Forwarded From: shadowvrai@trust-me.com http://www.abqjournal.com/scitech/1sci02-20.htm Saturday, February 20, 1999 LANL Clamping Down on Access From Internet By Ian Hoffman Los Alamos National Laboratory is clamping down on computer security, decreasing the amount of information the public has access to on the Internet. By March 15, the federal nuclear weapons lab will reverse years of treating information on its unclassified computer network as open and public, unless it was specifically designated secret or confidential. Instead, all unclassified lab information will go behind a protective "firewall" unless lab executives and security officers specifically approve its release onto the Internet. That data will be unavailable to the public without a password or exceptional hacking skills. Critics of government secrecy view the lab's newly tightened computer security as a largely political move, devised to appease Congress. "This is not an area they've neglected in the past. There were already rigorous controls in place. If these were not sufficient, it points to a bigger problem," said Steve Aftergood, head of the Project on Government Secrecy for the Federation of American Scientists in Washington, D.C. "Either the classification system is not working properly or they're overstepping their bounds." But officials with the lab and the U.S. Department of Energy argue the public won't really see a difference. "We don't see this as hindrance to our general policy of openness and appropriate declassification of information," said Rush Inloe, deputy manager of DOE's Albuquerque office. By lab estimates, the public will be able to tap into 80 percent fewer lab computers than in the past. That means the Internet-going public is likely to see and read less of LANL's activities. Lab memos and publications blame the change in policy on computer hackers, but officials declined to discuss that aspect. "The growing number of attempted attacks is forcing us to change this model," reads an article in LANL's Bits newsletter. "At the direction of (LANL director) John Browne, we are now implementing a restrictive network firewall that will shield laboratory machines from known threats. . . . By default, laboratory machines will be behind this firewall." Hacker assaults on LANL have climbed dramatically since 1995. "We get the doors rattled and knocked on every day," Charlene Douglass, the lab's computer-security chief, said last year. But, LANL employees failing to abide by classification rules appear to pose a greater threat to computer security. In 1998 alone, Los Alamos reported to the U.S. Department of Energy that classified information was "compromised" from its unclassified network on 40 occasions. Lab employees, not hackers, were responsible for most of those revelations. The majority of secret data at Los Alamos resides in a smaller, secure computer network that is physically separate -- "air gapped" in lab lingo -- from the unclassified network. By and large, classified information is not supposed to be available on LANL's unclassified, "open" network. Jim Danneskiold, a lab spokesman, declined to comment on those security lapses. But Energy Department officials confirmed that in most of those 40 cases where secret information was compromised, lab employees failed to check with a classification officer and inadvertently sent classified information out by e-mail or, less frequently, posted the information on the unclassified network. The lab's change in policy -- building an electronic wall around its network -- would not stop such information losses. Under the lab's new security system, the unclassified network will become two networks -- a "blue" network termed "open but protected" and a "green" network that is fully open and Internet accessible. The two are separated by a firewall, analogous to a computerized lock that recognizes only certain keys and rejects all others. This will be the primary barrier to hacker assaults. But a firewall is virtually useless for stopping e-mail containing classified information. "It's not going to address that problem," said Aftergood, an analyst of government information policy with the Federation of American Scientists for nine years. -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:19:47 PDT