Despite mandate, only 30% of government devices are encrypted
Committee on Homeland Security Chairman Bennie G. Thompson (D-MS) and Committee Member Zoe Lofgren (D-CA) announced the release of a Government Accountability (GAO) report on the status of government agency efforts to encrypt and protect sensitive information.
The report identified commercially available technology, reviewed laws and policies on sensitive information, and examined 24 federal agencies. The report recommends that Office of Management and Budget (OMB) policies be clarified and that selected agencies strengthen their efforts.
The GAO found that the extent to which 24 major federal agencies reported that they have implemented encryption and developed plans to implement encryption of sensitive information varied across agencies.
From July through September 2007, the major agencies collectively reported that they had not yet installed encryption technology to protect sensitive information on about 70 percent of their laptop computers and handheld devices. Additionally, agencies reported uncertainty regarding the applicability of OMB’s encryption requirements for mobile devices, specifically portable media.
Congressman Thompson released the following statement with the release of the report:
Encryption is not an option, it is a mandate. Unfortunately, I’m not surprised that despite mandates by OMB, the Federal government is only 30% of the way there,” said Thompson. “This Administration regularly falls short when it comes to addressing our information security weaknesses. Making the right investments in cybersecurity today will keep us from paying dearly in the long run.
Congresswoman Lofgren added the following statement:
The GAO report clearly illustrates that federal agencies lag far behind the private sector in protecting and encrypting data,” noted Rep. Zoe Lofgren (D-CA). “As one of Silicon Valley’s elected representatives, I’m concerned that our government is not moving fast enough in its efforts to secure its systems and procedures. While we’ve seen some improvement, the executive branch still has quite a way to go to secure its systems and data.