[ISN] Official reprimanded in DOE hacker case

From: InfoSec News (alerts@private)
Date: Fri Jul 21 2006 - 02:43:04 PDT


July 20, 2006

WASHINGTON -- Energy Secretary Samuel Bodman has reprimanded a senior 
official because 1,502 nuclear weapons workers were not told for nearly 10 
months that their Social Security numbers and other information had been 
stolen by a computer hacker.

The action came as the department's inspector general blamed a breakdown 
in communications and poor management judgment for the failures to 
properly respond to the theft.

The IG report also said there was a "lengthy delay in the department's 
assessment of the impact" of the improper penetration of the National 
Nuclear Security Administration's computers at a service center in 
Albuquerque, N.M., last September.

The incident was not made public, nor were the individuals whose 
information had been compromised informed, until June.

"These employees were not well served this department," said Bodman, who 
apologized to them.

The senior official who was reprimanded was not identified.

NNSA Administrator Linton Brooks, who was interviewed extensively by the 
IG investigators and named in the report, has acknowledged that he learned 
of the computer file theft last September but did not tell his superiors 
at the DOE.

The IG report said Brooks, a former ambassador and nuclear arms 
negotiator, "took full responsibility" for the failure to inform Bodman 
and his deputy about the theft and acknowledged that he was the most 
senior official responsible for not following up to ensure the workers 
were notified of the theft.

The IG investigators identified seven other senior officials "who shared 
some level of responsibility for the way in which the matter was handled," 
said a summary of the report.

Bodman said there may be further disciplinary action, but he added that 
with the changes he has ordered - based on the IG's recommendations - "the 
department is putting this incident behind it and moving forward."

The NNSA is a semiautonomous agency within the department and oversees the 
nuclear weapons programs. The workers whose information was compromised 
worked for contractors at NNSA facilities around the country.

The incident was first made public at a June 9 congressional hearing. 
Bodman has said he and his top deputy first learned of the theft two days 
before the hearing.

At the time, Rep. Joe Barton, R-Texas, chairman of the Energy and Commerce 
Committee, demanded that Brooks, the No. 3 official at the Energy 
Department, be fired for not promptly informing his superiors of the 

The IG report said the "department's handling of this matter was largely 
dysfunctional" and blamed the communications breakdown on "questionable 
management judgments" and confusion among some managers about lines of 
authority as they involved the semi-independent NNSA and other DOE 

It's not known whether any of the information on the files has been used 
improperly. Nor has there been a great deal of information made public 
about the theft. Although the theft occurred from the NNSA's unclassified 
computer system - and not the weapons-related classified system - the full 
IG report remains classified and only a brief summary was released.

Brooks told the congressional hearing in June that the file contained 
names, Social Security numbers, date-of-birth information, a code where 
the employees worked and codes showing their security clearances.

The IG report called on the department to establish a clear and 
unambiguous policy on notifying employees of such thefts in the future.

It also said it needed to more clearly define who among various DOE 
offices - some of which are duplicated within NNSA and other parts of the 
DOE - is responsible for briefing the secretary and deputy in such 

Attend the Black Hat Briefings and
Training, Las Vegas July 29 - August 3
2,500+ international security experts from 40 nations,
10 tracks, no vendor pitches.

This archive was generated by hypermail 2.1.3 : Fri Jul 21 2006 - 03:03:04 PDT