http://www.msnbc.msn.com/id/19418769/site/newsweek/ By John Barry Newsweek June 25, 2007 June 25, 2007 - What's going on at Los Alamos? The nation's premier nuclear-weapons laboratory appears plagued with continuing security problems. Barely 10 days after revelations of a leak of highly classified material over the Internet, NEWSWEEK has learned of two other security breaches. In late May, a Los Alamos staffer took his lab laptop with him on vacation to Ireland. A senior nuclear official familiar with the inner workings of Los Alamoswho would not be named talking about internal matterssays the laptop's hard drive contained "government documents of a sensitive nature." The laptop was also fitted with an encryption card advanced enough that its export is government-controlled. In Ireland, the laptop was stolen from the vacationer's hotel room. It has not been recovered. This source adds that Los Alamos has started a frantic effort to inventory all its laptops, calling in most of them and substituting nonportable desktop models. (The sources account was confirmed by a midlevel Los Alamos official who also requests anonymity owing to the sensitivity of the subject.) Then, 10 days ago, a Los Alamos scientist fired off an e-mail to colleagues at the Nevada nuclear test site. The scientist works in Los Alamos's P Division, which does experimental physics related to weapons design, a lab source says. The material he e-mailed was "highly classified," the same source says. But he sent his e-mail over the open Internet, rather than through the secure defense network. These incidents come as Los Alamos is still reeling from the revelation that, in January, half a dozen board members of the company that manages the lab circulatedover the Internetan e-mail to each other containing the most highly classified information about the composition of America's nuclear arsenal. The two sources tell NEWSWEEK that the e-mail concerned what the weapons community calls "special nuclear materials," the other ingredients besides uranium or plutonium at the core of nuclear weapons. The sources confirm to NEWSWEEK that the breach was rated "category one," meaning it posed "the most serious threats to national security interests." Los Alamos spokesman Jeff Berger referred questions about the January breach to the Department of Energy or its specialist agency, the National Nuclear Security Administration. Regarding the e-mail to the Nevada test site, Berger said: "The purported incident is under investigation; it would be inappropriate to comment." As for the laptop stolen in Ireland, Berger confirmed the event, but said "information contained on the computer was of sufficiently low sensitivity that, had the employee followed proper laboratory procedure, he would have been authorized to take it to Ireland." About the encryption card, Berger said: "Ireland is a country that wouldn't have posed any export problems." He confirmed that, in the wake of this incident, Los Alamos is "in the process of narrowly restricting the use of laptops for foreign travel," while also working "to strengthen our employees' awareness of their responsibilities for protecting government equipment and the proper laboratory procedures for off-site usage." Bryan Wilkes, spokesman for the National Nuclear Security Administration, said that, in taking his laptop to Ireland, the employee "did violate lab policy"though Wilkes confirmed that, had the employee asked, permission would have been granted. Wilkes declined to comment for the record on the Nevada e-mail. Regarding the circulation in January of highly classified weapons information over the Internet, Wilkes said that everything the department had to say on the matter could be found in a June 15 letter sent by Energy Secretary Samuel Bodman to Rep. John Dingell, chair of the House Energy & Commerce Committee, which oversees the nuclear weapons complex. "I can affirm that an individual did in fact unintentionally transmit sensitive information through an unsecured e-mail system," Bodman wrote Dingell. But Bodman played down its significance: "While serious, the incident in question was the result of human error, not a failure of security systems. The Department makes every effort to minimize inadvertent human errors, but we recognize that such errors may occur from time. Therefore, we have a robust system in place to report and investigate potential violations. In my opinion this is a circumstance where those systems worked well." Bodman's professed reassurance is unlikely to satisfy those peoplemany within the nuclear weapons communitywho are concerned by what appears to be a pattern of security problems at Los Alamos stretching back some years. "Boys will be boys, seems to be Bodman's message," one very senior figure in the weapons community said sarcastically: "I doubt that will appease John Dingell." Dingell's staff was unable to respond by deadline to a request for comment. But Dingell has talked in the past of his concerns at what seems to be deeply rooted problems at Los Alamos. Appearing in January before one of Dingell's sub-committees, Thomas D'Agostino, deputy administrator for weapons programs at the NNSA, agreed that successive security breaches at Los Alamos pointed to a failure of what he called "the security culture" there. D'Agostino promised tough action: "Make no doubt about this. If the current laboratory management is unable or unwilling to change the security culture at LANL, I will use every management tool available to me" to force action, he said in testimony. (c) 2007 MSNBC.com _____________________________________________________ Attend Black Hat USA, July 28-August 2 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 30 hands-on training courses and 90 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 70 nations. Visit product displays by 30 top sponsors in a relaxed setting. Rates increase on June 1 so register today. http://www.blackhat.com
This archive was generated by hypermail 2.1.3 : Tue Jun 26 2007 - 23:37:26 PDT