[ISN] Lax and Lazy At Los Alamos

From: InfoSec News (alerts@private)
Date: Tue Jun 26 2007 - 23:14:07 PDT


http://www.msnbc.msn.com/id/19418769/site/newsweek/

By John Barry
Newsweek
June 25, 2007

June 25, 2007 - What's going on at Los Alamos?  The nation's premier 
nuclear-weapons laboratory appears plagued with continuing security 
problems.  Barely 10 days after revelations of a leak of highly 
classified material over the Internet, NEWSWEEK has learned of two other 
security breaches.

In late May, a Los Alamos staffer took his lab laptop with him on 
vacation to Ireland.  A senior nuclear official familiar with the inner 
workings of Los Alamoswho would not be named talking about internal 
matterssays the laptop's hard drive contained "government documents of a 
sensitive nature."  The laptop was also fitted with an encryption card 
advanced enough that its export is government-controlled.  In Ireland, 
the laptop was stolen from the vacationer's hotel room.  It has not been 
recovered.  This source adds that Los Alamos has started a frantic 
effort to inventory all its laptops, calling in most of them and 
substituting nonportable desktop models. (The sources account was 
confirmed by a midlevel Los Alamos official who also requests anonymity 
owing to the sensitivity of the subject.)

Then, 10 days ago, a Los Alamos scientist fired off an e-mail to 
colleagues at the Nevada nuclear test site. The scientist works in Los 
Alamos's P Division, which does experimental physics related to weapons 
design, a lab source says. The material he e-mailed was "highly 
classified," the same source says.  But he sent his e-mail over the open 
Internet, rather than through the secure defense network.

These incidents come as Los Alamos is still reeling from the revelation 
that, in January, half a dozen board members of the company that manages 
the lab circulatedover the Internetan e-mail to each other containing 
the most highly classified information about the composition of 
America's nuclear arsenal.  The two sources tell NEWSWEEK that the 
e-mail concerned what the weapons community calls "special nuclear 
materials," the other ingredients besides uranium or plutonium at the 
core of nuclear weapons. The sources confirm to NEWSWEEK that the breach 
was rated "category one," meaning it posed "the most serious threats to 
national security interests."

Los Alamos spokesman Jeff Berger referred questions about the January 
breach to the Department of Energy or its specialist agency, the 
National Nuclear Security Administration. Regarding the e-mail to the 
Nevada test site, Berger said: "The purported incident is under 
investigation; it would be inappropriate to comment." As for the laptop 
stolen in Ireland, Berger confirmed the event, but said "information 
contained on the computer was of sufficiently low sensitivity that, had 
the employee followed proper laboratory procedure, he would have been 
authorized to take it to Ireland." About the encryption card, Berger 
said: "Ireland is a country that wouldn't have posed any export 
problems."  He confirmed that, in the wake of this incident, Los Alamos 
is "in the process of narrowly restricting the use of laptops for 
foreign travel," while also working "to strengthen our employees' 
awareness of their responsibilities for protecting government equipment 
and the proper laboratory procedures for off-site usage."

Bryan Wilkes, spokesman for the National Nuclear Security 
Administration, said that, in taking his laptop to Ireland, the employee 
"did violate lab policy"though Wilkes confirmed that, had the employee 
asked, permission would have been granted. Wilkes declined to comment 
for the record on the Nevada e-mail.  Regarding the circulation in 
January of highly classified weapons information over the Internet, 
Wilkes said that everything the department had to say on the matter 
could be found in a June 15 letter sent by Energy Secretary Samuel 
Bodman to Rep. John Dingell, chair of the House Energy & Commerce 
Committee, which oversees the nuclear weapons complex.

"I can affirm that an individual did in fact unintentionally transmit 
sensitive information through an unsecured e-mail system," Bodman wrote 
Dingell.  But Bodman played down its significance: "While serious, the 
incident in question was the result of human error, not a failure of 
security systems.  The Department makes every effort to minimize 
inadvertent human errors, but we recognize that such errors may occur 
from time. Therefore, we have a robust system in place to report and 
investigate potential violations.  In my opinion this is a circumstance 
where those systems worked well."

Bodman's professed reassurance is unlikely to satisfy those peoplemany 
within the nuclear weapons communitywho are concerned by what appears to 
be a pattern of security problems at Los Alamos stretching back some 
years. "Boys will be boys, seems to be Bodman's message," one very 
senior figure in the weapons community said sarcastically: "I doubt that 
will appease John Dingell." Dingell's staff was unable to respond by 
deadline to a request for comment.  But Dingell has talked in the past 
of his concerns at what seems to be deeply rooted problems at Los 
Alamos. Appearing in January before one of Dingell's sub-committees, 
Thomas D'Agostino, deputy administrator for weapons programs at the 
NNSA, agreed that successive security breaches at Los Alamos pointed to 
a failure of what he called "the security culture" there.

D'Agostino promised tough action: "Make no doubt about this. If the 
current laboratory management is unable or unwilling to change the 
security culture at LANL, I will use every management tool available to 
me" to force action, he said in testimony.

(c) 2007 MSNBC.com


_____________________________________________________
Attend Black Hat USA, July 28-August 2 in Las Vegas, 
the world's premier technical event for ICT security 
experts. Featuring 30 hands-on training courses and 
90 Briefings presentations with lots of new content 
and new tools. Network with 4,000 delegates from 
70 nations.   Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on 
June 1 so register today. http://www.blackhat.com



This archive was generated by hypermail 2.1.3 : Tue Jun 26 2007 - 23:37:26 PDT