http://www.abqtrib.com/archives/news04/071004_news_lanl.shtml By Sue Vorenberg Tribune Reporter July 10, 2004 Los Alamos National Laboratory continues to be plagued with missing computer devices. On Wednesday, the lab discovered two missing devices - called CREMs - from its Weapons Physics Directorate. This on the heels of a May announcement that another device was missing and several announcements in 2003 that a total of 10 devices had vanished. "Security is of the utmost importance at the laboratory," said Lab Director Pete Nanos. "In order to operate effectively, this apparent lack of attention to CREM issues must be dealt with swiftly and decisively. At my direction there will be a full inquiry into how and why this has occurred." That might include the firing of those found accountable during the investigation, he said. CREM is an acronym for Classified Removable Electronic Media, which is used to transfer data on computer systems. They can be a variety of things including CDs, floppy disks and flash memory cards. For security reasons, Los Alamos could not release what type of media they were, or what was on them, spokesman Kevin Roarke said. "It's a very serious issue," Roarke said. "The past two CREM incidents before this in the last eight months or so were part of larger groups of items slated for destruction. This is different. These items were in use at the lab and not slated for destruction." Roarke said it is too soon to tell whether the devices were stolen. Why they were taken, or what happened to them, will come out in the investigation, Roarke added. Pete Stockton, a senior investigator at the Project on Government Oversight, says his group recommended the Department of Energy stop using the devices in 2001, because of the potential for data theft. "We recommended that to the National Nuclear Security Administration and they squashed the idea," Stockton said. "Now it's coming up again - only several years behind, but what the hell." The University of California, which operates the lab, and Nanos are working toward eliminating the use of the devices. "We're estimating it will cost somewhere between $26 million and $30 million over a three- to four-year time period," Roarke said. "But Director Nanos has said he wants to be very aggressive about this." The ongoing problems could be problematic for the University of California, which is competing for the contract to operate Los Alamos. The contract goes up for bid in late 2005. The Department of Energy decided to open that contract for bid - even though the university has operated Los Alamos for 60 years - in the wake of a series of security scandals dating back to 1999. "When folks look at the competition the emphasis will be on the science and technology at the lab, which we're proud of, and not just security," said Chris Harrington, a university spokesman. "But security is important, and that's why we're trying to implement several new policies and procedures to fix these problems." Eliminating the devices is part of the policy changes, as is adding more training classes for employees on the proper use of computer media, Harrington added. The National Nuclear Security Agency has sent a team to Los Alamos to investigate the incident. About 20 people had access to the device, but that doesn't mean all or even most of them are guilty, Roarke said. "Everybody deserves a chance at due process," he said. Those that are responsible can expect harsh consequences, Nanos said. "Our ability to safeguard classified materials rests first and foremost with the individual staff members who handle, maintain and use these items," Nanos said. "In all cases, they have been given a special confidence and trust that requires meticulous attention to detail, strict adherence to all relevant standards and procedures and, most importantly, an attitude of zero tolerance." _________________________________________ Help InfoSec News with a donation: http://www.c4i.org/donation.html
This archive was generated by hypermail 2.1.3 : Tue Jul 13 2004 - 04:32:02 PDT