Computer Security

DEA Is Not Adequately Protecting National Security Information Gao ID: IMTEC-92-31 February 19, 1992

Weak computer security at the Drug Enforcement Administration (DEA) is putting classified information on informants and undercover operations at needless risk, potentially endangering lives and ultimately jeopardizing the war on drugs. DEA does not know what computers are processing national security information, and personnel are routinely processing classified information improperly on computers that are neither approved for such use nor appropriately safeguarded. Lax physical security makes these weaknesses even more disturbing. Access to computer areas is poorly controlled and non-DEA employees lacking security clearances, such as janitors, work unescorted in these areas. In addition, floppy diskettes and classified documents are left unsecured. The Department of Justice has discovered similar problems at another important DEA field site.

GAO found that DEA: (1) has not identified all computer systems that process classified data as required by Department of Justice policy; (2) personnel are improperly using an unapproved and unprotected computer network to routinely process classified data; and (3) is not properly safeguarding computer-generated materials and documents or adequately controlling access to areas where computers process national security information.

Recommendations

Our recommendations from this work are listed below with a Contact for more information. Status will change from "In process" to "Open," "Closed - implemented," or "Closed - not implemented" based on our follow up work.

Director: Team: Phone:


The Justia Government Accountability Office site republishes public reports retrieved from the U.S. GAO These reports should not be considered official, and do not necessarily reflect the views of Justia.