By Chris Mellor, Techworld
The error-prone Los Alamos Nuclear Laboratory has inadvertently released highly classified nuclear weapons material again, this time by e-mail.
This was followed by the theft of a Los Alamos laptop. Both occurred since last October when a crack dealer was found in possession of lab nuclear weapons data on a USB stick.
The Los Alamos National Laboratory is one of the USA's three nuclear weapons laboratories. It carries out sensitive national security missions, including helping to ensure that the US nuclear weapons stockpile is safe, secure and reliable. It has a history of bad classified data handling discipline and is managed by LANS, Los Alamos National Security.
Following the discovery of classified nuclear weapons data on a crack dealer's USB stick the lab operators were fined $3.3 million by the US Department of Energy. The lab then vowed to stop storing classified data on any removable media.
However, this did not extend to removable computers such as laptops. Over the May and June period a staff member of the lab took his laptop, containing "government documents of a sensitive nature” with him on vacation to Ireland, where it was stolen.
The lab then took an inventory of all its laptops and replaced many of them with non-portable desktop computers.
Jef Berger, a Los Alamos spokesperson, said: "information contained on the computer was of sufficiently low sensitivity that, had the employee followed proper laboratory procedure, he would have been authorised to take it to Ireland."
The employee did not follow proper procedure. Berger added that following the theft the lab is acting to narrowly restrict the use of lab laptops during foreign travel. The lab is also strengthening its employees' understanding of their responsibilities and lab procedures in such matters. He did not say why this had not taken place before.
Following the NewsWeek report Berger stated "After a rigorous review, computer forensics experts at the Lab determined with a very high level of confidence that the laptop stolen from a hotel room in Ireland did not contain any classified materials or any personally identifiable information. Nor were any national security interests jeopardised."
Email security breach
In January Harold P. Smith, a LANS board consultant and former Pentagon atomic weapons adviser, sent a message containing classified data to at least two other board members. He used the ordinary Internet instead of a secure Defense department network. The message was relayed to at least three more board members.
The incident has been described as comprising “the most serious breach of US national security,” and has been rated as Impact Measurement Index-1 (IMI-1), the most serious level of security violation.
Following this some LANS board members have now received security sensitivity training. It is not known why they had not received such training before.
Danielle Brian, executive director of the Project on Government Oversight (POGO), said: "How can we expect Los Alamos, which has thousands of employees, to clean up its abysmal ongoing record of serious security breaches when members of its own board can't even keep track of their classified communications with each other?"
POGO is an independent non-profit organisation that investigates and exposes corruption and other misconduct in order to achieve a more accountable federal government.
POGO senior investigator Peter Stockton said the operator: "has been fined, lab officials have been fired, and the lab was even closed for a number of months so that it could get its act together. It’s clear that it just can’t.” It has a history of security breaches going seven years.
Los Alamos lab's security policy seems to consist of applying quick-fix security sticking plaster after each breach with no top-down, root-and-branch review of data security. The history of its secure data handling policy is one of serial breaches and frantic catch-up efforts.