Copier/Printer May Present Information Security Risks
By DON CIO Privacy Team - Published, October 6, 2009
Two recent personally identifiable information (PII) breach incidents involving the turn in of reproductive office equipment highlight the fact that many people do not know that copiers and printers present information security challenges.
Many copiers, printers and multifunction reproductive machines manufactured today have hard drives capable of storing documents that have been scanned, printed or faxed as digitized documents. These machines are often connected to Department of the Navy networks to ease workload and increase efficiency. The purpose of this Privacy Tip is to increase awareness regarding the breach potential of PII and other sensitive information and some best practice safeguards that users should consider to better safeguard information. This information will be superseded by a new DON policy currently in draft and under review.
Reproductive office equipment manufactured during the past seven years uses hard drives that store digital images. While much of the hard drive space is used for processing, once the hard drive memory has been exceeded, files are automatically overwritten. "Cap points" limit the number of pages stored to hard drives, and the cap limitation can vary on each make and model number. Small print jobs may only be stored in random access memory (RAM), depending on the type of machine, and the files are overwritten with each new print request or are lost when the machine is powered off. The newest reproductive office
equipment may advertise that their hard drives use encryption software to safeguard the data, but as of this writing, that encryption capability is not DON approved. Approved DON encryption solutions, such as Guardian Edge, do not encrypt reproductive equipment hard drives. Ownership of the copier/printer equipment may also present challenges when equipment is repaired or when turned in for replacement. DON copiers/printers and multifunction machines are either leased from a vendor or are Government owned.
Networked reproductive office equipment has also been in use for the past several years and is subject to some of the same vulnerabilities that affect IT systems on the network, including attacks by hackers and susceptibility to the use of malicious software and viruses.
Stand-alone facsimile or FAX machine memory is generally non-volatile and is lost as soon as the machine is turned off.
Tighter policy controls regarding the turn in of this equipment are currently in draft. Prior to the release of new policy guidance by the DON CIO, the following should be considered as a best practice.
For CLASSIFIED copiers/printers: Guidance for reproductive equipment can be found in SECNAV M-5510.36, para 7-15(2), (3).
For UNCLAS copiers/printers:
- Identify the hard drive capabilities of your photographic equipment and educate office personnel with that information.
- For Government-owned equipment, hard drives should be removed and physically destroyed prior to disposal. Hard drives are not easily accessible, so removal will probably require a technician to accomplish. Future DON guidance will require that all hard drives be physically destroyed when equipment is turned in prior to disposal.
- For leased equipment, the hard drives should be reformatted to remove all data on printer/copier hard drives. Refer to the manual or service technician for the reformatting process. Future DON guidance may address new vendor contract language that requires removal and physical destruction of the hard drive before the equipment leaves Government control.
- Place a sticker or placard on the copier/printer with a banner: "Warning, this Government-owned copier uses a hard drive that must be physically destroyed prior to turn-in" or "Warning, this leased copier uses a hard drive that must be reformatted prior to turn-in."