14 DAY TRIAL // In a letter sent by the Department's of Energy (DOE) National Nuclear Security Administration (NNSA) to the administration of Los Alamos National Security (LANS), the Los Alamos National Laboratory (LANL), which LANS oversees, has been seriously criticized for lax cyber security practices. The memo has revealed that 13 computers have been stolen from the lab during last year alone, while the “fate” of another 67 is currently unknown.
A government watchdog group called the Project On Government Oversight (POGO) got its hands on the internal memo signed by the Manager and Contracting Officer of NNSA's Los Alamos Site Office (LASO), according to which several incidents at the Los Alamos National Laboratory raised serious concerns regarding its “property management, accountability, incident reporting and cyber security,” practices.
In January, three computers belonging to the laboratory were stolen from the house of a scientist, and the resulting investigation revealed that this had not been an isolated case. The NNSA memo notes that the agency was not notified about another 10 computers that had been confirmed as stolen in the past year, and that 67 systems were “missing.”
This is because the incidents were treated by LANL as property-management issues, and not as computer security breaches, the DOE says. Therefore, LANL had not gathered sufficient data about the incidents in order to determine how much sensitive information was stored on those computers or had been lost as a result of them being stolen.
“In recognition of these events and their possible implications […], I am directing you to treat any loss of computer equipment with the capability to store data as a cyber security concern […] I am also directing the formal resolution of the status and potential cyber security ramifications of each of the 80 systems note above be documented in a written report to me […] Finally, I direct LANS to work closely with my staff to develop and execute an aggressive program to correct any system deficiencies/weaknesses in computer accountability and configuration management system […],” Donald L. Winchell, Jr., manager of LASO, underlines.
Interestingly enough, what this memo does not mention is that back in January, in addition to the three computers being stolen, some other scientist lost an LANL BlackBerry in a “sensitive foreign country,” as pointed out in a different internal e-mail disclosed by POGO.
“It is troubling that the contractor only informed the government of this during investigations into the most recent thefts,” POGO's Executive Director Danielle Brian says, the contractor being Los Alamos National Security LLC, which is a private company managed by the University of California, Bechtel, BWX Technologies, and Washington Group International. “It's great to see that the federal overseer is more aggressively pursuing its oversight role,” Peter Stockton, senior investigator at POGO, also notes.