Did NASA Meet Its 21 Dec 2012 DAR Deadline?
NASA Internal Memo: Breach of Personally Identifiable Information (PII) Update
“NASA has reallocated resources and has been working overtime to achieve the goal of 100 percent laptop encryption as quickly as possible and has made tremendous progress. In the past few weeks, more than 11,000 laptops have been encrypted, and, as of December 17th, NASA had encrypted 32,500 laptops, or about 85 percent of the laptops requiring encryption.”
Keith’s note: I wonder if NASA met its 21 Dec DAR installation deadline across the agency. Are all NASA laptops now equipped with DAR?
– OIG Doubts NASA Can Meet Laptop DAR Deadline, earlier post
– NASA’s One Size Fits All DAR Solution Stumbles, earlier post
– earlier posts
The total cost of DAR is considerably higher than suggested in official estimates if you count user time. If six people have to share five laptops, we each have to make an appointment with IT to add an account on each of the laptops, since DAR (at least in the NASA implementation) is incapable of domain authentication. And if we don’t use every laptop all the time the DAR and domain passwords will quickly become different on every laptop, even though none of our laptops goes off center. Since people have to exercise judgement to protect PII anyway, it would have been a lot more practical to use the (already available) partition encryption software, or better yet provide adequate cloud storage. I am limited to less than $1 worth of disk for email despite repeated requests for more.
Ironically, there is so far no indication of actual compromise data from the stolen laptop, while every case of actual compromise of NASA data seems to have been from servers under the control of IT rather than users.