IT/Web: December 2012 Archives

NASA LaRC Internal Email: 2,498 laptops later: The Miracle Has Occurred

"As you all know, today is the Agency deadline for all laptops to be fully encrypted. I am happy to report that as of 10:30 this morning Langley reached our goal by completing the DAR encryption of 2,498 government and ACES systems."

DAR Implementation Email from LaRC Center Director Lesa Roe, earlier post

"The Administrator has told all of his direct reports that he expects 100 percent completion by the 21st or it will be reflected in our performance. For clarity, I will do the same with each of you. I think you all know this but I will state it clearly ... this isn't an option ... it is mandatory for employment"

Keith's note: Of course, Lesa Roe had to explicitly warn her employees of possible disciplinary action from her office if this deadline was not met. She seems to have forgotten all about that. She, in turn, felt that Charlie Bolden had issued a similar warning to senior agency management. Something is seriously broken when you have to say things like this to your employees. Happy Holidays y'all.

NASA Internal Memo: Breach of Personally Identifiable Information (PII) Update

"NASA has reallocated resources and has been working overtime to achieve the goal of 100 percent laptop encryption as quickly as possible and has made tremendous progress. In the past few weeks, more than 11,000 laptops have been encrypted, and, as of December 17th, NASA had encrypted 32,500 laptops, or about 85 percent of the laptops requiring encryption."

Keith's note: Today is 21 Dec i.e. the deadline set for complete laptop encruption. They have had more than a month to do this - and they expect to complete encryption of 15% of NASA's laptops in just one day - just before the Christmas/New Year holidays when everyone is disappearing on annual leave?

- OIG Doubts NASA Can Meet Laptop DAR Deadline, earlier post
- NASA's One Size Fits All DAR Solution Stumbles, earlier post
- NASA's Stolen Laptop and Data Problem Just Got Worse, earlier post
- earlier posts

NASA's Efforts to Encrypt its Laptop Computers, NASA OIG

"NASA Unlikely to Meet December 21 Encryption Deadline: As a result of the October 31 laptop theft, NASA accelerated the deadline by which all ACES- managed laptop computers were to be equipped with a DAR solution from March 2013 to December 21 , 2012. The Agency estimates that this expedited encryption effort will cost at least $259,000, not including the time civil servants have devoted the project. The Agency also established the same deadline for encrypting non-ACES machines. In our judgment, it is extremely unlikely that the Agency will meet its December goal primarily because the Agency does not have a full account ofthe number of ACES and non-ACES laptops in its possession. Without knowing the full universe of laptops that require encryption, the Agency cannot be sure that all of its laptops are protected with whole-disk encryption software."

Keith's note: According to NASA PAO: "NASA takes information technology security very seriously and thanks the Inspector General for its recommendations for further strengthening NASA's systems. Most recently, NASA has accelerated its commitment to encrypting all agency laptops, encrypting more than 11,000 agency laptops in just the last few weeks. NASA has also implemented new policies and processes that will prevent future losses of personally identifiable information, such as directing that no NASA-issued laptops containing sensitive information can be removed from a NASA facility unless whole disk encryption software is enabled or the sensitive files are individually encrypted."

DAR Implementation Email from LaRC Center Director Lesa Roe, earlier post

"The Administrator has told all of his direct reports that he expects 100 percent completion by the 21st or it will be reflected in our performance. For clarity, I will do the same with each of you. I think you all know this but I will state it clearly ... this isn't an option ... it is mandatory for employment"

- NASA's One Size Fits All DAR Solution Stumbles, earlier post
- NASA's Stolen Laptop and Data Problem Just Got Worse, earlier post
- earlier posts

"The Administrator has told all of his direct reports that he expects 100 percent completion by the 21st or it will be reflected in our performance. For clarity, I will do the same with each of you. I think you all know this but I will state it clearly ... this isn't an option ... it is mandatory for employment" ...

... "Let me be clear, there are NO exceptions to the Agency-wide directive and it applies to every employee and every laptop. I am directing supervisors to ensure that employees take whatever steps are required, including adjusting employee leave schedules if necessary, the ensure that every laptops is DAR encrypted, waived, or excessed by next Friday, December 21st. Employees who do not comply are in violation of clear Agency direction aan coud face disciplinary action up to and including removal from Federal Service."

Larger image

Internal NASA LaRC memo: "Once again with DAR the NASA CIO's office has developed a well-thought-out and reasonable plan that effectively covers 90% of NASA computing resources beautifully, then is attempting to apply it to 100% of all computer systems in spite of the consequential damages. This is made worse by the bizarre deadline imposed during the Christmas holidays ...

... Risks? Plenty: this is what happens when a good policy made by smart people wh have looked at all the options is implemented by inflexible fool[s] who don't understand how people use computers and who do not weigh the consequences."
Larger image

- NASA's Stolen Laptop and Data Problem Just Got Worse
- earlier posts

Reader note: "This evening I received a second letter from NASA, stating that I'm also "one of a small number of individuals whose personal data was contained in the hard copy documents stolen with the laptop in the laptop bag." Now there's no question about whether my PII data has been exposed. Now more than ever, the one year offer of identity and credit monitoring that is being provided free of charge seems hardly a sufficient amount of time. I plan on 1) contacting NASA requesting additional duration of monitoring and 2) contacting my Representative, Adam Schiff, requesting for a Congressional inquiry as well. The redacted version (my personal info and NASA contact info have been removed) of the latest letter is attached."

Keith's note: NASA CIO Linda Cureton: please define "small number" given that over 11,000 employees had their personal information on this laptop due to your office's inept mismanagement of IT security. Is there any mention - in any memo to employees - of the fact that hard copies of employee information were also stolen? No. Do you post anything about this on the NASA CIO website? No.

NASA is just begging for a class action lawsuit by virtue of their inept response on this matter.

Oh yes - we blurred Richard Keegan's signature. Wonder why?

- NASA's CIO Anticipated The Laptop Theft, earlier post
- Data-at-Rest Is Not A New Requirement at NASA, earlier post
- Calls for Congressional Inquiry into Laptop Data Theft, earlier post
- JPL Employees Want Congressional investigation Over PII Laptop Theft, earlier post
- Agencywide Message to All NASA Employees: Breach of Personally Identifiable Information (PII), earlier post
- other posts


Loading

 



Monthly Archives

About this Archive

This page is an archive of entries in the IT/Web category from December 2012.

IT/Web: November 2012 is the previous archive.

IT/Web: January 2013 is the next archive.

Find recent content on the main index or look in the archives to find all content.