Drive Encryption Software: Auditors Slam USCIS For Lack Of Laptop Encryption.

Do you know why solutions like managed laptop encryption software such as AlertBoot are better than some standalone ones?  Among many reasons, it’s because the encryption cannot be overridden by anyone but the administrator.  It has to be done from a central console.

This ensures, among other things, that a laptop stays encrypted once it is encrypted.  Why would anyone try to disable encryption?  For one, it might interfere with training.

USCIS Parades Around Unencrypted Laptop for Training Purposes, Thinks It’s OK.  Not!

The Department of Homeland Security (DHS) Office of Inspector General (OIG) finds in a report that the U.S. Citizenship and Immigration Services (USCIS) department has problems when it comes to the security of its laptop assets.  The report found that:

  • 2.79% of randomly selected laptops showed discrepancies in its name (asset management system vs. configuration management tool).  This affected Windows updates

  • 6.27% of laptops had a nonstandard computer name

  • 6.5% of laptops did not use the latest service pack of it operating system

  • 8% of laptops did not use the latest version of its encryption software

  • 4.5% of laptops did not use encryption at all, or had it disabled

Regarding the last two points, USCIS noted that,

there were two situations where, by design, the standard USCIS encryption software was not active on the laptops: laptops used for classified processing and laptops used for training. USCIS staff noted that classified laptops do not use the standard encryption software, but rather the laptops used for classified processing conform to the rules of the classified system. When encryption software was running on training laptops, if a user rebooted, someone would need to be called to log in past encryption before the class could continue. According to USCIS staff, the training laptops do not need to be encrypted because they do not leave DHS facilities. [OIG report, OIG-12-83, May 2012]

The OIG answers in the same report that,

According to Directive 4300A, Information stored on any laptop computer or other mobile computing device that may be used in a residence or on travel shall use encryption.…

Laptop computers that are not running the most recent encryption software might not be adequately protecting the security and privacy of USCIS data, potentially putting data confidentiality, integrity, and availability at risk.

In other words — as noted — there are no exceptions for instances where training gets slowed down because of reboots.

It’s because of questionable judgments like these that allowing laptops to be decrypted by the user should not be allowed.

Have They Not Heard of Break Ins?

There are myriad reasons why a laptop used in a secure environment should be and stay encrypted.  Reasons include theft and your spontaneous cases of laptopwentamissingitis, the condition where a laptop just disappears.

Related Articles and Sites:

Comments (0)

Let us know what you think