The Los Alamos National Laboratory in New Mexico-the United States’ primary nuclear weapons testing lab-is under fire again for lax security practices following the theft of three computers from the home of a Los Alamos employee. In the last 12 months, 13 computers have been stolen or lost and the lab reports that 67 other computers are currently missing.
The watchdog group POGO (Project On Government Oversight) disclosed on Feb. 11 a memo from the Department of Energy’s NNSA (National Nuclear Security Administration) (PDF) sharply critical of security at Los Alamos, particularly regarding a failure to treat lost computers as a cyber-security issue.
“The magnitude of exposure and risk to the laboratory is at best unclear as little data on these losses has been collected or pursued given their treatment as property management issues,” the memo stated. It further ordered the Los Alamos lab to “treat any loss of computer equipment with the capability to store data as a cyber-security concern.”
The memo also targeted “significant weaknesses in individual controls” at Los Alamos in addition to configuration management and accountability issues.
“In treating this as only a property management issue … apparently the cyber-security elements of the laboratory were not engaged in a timely and proactive manner to assess and address potential loss of sensitive information,” the memo stated. “Perhaps more frustrating is that, when this engagement did occur, significant uncertainty existed as to the state of compliance adhered to within the laboratory.”
POGO’s disclosure is not the first security gaffe at Los Alamos.
In 2006, the Los Alamos lab was a target of federal criticism for failing to protect classified information after security officials searching a trailer for drugs discovered three USB thumb drives that supposedly contained nuclear data. The trailer belonged to a former subcontractor at the lab.
Less than a year later, in Jan. 2007, the security contractor for Los Alamos sent sensitive information on nuclear materials over an open, unsecured e-mail network. The incident was considered so serious that a senior departmental official was notified in the midst of a White House event.
Perhaps most infamously, in 2000 computer disks storing classified information disclosing how to disarm Russian and American nuclear devices were found to be missing from a secure storage area.
Home Cybersecurity