[ISN] Nukes: A Lesson From Russia

From: InfoSec News (isnat_private)
Date: Thu Jul 12 2001 - 03:14:30 PDT

  • Next message: InfoSec News: "[ISN] cDc-Hacktivismo FAQ v1.0"

    http://www.washingtonpost.com/wp-dyn/opinion/A44053-2001Jul10.html
    
    By Bruce G. Blair
    Wednesday, July 11, 2001; Page A19 
    
    Although the United States spends nearly $1 billion every year to help
    Russia protect its vast storehouse of nuclear weapons materials from
    theft or sale on the black market, few Americans know how this aid
    helps strengthen America's own nuclear safeguards.
    
    Russian experts at the Kurchatov Institute, the renowned nuclear
    research center in Moscow, recently found what appears to be a
    critical deficiency in the internal U.S. system for keeping track of
    all bomb-grade nuclear materials held by the Energy Department --
    enough material for tens of thousands of nuclear bombs.
    
    Kurchatov scientists discovered a fatal flaw in the Microsoft software
    donated to them by the Los Alamos National Laboratory. This same
    software has been the backbone of America's nuclear materials control
    system for years. The Russians found that over time, as the computer
    program is used, some files become invisible and inaccessible to the
    nuclear accountants using the system, even though the data still exist
    in netherworld of the database. Any insider who understood the
    software could exploit this flaw by tracking the "disappeared" files
    and then physically diverting, for a profit, the materials themselves.
    
    After investigating the problem for many months, the Russians came to
    believe that it posed a grave danger and suspended further use of the
    software in Russia's accounting system. By their calculations, an
    enormous amount of Russia's nuclear material -- the equivalent of many
    thousands of nuclear bombs -- would disappear from their accounting
    records if Russia were to use the flawed U.S. software program for 10
    years.
    
    Then, in early 2000, they did something they didn't have to do: They
    warned the United States, believing that an analogous risk must exist
    in the U.S. system. Although neither Los Alamos nor the U.S.
    Department of Energy has publicly acknowledged the possibility that
    innumerable files on American nuclear materials might have
    disappeared, the Russian warning caused shock waves at the highest
    levels of the Energy Department.
    
    Unlike the Russians, who did not throw away their manual records of
    their nuclear stockpile -- the infamous shoe box and hand-receipt
    system that U.S. assistance was intended to supersede -- the United
    States has long since discarded its old written records. To
    reconstruct a reliably accurate accounting record, the Energy
    Department may need to inspect all of America's nuclear materials -- a
    huge task that could cost more than $1 billion and still might not
    detect the diversion of some material, should it have occurred.
    
    The importance of the goodwill and trust that had grown up between
    American and Russian nuclear experts over years of working together in
    this area is clear. When the Russian scientists first discovered the
    computer flaw, the initial reaction in some high-level Moscow circles
    was to suspect an American Trojan horse, a bug planted deliberately to
    undermine Russian security. After complaints by their Russian
    counterparts, scientists at Los Alamos suggested that the Russian
    scientists instead use a later version of the same program. Kurchatov
    then discovered the upgraded program not only contained the same bug
    (though much less virulent) but also had a critical security flaw that
    would allow easy access to the sensitive nuclear database by hackers
    or unauthorized personnel.
    
    But trust overrode suspicion. The Russians concluded that the glitches
    were innocent errors, not devious traps. Thus, they feared the U.S.
    database, unbeknown to Americans, was not only prone to lose track of
    nuclear materials but was also accessible to unauthorized users.
    Russia reported both problems to Los Alamos, which subsequently
    verified the defects, as did Microsoft. Though a fix remains elusive,
    Kurchatov scientists also have shared a partial repair they developed.
    
    This Russian feedback may be causing American embarrassment -- U.S.
    officials apparently have tried to muzzle the Russians and censor
    their scientific papers on the fiasco -- but it surely represents a
    high return on the American investment in Russian nuclear security.
    The lesson is that nuclear cooperation is a two-way street, is paying
    off and deserves continuing support.
    
    The writer, a former Minuteman missile launch officer, is president of
    the Center for Defense Information.
    
    
    
    
    ISN is hosted by SecurityFocus.com
    ---
    To unsubscribe email isn-unsubscribeat_private
    



    This archive was generated by hypermail 2b30 : Thu Jul 12 2001 - 03:28:56 PDT