a consolidated environment covering desktop
support, application hosting and equipment distribution services.
Various organizations at DOE headquarters had been managing the
functions separately when the department launched the

The department
called the project Extended Common Integrated Technology
Environment at first but then renamed it the Department of
Energy's Common Operating Environment.

department's CIO is overseeing the DOE-COE project. The
IG's audit found that:

  • Five major
    organizations, accounting for 40 percent of users, or 2,473 from a
    total covered workforce of 6,199, hadn't been migrated to the
    common environment within the project's first twelve months,
    in a delay that eliminated $15 million of possible

  • In some
    organizations, officials did not cut off services provided to
    workers who had been shifted to the new environment, a mistake that
    cost $700,000 in needless user fees and caused 'potential
    cybersecurity vulnerabilities.'

The auditors
praised the DOE for completing the migration process for 23 of the
28 organizations within headquarters. But they cautioned that their
review didn't include DOE's far-flung field

department's CIO office agreed with the conclusions of the
second report and described measures that it had taken to end the


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected