By ANDY LENDERMAN | The New Mexican
July 13, 2007
Two management groups could pay $3.3 million in DOE penalties for violations
Federal officials have fined the managers of Los Alamos National Laboratory $3.3 million for allowing a major security breach of classified information last year.
The $3 million fine for the University of California is the largest ever by the U.S. Department of Energy. Los Alamos National Security, LLC, which took over management of the lab from the university in June 2006, was fined $300,000. The university and Los Alamos National Security have 30 days to appeal the fine to the Energy Department and then could appeal to a U.S. District Court.
Los Alamos National Security committed seven security-related violations ranging from failing to protect data ports to failing to assure physical security, the acting administrator of the National Nuclear Security Administration said in a letter Friday, and the University of California committed five similar violations.
The agency found “deficiencies in security controls” by Los Alamos National Security “were a central factor in the thumb drive security breach discovered in October 2006.” Former contract worker Jessica Quintana, who had a high-level security clearance, downloaded and printed classified information from a vault-type room at the lab in July 2006, according to her federal plea agreement. The information was found at Quintana’s home in October by police investigating an unrelated case, according to the plea agreement. She pleaded guilty to a misdemeanor charge of unauthorized removal and retention of classified information.
The violations created “vulnerabilities that led to the potential loss of national security interests,” agency administrator William Ostendorff wrote Friday to lab director Michael Anastasio.
“This incident is particularity troubling because many of the violations cited in the (notice of violation) are of the same nature as other performance deficiencies that have occurred at LANL in the areas of safety and security,” Ostendorff wrote.
In response, the lab stressed its managers are working to fix the problem.
“In addition to creating a new organization to oversee cybersecurity, the laboratory has already taken important, aggressive actions to reduce the total amount of its classified holdings and to consolidate those holdings into as few areas as possible without damaging productivity,” lab spokesman Kevin Roark said in a news release.
The new cybersecurity team reports directly to Anastasio, and the lab is working on completion of its first “super vault-type room.”
“The history of problems and violations concerning the protection of classified information at LANL are matters of deep concern to the department,” Ostendorff wrote to Anastasio. “We expect dramatic improvements in (Los Alamos National Security’s) performance … .”
The University of California intends to outline its “concerns and objections” about the fine to the Energy Department, spokesman Chris Harrington said.
“The content of our response will be informed by the fact that the incident at issue occurred in October 2006 — after the university’s management contract ended in May 2006 — and that the incident involved the individual behavior of a subcontracted, non-UC/LANL employee,” Harrington said in a statement.
The university was assessed the much larger fine because investigators determined the security deficiencies that led to the October 2006 incident were established while it was the prime contractor. The investigation also found the new management team did not correct the vulnerabilities it inherited.
U.S. Sen. Pete Domenici, R-N.M., said the security breaches and the department’s response “are a wake-up call for the entire weapons complex. The proposed reforms being developed by the energy secretary to improve security should be implemented complexwide.”
Domenici is pushing for $67 million in new money for security upgrades at the lab in fiscal 2008.
“It’s unfortunate that it has gotten to the point where DOE has had to impose fines on the lab’s management,” U.S. Sen. Jeff Bingaman, D-N.M., said in a statement. “DOE has also issued an extensive list of areas where improvements must be made. I hope these actions will have the intended effect of dramatically improving security at every level, and that all LANL employees will step up to ensure successful compliance.”
Pete Stockton of the Project on Government Oversight said he’d like to see the fines paid. “The important thing is to recognize that there’s a pattern here. … And some (other security errors) were potentially far worse,” he said.
Last month, two Democratic congressmen reported that officials of Los Alamos National Security apparently used open e-mail networks to share classified information related to nuclear material.
The penalties announced Friday “will hopefully serve as reminders that breaches in the security and safety of our national laboratories will not be without consequence,” U.S. Rep. Tom Udall, D-N.M., said in a statement.
The Associated Press contributed to this article.
Contact Andy Lenderman at 995-3827 or firstname.lastname@example.org.