[prev in list] [next in list] [prev in thread] [next in thread]
List: isn
Subject: [ISN] Lax and Lazy At Los Alamos
From: InfoSec News <alerts () infosecnews ! org>
Date: 2007-06-27 6:14:07
Message-ID: Pine.LNX.4.61.0706270113550.24551 () conundrum ! infosecnews ! org
[Download RAW message or body]
http://www.msnbc.msn.com/id/19418769/site/newsweek/
By John Barry
Newsweek
June 25, 2007
June 25, 2007 - What's going on at Los Alamos? The nation's premier
nuclear-weapons laboratory appears plagued with continuing security
problems. Barely 10 days after revelations of a leak of highly
classified material over the Internet, NEWSWEEK has learned of two other
security breaches.
In late May, a Los Alamos staffer took his lab laptop with him on
vacation to Ireland. A senior nuclear official familiar with the inner
workings of Los Alamoswho would not be named talking about internal
matterssays the laptop's hard drive contained "government documents of a
sensitive nature." The laptop was also fitted with an encryption card
advanced enough that its export is government-controlled. In Ireland,
the laptop was stolen from the vacationer's hotel room. It has not been
recovered. This source adds that Los Alamos has started a frantic
effort to inventory all its laptops, calling in most of them and
substituting nonportable desktop models. (The sources account was
confirmed by a midlevel Los Alamos official who also requests anonymity
owing to the sensitivity of the subject.)
Then, 10 days ago, a Los Alamos scientist fired off an e-mail to
colleagues at the Nevada nuclear test site. The scientist works in Los
Alamos's P Division, which does experimental physics related to weapons
design, a lab source says. The material he e-mailed was "highly
classified," the same source says. But he sent his e-mail over the open
Internet, rather than through the secure defense network.
These incidents come as Los Alamos is still reeling from the revelation
that, in January, half a dozen board members of the company that manages
the lab circulatedover the Internetan e-mail to each other containing
the most highly classified information about the composition of
America's nuclear arsenal. The two sources tell NEWSWEEK that the
e-mail concerned what the weapons community calls "special nuclear
materials," the other ingredients besides uranium or plutonium at the
core of nuclear weapons. The sources confirm to NEWSWEEK that the breach
was rated "category one," meaning it posed "the most serious threats to
national security interests."
Los Alamos spokesman Jeff Berger referred questions about the January
breach to the Department of Energy or its specialist agency, the
National Nuclear Security Administration. Regarding the e-mail to the
Nevada test site, Berger said: "The purported incident is under
investigation; it would be inappropriate to comment." As for the laptop
stolen in Ireland, Berger confirmed the event, but said "information
contained on the computer was of sufficiently low sensitivity that, had
the employee followed proper laboratory procedure, he would have been
authorized to take it to Ireland." About the encryption card, Berger
said: "Ireland is a country that wouldn't have posed any export
problems." He confirmed that, in the wake of this incident, Los Alamos
is "in the process of narrowly restricting the use of laptops for
foreign travel," while also working "to strengthen our employees'
awareness of their responsibilities for protecting government equipment
and the proper laboratory procedures for off-site usage."
Bryan Wilkes, spokesman for the National Nuclear Security
Administration, said that, in taking his laptop to Ireland, the employee
"did violate lab policy"though Wilkes confirmed that, had the employee
asked, permission would have been granted. Wilkes declined to comment
for the record on the Nevada e-mail. Regarding the circulation in
January of highly classified weapons information over the Internet,
Wilkes said that everything the department had to say on the matter
could be found in a June 15 letter sent by Energy Secretary Samuel
Bodman to Rep. John Dingell, chair of the House Energy & Commerce
Committee, which oversees the nuclear weapons complex.
"I can affirm that an individual did in fact unintentionally transmit
sensitive information through an unsecured e-mail system," Bodman wrote
Dingell. But Bodman played down its significance: "While serious, the
incident in question was the result of human error, not a failure of
security systems. The Department makes every effort to minimize
inadvertent human errors, but we recognize that such errors may occur
from time. Therefore, we have a robust system in place to report and
investigate potential violations. In my opinion this is a circumstance
where those systems worked well."
Bodman's professed reassurance is unlikely to satisfy those peoplemany
within the nuclear weapons communitywho are concerned by what appears to
be a pattern of security problems at Los Alamos stretching back some
years. "Boys will be boys, seems to be Bodman's message," one very
senior figure in the weapons community said sarcastically: "I doubt that
will appease John Dingell." Dingell's staff was unable to respond by
deadline to a request for comment. But Dingell has talked in the past
of his concerns at what seems to be deeply rooted problems at Los
Alamos. Appearing in January before one of Dingell's sub-committees,
Thomas D'Agostino, deputy administrator for weapons programs at the
NNSA, agreed that successive security breaches at Los Alamos pointed to
a failure of what he called "the security culture" there.
D'Agostino promised tough action: "Make no doubt about this. If the
current laboratory management is unable or unwilling to change the
security culture at LANL, I will use every management tool available to
me" to force action, he said in testimony.
(c) 2007 MSNBC.com
_____________________________________________________
Attend Black Hat USA, July 28-August 2 in Las Vegas,
the world's premier technical event for ICT security
experts. Featuring 30 hands-on training courses and
90 Briefings presentations with lots of new content
and new tools. Network with 4,000 delegates from
70 nations. Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on
June 1 so register today. http://www.blackhat.com
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic