An audit from the Division of Justice’s Workplace of the Inspector Basic (OIG) recognized “vital weaknesses” in FBI’s stock administration and disposal of digital storage media containing delicate and labeled info.
The report highlights a number of points with insurance policies and procedures or controls for monitoring storage media extracted from gadgets, and vital bodily safety gaps within the media destruction course of.
The FBI has acknowledged these points and is within the means of implementing corrective actions primarily based on the suggestions from OIG.
OIG’s findings
OIG’s audit highlights a number of weaknesses in FBI’s stock administration and disposal procedures for digital storage media containing delicate however unclassified (SBU) in addition to labeled nationwide safety info (NSI).
The three key findings are summarized as follows:
- The FBI doesn’t adequately observe or account for digital storage media, comparable to inner arduous drives and thumb drives, as soon as they’re extracted from bigger gadgets, which will increase the chance of those media being misplaced or stolen.
- The FBI fails to persistently label digital storage media with the suitable classification ranges (e.g., Secret, High Secret), which might result in mishandling or unauthorized entry to delicate info.
- The OIG additionally noticed inadequate bodily safety on the FBI facility the place media destruction happens. This contains insufficient inner entry controls, unsecured storage of media awaiting destruction, and non-functioning surveillance cameras, all of which heighten the chance of labeled info being compromised.
Supply: OIG
Suggestions and FBI’s response
The OIG has made three particular suggestions to the FBI to handle the recognized issues.
- Revise procedures to make sure all digital storage media containing delicate or labeled info, together with arduous drives which might be extracted from computer systems slated for destruction, are appropriately accounted for, tracked, well timed sanitized, and destroyed.
- Implement controls to make sure its digital storage media are marked with the suitable NSI classification stage markings, in accordance with relevant insurance policies and tips.
- Strengthen the management and practices for the bodily safety of its digital storage media on the facility to forestall loss or theft.
FBI acknowledged the audit’s findings and acknowledged it’s within the means of growing a brand new directive titled “Bodily Management and Destruction of Categorized and Delicate Digital Units and Materials Coverage Directive.”
This new coverage is predicted to handle the issues recognized within the storage media monitoring and classification markings.
Supply: OIG
Moreover, the FBI mentioned it’s within the means of putting in protecting “cages” to make use of as storage factors for the media, which will likely be lined by video surveillance.
OIG expects the FBI to replace it on the standing of implementing the corrective actions inside 90 days.