LS: Would it be inappropriate to look at this as a perfect example of the dangers inherent in the lack of risk-based security analysis? If Sandy Berger visited the DoE, they'd probably have to shut down for a year. This overreaction (hard disks with classified info cannot be used?) is an invitation to DoS the DoE by simply 'misplacing' something. It is also dangerous: a positive incentive for employees to not report theft of classified information. Simply put, if the data is that valuble, it should be encrypted and impossible to read without passing some strong authentication, including some sort of challenge-response. If it -is- that encrypted, the thief might as well format the Zip disks and use them for data storage for all the good it would do. This response demonstrates eloquently that the DoE's take on data security is, at best, reactive. . . .
Energy Secretary Spencer Abraham ordered today all Energy Department operations to halt using controlled removable electronic media (CREM) to improve media protection procedures.

Abraham's directive follows an announcement earlier this month that Los Alamos National Laboratory employees had lost two Zip discs containing classified material. Lab workers are searching for the discs amid more than 2,000 safes and vaults. The lab's director has halted all operations at Los Alamos, and Abraham has directed that classified operations will not resume until Energy's deputy secretary, Kyle McSlarrow, and the National Nuclear Security Administration's administrator, Linton Brooks, confirm that newly implemented corrective actions improve CREM management.

"While we have no evidence that the problems currently being investigated are present elsewhere, we have a responsibility to take all necessary action to prevent such problems from occurring at all," Abraham said in a statement.

CREM includes all types of classified hard drives or computer discs.

The link for this article located at fcw.com is no longer available.