Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Los Alamos nuclear lab loses more data

Weapons centre continues abysmal security record.

Article comments

The error-prone Los Alamos Nuclear Laboratory has inadvertently released highly classified nuclear weapons material again, this time by email.

This was followed by the theft of a Los Alamos laptop. Both occurred since last October when a crack dealer was found in possession of lab nuclear weapons data on a USB stick.

The Los Alamos National Laboratory is one of the USA's three nuclear weapons laboratories. It carries out sensitive national security missions, including helping to ensure that the US nuclear weapons stockpile is safe, secure and reliable. It has a history of bad classified data handling discipline and is managed by LANS, Los Alamos National Security.

Following the discovery of classified nuclear weapons data on a crack dealer's USB stick the lab operators were fined $3.3 million by the US Department of Energy. The lab then vowed to stop storing classified data on any removable media.

However, this did not extend to removable computers such as laptops. Over the May and June period a staff member of the lab took his laptop, containing "government documents of a sensitive nature” with him on vacation to Ireland, where it was stolen.

The lab then took an inventory of all its laptops and replaced many of them with non-portable desktop computers.

Jef Berger, a Los Alamos spokesperson, said: "information contained on the computer was of sufficiently low sensitivity that, had the employee followed proper laboratory procedure, he would have been authorised to take it to Ireland."

The employee did not follow proper procedure. Berger added that following the theft the lab is acting to narrowly restrict the use of lab laptops during foreign travel. The lab is also strengthening its employees' understanding of their responsibilities and lab procedures in such matters. He did not say why this had not taken place before.

Following the NewsWeek report Berger stated "After a rigorous review, computer forensics experts at the Lab determined with a very high level of confidence that the laptop stolen from a hotel room in Ireland did not contain any classified materials or any personally identifiable information. Nor were any national security interests jeopardised."

Email security breach

In January Harold P. Smith, a LANS board consultant and former Pentagon atomic weapons adviser, sent a message containing classified data to at least two other board members. He used the ordinary Internet instead of a secure Defense department network. The message was relayed to at least three more board members.

The incident has been described as comprising “the most serious breach of US national security,” and has been rated as Impact Measurement Index-1 (IMI-1), the most serious level of security violation.

Following this some LANS board members have now received security sensitivity training. Again, it is not known why they had not received such training before.

Danielle Brian, executive director of the Project on Government Oversight (POGO), said: "How can we expect Los Alamos, which has thousands of employees, to clean up its abysmal ongoing record of serious security breaches when members of its own board can't even keep track of their classified communications with each other?"

POGO is an independent non-profit organisation that investigates and exposes corruption and other misconduct in order to achieve a more accountable federal government.

POGO senior investigator Peter Stockton said the operator "has been fined, lab officials have been fired, and the lab was even closed for a number of months so that it could get its act together. It’s clear that it just can’t.” It has a history of security breaches going seven years.

Los Alamos lab's security policy seems to consist of applying quick-fix security sticking plaster after each breach with no top-down, root-and-branch review of data security. The history of its secure data handling policy is one of serial breaches and frantic catch-up efforts.



Share:

More from Techworld

More relevant IT news

Comments

OhGoodGrief said: I agree that a facility doing national security research should be held to a high standard as indeed it is apparently a higher standard than any of the OTHER related facilities in fact but to quote a LANL-issued statement on the most recent internal e-mail event It does appear that an individual inadvertently released sensitive information into the Labs protected or yellow network it was quickly caught quickly removed and there is no suspicion or evidence that any National Security interests were damaged There is no evidence that the information ever left the laboratorys protected network To characterize this as another breach of security is misleading at best

NotAsHarmlessAsYouThink said: The email went out over the internet its a series of tubes you see NOT a private network and was purged off of one University of California server Since these tubes sometimes get clogged the message may have used other tubes and might be stored somewhere along the wayMaybe some readers need some heavier shoes to keep their knees from jerking up so rapidly to defend our perfect union I for one find your stats upsetting rather than comforting Maybe other departments lose hardware too but is the data encrypted did they follow their procedures to mitigate the risk of lossHow about if we hold some departments to a higher standard than others This might be a good department to start with Then we can move on to fixing the other onesWe agree on one point though TechWorld should report on all of the hardware going out the doors of our sensitive environments I dont think they should bury this story just because other people lose stuff too though

OhGoodGrief said: So it appears that every lost pencil and irrelevant laptop is worthy of hysterics here Can you name another 12000-employee institution that NEVER EVER has a laptop stolen Lets see the Dept of State has lost HUNDREDS and Dept of Defense apparently doesnt even keep track they go so fast Note it was not a classified machine and had no personnel data so why the big deal And the most recent news flurry over an errant INTERNAL e-mail was on an internal network only no outside access Seems like TechWorld needs to reexamine its motives and its level of reporting rigor just a bit



Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *