COLORADO COMPUTERS STOLEN AT FORT CARSON MILITARY BASERocky Mountain News: OpinionSpeakout: Fort Carson security compromised
By Michael S. Woodson
October 10, 2005

There's a serious security gap at the Fort Carson U.S. Army post south of Colorado Springs. Maj. Mary Martindale, deputy adjutant general at Fort Carson for the Army's Installation Management Agency, confirmed that recent computer thefts hit the mountain post's Personnel Readiness Processing Center, the Directorate of Public Works and the Staff Judge Advocate General offices. Reports about the thefts had appeared in the Fort Carson newspaper, Mountaineer ("Carson break-in raises identity theft concerns," Sept. 9) and in the Rocky Mountain News ("Fort Carson records stolen/Soldiers, civilians are urged to watch for signs of fraud," Sept. 13).

Fort Carson deploys large numbers of combat infantry and armored cavalry troops in Iraq, Afghanistan and elsewhere.

Troops possibly affected by the personnel records theft would be all active, reserve and National Guard troops processed through the post's Personnel Readiness Processing Center in 2005.

It is more than the credit and identity-theft issue that Fort Carson spokespersons have emphasized to the press. It is also a homeland security issue. The Homeland Security Department in its Sept. 14 Daily Open Source Infrastructure Report posted online at http://www.dhs.gov/interweb/assetlibrary/DHS_Daily_Report_2005-09-14.pdf- "a summary of open source published information concerning significant critical infrastructure issues" - included the News' Sept. 13 report on the personnel records thefts at Fort Carson.

Apparently, thieves were able to break in through an unlocked rear window of the Personnel Readiness Processing Center, according to Martindale, who provided an unclassified Force Protection Advisory sent out to her following the Fort Carson thefts.

The Force Protection Advisory referred only to a "single CONUS \[Continental U.S.] Army post" but stated that "Unknown persons forced their way into the Directorate of Public Works and then broke into secured offices within the building and stole several computers . . . into the Staff Judge Advocate Office and stole desktop and laptop computers . . . cut a screen and entered a Soldier Readiness facility through a window. The subjects disassembled four computers and stole the processors; hard drives; memory SDRAMS, and CD-RW drives. These hard drives contained personal identifying information of soldiers." This account echoes what Martindale said happened at Fort Carson, and the Mountaineer report.

The advisory went on to state: "The incidents reveal the following vulnerabilities: Personal information is not being properly safeguarded and this could lead to the theft of soldier identities that could be exploited for criminal or terrorist purposes."

What sort of data was lost? Martindale, a human resources officer, said that the hard drives had soldiers' Social Security numbers, units, birthdates, ranks, military specialties, and citizenship information. Soldiers' personal data must be safeguarded not just to protect them from financial abuse, but to keep criminals or terrorists from using the information to track down their families, use it against them in psychological operations in Iraq, or to get to them directly in Iraq.

Yet, there may be more bad news. The Directorate of Public Works seems like a mundane infrastructure agency until you read the the "7ID & Fort Carson 7ID & Fort Carson Regulation 525-2-3" dated Dec. 30, 2002, and posted online (http://www.carson.army.mil/Doimlink/FC%20Regs/FC%20Reg%20525-2-3.doc). It sets forth - in detail - the role of the directorate during a mass casualty response.

Such sensitive information about building, utility, drainage, conduit, crawlspace and other public works plans could open the post to infiltration or strategic bomb placement by terrorists. Mass casualty plans in terrorist hands could also set up responders for ambush.

So far, Fort Carson and the Army's Criminal Investigation Division spokespersons have kept quiet about the progress in the investigations. Chris Grey, CID spokesman, returned my call to say that the division's policy is not to comment on ongoing investigations.

But the information compromised by the thefts, if it found its way to the enemy about soldiers serving in Iraq or Afghanistan, or about Fort Carson itself, could be very dangerous indeed, as confirmed by the Force Protection Advisory.

In the meantime, who are Fort Carson's gatekeepers? Wackenhut has replaced military policemen at Fort Carson's gates according to one civilian employee I spoke with. In fact, with MP battalions deployed in Iraq, private security contractors are in wide use at many military bases. The question echoes loudly: How could potentially sensitive computer thefts happen during an elevated Department of Homeland Security yellow security alert status on a post as important as Fort Carson?
Whether it is a shortage of military police stateside or a contractor problem, it is a serious security failure.

Michael S. Woodson writes about public affairs. He is a contributing editor to DefenseWatch Magazine at : www.SFTT.org.