[ISN] UC Faces $3.3 Million Penalty

From: InfoSec News (alerts@private)
Date: Mon Jul 16 2007 - 02:14:01 PDT


By Tamara Bartlett
Daily Cal Staff Writer
July 16, 2007

The U.S. Department of Energy issued a notice Friday proposing a $3.3 
million fine against the University of California and other managers of 
the Los Alamos National Laboratory for an October security breach.

The department and the National Nuclear Security Administration sent 
preliminary notices of the violation to the university and Los Alamos 
National Security, LLC with a proposed $3 million civil penalty against 
the university and $300,000 penalty against the security group in 
response to a 2006 incident involving the mishandling of classified 

The classified material was discovered last October when police 
responded to a domestic disturbance near the lab at a trailer home that 
belonged to Jessica Quintana, a former subcontracted employee at the 

During the investigation, the police confiscated the classified material 
along with drugs and drug paraphernalia found in the trailer home.

According to the preliminary notices, the university and the security 
group, which includes the university, have 30 days to respond to the 
notices or they will have relinquished their right to appeal the 
violation and the penalty will be final.

UC spokesperson Chris Harrington said in a statement the university 
plans to respond to the alleged violation, explaining that its contract 
with the lab ended in May 2006, before the alleged violation, and that 
the “incident involved the individual behavior of a subcontracted, 
non-UC/(lab) employee.”

The department also issued a compliance order to the security group, 
which won a bid to oversee the lab in December 2005, requiring that it 
implement specific actions to fix the problems that led to the 

The security group has 15 days to file an appeal if it wishes to contest 
the order.

Violating the order could result in a notice of civil penalties of up to 
$100,000 per violation per day, the order stated.

Harrington said in the statement that the university hopes to strengthen 

“The university remains outraged at the actions taken by the individual 
involved in this incident. We believe the type of behavior involved—a 
failure to follow clearly defined security protocols and a violation of 
the law—is completely unacceptable,” he said.

Attend Black Hat USA, July 28-August 2 in Las Vegas, 
the world's premier technical event for ICT security 
experts. Featuring 30 hands-on training courses and 
90 Briefings presentations with lots of new content 
and new tools. Network with 4,000 delegates from 
70 nations.   Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on 
June 1 so register today. http://www.blackhat.com

This archive was generated by hypermail 2.1.3 : Mon Jul 16 2007 - 02:22:13 PDT