A recent audit conducted by the Department of Justice’s Office of the Inspector General (OIG) has brought to light concerning security deficiencies within the Federal Bureau of Investigation (FBI) regarding the handling of sensitive storage media designated for destruction. The audit revealed significant flaws in the FBI’s procedures for tracking and securing electronic storage devices containing sensitive information, raising alarms about the potential risks of unauthorized access or misuse.
According to the OIG report, the FBI has been found to inadequately label, store, and secure decommissioned electronic storage media, including internal hard drives and thumb drives, which often contain sensitive but unclassified law enforcement information and classified national security information (NSI). These items were discovered to be stored unsupervised on pallets for extended periods at an FBI-controlled facility intended for their destruction, highlighting serious concerns about the security of such sensitive storage media.
The audit report outlined critical areas where the FBI’s procedures were deficient, particularly in inventory management and disposition of these devices. The agency struggled with tracking internal hard drives, including those removed from Top Secret computers, and could not always verify their destruction. Inadequate policies and controls for accounting for electronic storage media, along with improper labeling of NSI classification or sensitive but unclassified (SBU) levels, were identified as key shortcomings in the FBI’s practices.
Furthermore, the audit emphasized the need for enhanced physical security measures at the facility where media destruction occurs. Despite contractors involved in the sanitization and destruction having access to protected information, the FBI’s internal access controls were deemed insufficient. These issues were flagged as requiring immediate attention from the FBI to enhance the security of sensitive storage media.
In response to the audit findings, the OIG made several recommendations for the FBI to address the identified concerns and strengthen its procedures for handling sensitive storage media. The proposed improvements include developing and implementing more robust policies for inventory management, ensuring proper labeling of electronic storage media according to sensitivity levels, and bolstering physical security measures at the media destruction facility.
The FBI’s Asset Management Unit (AMU) plays a crucial role in overseeing the processing, sanitization, destruction, and disposal of electronic media. The AMU’s process for handling electronic media involves various stages, from collection at FBI headquarters or designated facilities to storage and eventual processing by the Media Destruction Team (MDT). Despite these procedures, the audit revealed significant issues, such as delays in processing electronic media and shortcomings in the sanitization process, indicating a need for improved security protocols.
Overall, the audit’s findings underscore the importance of enhancing security measures and implementing stricter controls in the FBI’s handling of sensitive storage media slated for destruction. Addressing these deficiencies is critical to mitigating the risks of unauthorized access, misuse, and potential breaches of classified information, ensuring the protection of sensitive data within the agency’s purview.