March 2008 Archives

The Washington Post reported yesterday that officials with the Defense Logistics Agency (DLA) mistakenly shipped nuclear missile fuses in a shipment to Taiwan in August 2006. The shipment was supposed to include only replacement battery packs for a specific type of helicopter used in Taiwan's fleet. According to the article, Air Force officials believe that the missile fuses were placed in an unclassified area of a DLA warehouse and not properly tracked, as periodic physical inventories conducted over the past 18 months did not reveal that the items were missing or unaccounted for.

The issue raises concern for several reasons. First, U.S. officials were not aware of the mistake until Friday when notified by Taiwanese officials, 18 months after the fact. Second, the classified nature of the materials shipped warranted that they be among those items of highest priority for accountability inventory control, but periodic physical inventories conducted during the past 18 months did not reveal that the fuses were missing, indicating that they were not being properly tracked. Third, this isn't exactly a case of a restaurant ordering a shipment of Coke from a beverage distributor and receiving Pepsi. This is an error that could potentially violate the terms of nuclear nonproliferation agreements as well as U.S. export laws. And given the sensitive nature of the relationship between China and the U.S. because of U.S. relations with Taiwan, this incident could have much greater consequences in the international arena.

This incident, like many others, illustrates the need for organizations to assess the overall health of their property management systems and physical inventory procedures. Everyone makes mistakes...and in an organization the size of the U.S. Department of Defense that transfers large shipments between warehouses across the country on an hourly basis, mistakes are sometimes inevitable. But a mistake that goes unnoticed for 18 months highlights some significant deficiencies in both property management and inventory control procedures.

Whether organizations are tracking laptops, satellites, dump trucks, or widgets, they must be able to account for their assets at any point in time, and must have processes in place to recognize when items are not where they are expected to be. Even more important, items that are identified as being of a highly classified or sensitive nature should be regarded as such, by being tracked even more closely and inventoried more often.

The Washington Post reported today that a government laptop belonging to the National Institutes of Health (NIH) was stolen last month while in the possession of an NIH employee. The laptop apparently contains sensitive medical data on 2,500 patients who were enrolled in a confidential NIH study, which was not encrypted. This incident highlights the necessity that organizations take steps necessary to ensure the security of highly sensitive or confidential information, or Personally Identifiable Information (PII.) IT security is an issue that is becoming more and more relevant as cases of identity theft continue to increase.

In 2006, after a laptop containing PII of veterans and active-duty service members was stolen belonging to the Department of Veteran's Affairs (VA), the Office of Management and Budget issued a recommendation that all portable IT devices be loaded with encryption software. One year later, this recommendation became a requirement for any portable device that may contain sensitive information.

The article also states that a recent study conducted by The Government Accountability Office (GAO) found that this month alone, at least 19 of 24 government agencies reviewed had experienced at least one breach that could potentially expose PII to identity theft. These findings illustrate the need for organizations, public or private, to place the highest priority on accounting for sensitive data, which now more than ever reside on portable, even hand-held devices. The theft of a desktop computer is not likely....the theft or loss of a laptop, a PDA, or a Blackberry is almost an inevitability. Organizations must ensure that property management procedures are in place to prevent PII falling into the wrong hands not only by encrypting sensitive data, but more importantly, by placing a much higher priority of accountability on devices that are portable or that may contain sensitive data. Equally as important, they must ensure that staff is knowledgeable about and fully compliant with those procedures.

We just got back from the 2008 NPMA Western Regional Seminar in Long Beach, CA.  The seminar was held aboard the historic Queen Mary.  The event featured a number of great programs on the latest developments in the property industry including:

• The newly released FAR 45 updates
• The impact of DOD's cancellation of the 4161 manual
• ASTM Standards and the E53 Committee on Property Management Systems
• UID Compliance
• Performing property management self-assessments

The event was also a great opportunity for many companies and agencies to come together and share best practices and knowledge.  Organizations represented at the conference included Boeing, Northrup Grumman, Stanford University,  DCMA, and GSA.

One of the highlights of the event was the "Who Killed the Auditor" Murder Mystery Dinner performed by Skip Adolph of Sunflower Systems and Lorril Stephens of ATK.  The Grand Salon of the historic ocean liner was the perfect backdrop for this interactive, property-themed detective story.

We're looking forward to attending upcoming property events, including the NOVA Chapter Seminar in Fairfax, VA on March 31-April 1, the Northwest Chapter Seminar in Anchorage, Alaska on April 28-29 and the Central Region Seminar in Denver, Colorado on May 8-9.