http://seattlepi.nwsource.com/national/1152AP_File_Theft.html By H. JOSEF HEBERT ASSOCIATED PRESS WRITER July 20, 2006 WASHINGTON -- Energy Secretary Samuel Bodman has reprimanded a senior official because 1,502 nuclear weapons workers were not told for nearly 10 months that their Social Security numbers and other information had been stolen by a computer hacker. The action came as the department's inspector general blamed a breakdown in communications and poor management judgment for the failures to properly respond to the theft. The IG report also said there was a "lengthy delay in the department's assessment of the impact" of the improper penetration of the National Nuclear Security Administration's computers at a service center in Albuquerque, N.M., last September. The incident was not made public, nor were the individuals whose information had been compromised informed, until June. "These employees were not well served this department," said Bodman, who apologized to them. The senior official who was reprimanded was not identified. NNSA Administrator Linton Brooks, who was interviewed extensively by the IG investigators and named in the report, has acknowledged that he learned of the computer file theft last September but did not tell his superiors at the DOE. The IG report said Brooks, a former ambassador and nuclear arms negotiator, "took full responsibility" for the failure to inform Bodman and his deputy about the theft and acknowledged that he was the most senior official responsible for not following up to ensure the workers were notified of the theft. The IG investigators identified seven other senior officials "who shared some level of responsibility for the way in which the matter was handled," said a summary of the report. Bodman said there may be further disciplinary action, but he added that with the changes he has ordered - based on the IG's recommendations - "the department is putting this incident behind it and moving forward." The NNSA is a semiautonomous agency within the department and oversees the nuclear weapons programs. The workers whose information was compromised worked for contractors at NNSA facilities around the country. The incident was first made public at a June 9 congressional hearing. Bodman has said he and his top deputy first learned of the theft two days before the hearing. At the time, Rep. Joe Barton, R-Texas, chairman of the Energy and Commerce Committee, demanded that Brooks, the No. 3 official at the Energy Department, be fired for not promptly informing his superiors of the theft. The IG report said the "department's handling of this matter was largely dysfunctional" and blamed the communications breakdown on "questionable management judgments" and confusion among some managers about lines of authority as they involved the semi-independent NNSA and other DOE offices. It's not known whether any of the information on the files has been used improperly. Nor has there been a great deal of information made public about the theft. Although the theft occurred from the NNSA's unclassified computer system - and not the weapons-related classified system - the full IG report remains classified and only a brief summary was released. Brooks told the congressional hearing in June that the file contained names, Social Security numbers, date-of-birth information, a code where the employees worked and codes showing their security clearances. The IG report called on the department to establish a clear and unambiguous policy on notifying employees of such thefts in the future. It also said it needed to more clearly define who among various DOE offices - some of which are duplicated within NNSA and other parts of the DOE - is responsible for briefing the secretary and deputy in such matters. _________________________________ Attend the Black Hat Briefings and Training, Las Vegas July 29 - August 3 2,500+ international security experts from 40 nations, 10 tracks, no vendor pitches. www.blackhat.com
This archive was generated by hypermail 2.1.3 : Fri Jul 21 2006 - 03:03:04 PDT