[ISN] New security breach revealed

From: InfoSec News (alerts@private)
Date: Sun Jun 17 2007 - 23:05:56 PDT


http://www.lamonitor.com/articles/2007/06/15/headline_news/news01.txt

By ROGER SNODGRASS 
Monitor Assistant Editor
June 17, 2007

Reports of a major breach of security involving the board of directors 
of the corporation managing Los Alamos National Laboratory came to light 
Thursday.

The chairman of the House Energy and Commerce Committee that oversees 
the nuclear complex wrote to Energy Secretary Samuel Bodman citing 
information obtained by committee staff from sources outside the 
department.

The letter expressed concern that information about the breach, reported 
on Jan. 19, 2007, was withheld from the committee, despite two 
subcommittee hearings that were held in the meantime for the express 
purpose of investigating security practices at LANL.

Largely because of a series of security problems in the past, the 
contracts for LANL and its sister laboratory Lawrence Livermore National 
Laboratory were put out to bid. LANL's contract was awarded to Los 
Alamos National Security, (LANS), LLC, and they assumed responsibility 
on June 1, 2006.

"Apparently, open e-mail networks were used by several LANS officials to 
share classified information relating to the characteristics of nuclear 
material in nuclear weapons," wrote committee chair John Dingle, 
D-Mich., to Bodman, in a letter detailing what the committee knows now.

An article in Time magazine, first to publish the story on Thursday, 
said the highly sensitive message at issue came from the laptop computer 
of Harold P. Smith, a LANS consultant. The article said at least five 
LANS board members received the e-mail.

The reported breach was rated as an Impact Measurement Index 1 (IMI-1) 
security incident, a reportable incident which "poses the most serious 
threats to national security interests and/or critical DOE assets or 
creates serious security situations."

According to DOE guidelines, IMI-1 is "the most serious of the four 
categories of security incidents, established by DOE's Safeguards and 
Security Program Planning and Management manual dated Aug. 26, 2005."

It is characterized by "actions, inactions, or events that pose the most 
serious threats to national security interests and/or critical DOE 
assets, create serious security situations, or could result in deaths in 
the workforce or general public."

For comparison, IMI-2 involves those incidents "that potentially create 
dangerous situations."

According to Dingell's letter, a University of California official 
notified the National Nuclear Security Administration about the breach 
on Jan. 19. NNSA is the agency that supervises the nuclear complex for 
DOE. NNSA deployed a team from Lawrence Livermore National Laboratory to 
"identify, recover and sanitize the computer laptops and hardware 
involved in the incident," Dingell wrote.

LANS also began an investigation, completing a report conducted by LANL 
employees on May 18.

LANL and NNSA have both declined comment on the issue, citing federal 
law.

"For reasons of national security and consistent with federal law and 
the Laboratory's own longstanding policy, Los Alamos National Security, 
LLC, will not discuss the details of any purported security violation of 
vulnerability, regardless of whether it exists," stated Jeff Berger, 
director of the LANL Communications Office in a prepared statement 
Thursday afternoon.

Bryan Wilkes, spokesperson for NNSA, in a prepared message Thursday, 
said much the same thing, adding that NNSA holds "our sites to very high 
levels of accountability when it comes to security."

He stated, "If procedures are found to have been violated, then 
appropriate actions are taken."

Peter Stockton, chief investigator for the Project on Government 
Oversight said he was concerned that NNSA had allowed LANL to 
investigate its own incident.

"The first guy to the document and the witnesses can steer the 
investigation," he said. "They should have had federal guys out there to 
do that, whether it's the FBI or capable people from the Inspector 
General."

POGO has specialized in safety and security incidents in the weapons 
complex and executive director Danielle Brian testified during the 
hearing on Jan. 30.

Dingell's letter to Bodman requested answers to questions and additional 
documents, including a briefing and access to the investigation inquiry 
and an unclassified version of the report for the committee.

Additionally, Bodman was asked to explain NNSA failure to notify the 
committee, and to emphasize the point, requested a list and summary 
descriptions of all reportable security incidents at LANL since June 30, 
2006.

At the time the e-mail incident was being reported to NNSA, the House 
was preparing to hold the first of two investigative hearings they 
conducted into security problems at LANL earlier this year. The first 
one on Jan. 30 focused on classified material found in a Los Alamos 
mobile home during a drug investigation.

Thursday's article in Time magazine erroneously reported that "police 
stumbled on 1,500 highly classified nuclear weapons designs stashed in a 
trailer park near the lab..."

In fact, the police found computer storage devices known as jump drives 
and pages of classified documents.

Thomas D'Agostino, who was named acting NNSA administrator on Jan. 20, 
the day after the undisclosed breech occurred, was nominated to become 
deputy administrator and administrator of NNSA on May 17, the day before 
a report was completed on the LANS e-mail violation.

In the acting capacity, D'Agostino replaced former administrator Linton 
Brooks, whose resignation was linked to the previous breach of security.

The New Mexico Congressional delegation expressed concerns about the new 
revelations.

Sen. Pete Domenici, R-N.M., referring to the Time article said he was 
once again "troubled and disappointed."

He cautioned those who might try to use it "as another excuse to punish 
the entire laboratory," but he traced the root of a particular 
shortcoming by which sensitive material is still technically able to 
migrate to unclassified computers.

Sen. Jeff Bingaman, D-N.M., said in his statement, "I am deeply 
disturbed that it happened even after extensive security measures were 
to have been put in place at the laboratory, and that I would have to 
learn about it from a news account."

"I have no doubt the LANL community is as tired and frustrated with 
these repeated incidents as I am," said Rep. Tom Udall, D-N.M. in a 
statement on LANL security.

He continued, "Enough is enough, and for the sake of the lab's future, 
those who are responsible must be held accountable to put an end to this 
broken record of breaches."


_____________________________________________________
Attend Black Hat USA, July 28-August 2 in Las Vegas, 
the world's premier technical event for ICT security 
experts. Featuring 30 hands-on training courses and 
90 Briefings presentations with lots of new content 
and new tools. Network with 4,000 delegates from 
70 nations.   Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on 
June 1 so register today. http://www.blackhat.com



This archive was generated by hypermail 2.1.3 : Sun Jun 17 2007 - 23:18:39 PDT