[ISN] LANL Clamping down on security

From: mea culpa (jerichoat_private)
Date: Tue Feb 23 1999 - 06:42:56 PST

  • Next message: mea culpa: "[ISN] Privacy Hack on Pentium III"

    Forwarded From: shadowvrai@trust-me.com
    Saturday, February 20, 1999 
    LANL Clamping Down on Access From Internet 
    By Ian Hoffman
    Los Alamos National Laboratory is clamping down on computer security,
    decreasing the amount of information the public has access to on the
    By March 15, the federal nuclear weapons lab will reverse years of
    treating information on its unclassified computer network as open and
    public, unless it was specifically designated secret or confidential.
    Instead, all unclassified lab information will go behind a protective
    "firewall" unless lab executives and security officers specifically
    approve its release onto the Internet.
    That data will be unavailable to the public without a password or
    exceptional hacking skills.
    Critics of government secrecy view the lab's newly tightened computer
    security as a largely political move, devised to appease Congress.
    "This is not an area they've neglected in the past. There were already
    rigorous controls in place. If these were not sufficient, it points to a
    bigger problem," said Steve Aftergood, head of the Project on Government
    Secrecy for the Federation of American Scientists in Washington, D.C.
    "Either the classification system is not working properly or they're
    overstepping their bounds."
    But officials with the lab and the U.S. Department of Energy argue the
    public won't really see a difference. "We don't see this as hindrance to
    our general policy of openness and appropriate declassification of
    information," said Rush Inloe, deputy manager of DOE's Albuquerque office. 
    By lab estimates, the public will be able to tap into 80 percent fewer lab
    computers than in the past. That means the Internet-going public is likely
    to see and read less of LANL's activities. 
    Lab memos and publications blame the change in policy on computer hackers,
    but officials declined to discuss that aspect. 
    "The growing number of attempted attacks is forcing us to change this
    model," reads an article in LANL's Bits newsletter. "At the direction of
    (LANL director) John Browne, we are now implementing a restrictive network
    firewall that will shield laboratory machines from known threats. . . . By
    default, laboratory machines will be behind this firewall."
    Hacker assaults on LANL have climbed dramatically since 1995.
    "We get the doors rattled and knocked on every day,"  Charlene Douglass,
    the lab's computer-security chief, said last year.
    But, LANL employees failing to abide by classification rules appear to
    pose a greater threat to computer security. In 1998 alone, Los Alamos
    reported to the U.S. Department of Energy that classified information was
    "compromised" from its unclassified network on 40 occasions. Lab
    employees, not hackers, were responsible for most of those revelations.
    The majority of secret data at Los Alamos resides in a smaller, secure
    computer network that is physically separate -- "air gapped" in lab lingo
    -- from the unclassified network. By and large, classified information is
    not supposed to be available on LANL's unclassified, "open" network.
    Jim Danneskiold, a lab spokesman, declined to comment on those security
    But Energy Department officials confirmed that in most of those 40 cases
    where secret information was compromised, lab employees failed to check
    with a classification officer and inadvertently sent classified
    information out by e-mail or, less frequently, posted the information on
    the unclassified network. 
    The lab's change in policy -- building an electronic wall around its
    network -- would not stop such information losses.
    Under the lab's new security system, the unclassified network will become
    two networks -- a "blue" network termed "open but protected" and a "green"
    network that is fully open and Internet accessible.
    The two are separated by a firewall, analogous to a computerized lock that
    recognizes only certain keys and rejects all others. This will be the
    primary barrier to hacker assaults.
    But a firewall is virtually useless for stopping e-mail containing
    classified information.
    "It's not going to address that problem," said Aftergood, an analyst of
    government information policy with the Federation of American Scientists
    for nine years.
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:19:47 PDT