While local and state agencies are investigating the loss of at least 22.5 terabytes of data, mostly Dallas police investigation files, the investigation is trying to answer two basic questions: How did an employee cause the massive loss, and what could be done? to prevent something like that?
Information technology and cybersecurity experts who spoke to The Dallas Morning News said a loss of this magnitude could easily have been mitigated – or avoided – if basic security precautions were in place to protect sensitive information.
“I am disappointed with the lack of controls, disappointed that this happened, and surprised that such a serious error could have occurred,” said Dr. Costis Toregas, director of the Cybersecurity and Privacy Research Institute at George Washington University. “If it was a small community with a part-time IT staff, I could understand, but we’re talking about the city of Dallas.”
The city said the agent responsible for the missing evidence lost data at least three times, prompting the FBI to open their own investigation into whether this was targeted. The Dallas police previously acquitted the employee of willful misconduct.
The employee who refused to speak to The News was not charged with a crime.
“The established procedure could not be followed”
The first known deletion took place after the employee, who has since been dismissed, “did not follow the proper, established procedures,” said the city in a written statement.
The loss occurred in late March when the employee was asked to move 35 terabytes of data from online storage to a physical city drive. The procedure should take about five days.
But the employee “failed to follow the established procedure” and deleted the files from the city’s network drive, said Bill Zielenski, Dallas chief information officer, at a meeting with city officials last month.
The employee stopped the deletion when colleagues told him that files were disappearing. By then, 22 terabytes had been lost.
Officials said that 14 terabytes were recovered from this first batch of data. But late last month, officials discovered another 15 terabytes of missing data.
Officials say the current loss is about 22.5 terabytes of data, equivalent to about 7,500 hours of HD video; about 6 million photos; or 150 million pages of Microsoft Word documents. But an ongoing review due later this month could reveal more.
The city didn’t inform the Dallas County District Attorney’s Office of the loss until early August. Prosecutor John Creuzot then wrote a memo to defense attorneys about the lack of evidence, drawing the public’s attention to the incident.
The audit also found that the employee had a “pattern of errors” and had lost data on at least two other occasions.
In a memo last month, Dallas City Manager TC Broadnax outlined new guidelines, including notifying city guides of any data breaches within two hours of learning about them. Two IT staff will now monitor the movement of all data. It also introduces a 14-day waiting period before data is permanently deleted, and a review is being conducted to analyze how the city stores and archives data.
Data should have been backed up more than once
Toregas said the procedure should have been to start with two employees overseeing the transfer of data. Other techniques that could have mitigated the loss include aggressively managing the directory of who has access to the data and segmenting the data so that large pieces are not affected at once, according to Toregas.
Andrew Wildrix, chief information officer of INTRUSION, a Plano-based cybersecurity company, said the employee moved the data rather than copying it when they had to guess. If that happened, said Wildrix, it was a fundamental mistake.
“I could imagine an organization of this history and size would have taken security precautions, but it is obvious that they have been ignored,” he said.
Storing large amounts of police evidence, files, and body camera footage on obsolete, physical hard drives has been surpassed by the amount of digital evidence, said Johnny Nhan, professor of criminal justice at Texas Christian University.
Almost every police investigation now has a digital component, be it a laptop or cell phone recovered from a crime scene or digital evidence that needs to be copied and kept on police servers, Nhan said.
“Any type of crime scene requires some form of data storage, so this is becoming increasingly important,” he said. “As computing requirements increase, storage will be a problem; only keeping digital data will be a problem in the future.”
Nhan said modernized data storage practices include paid “cloud storage services” that automatically back up data and upload large amounts of footage such as video from police cameras. These systems create copies and “multiple layers of redundancy” of the data that help restore files if they are lost.
“If [police departments] If you have a careful IT department, this data is backed up more than once, ”said Nhan.
Ed Claughton, chief executive officer of PRI Management Group, a firm that provides law enforcement agencies with file management, IT and criminal data advice, said data loss typically occurs when data is uploaded or migrated to a new system or server. I’ve never seen such a large amount of data being lost.
Claughton said the best containment measure against data loss is a “two-party validation process,” which requires two people to approve or review each step of the transfer or deletion of data. He also suggested that departments “map” where data is stored and back up all critical data before it is deleted from anywhere.
The city said it is doing a “top-to-bottom assessment” to improve its systems and processes and is now requiring that two people, not one, perform file transfers to ensure no steps are missed – im Consistent with Claughton’s recommendations.
[ad_1]
