Dec 13, 2007

Lab's Management Gets Mixed Grade

http://www.pogo.org/p/homeland/ha-071212-lanl.html

ABQ Journal
Thursday, December 13, 2007

Lab's Management Gets Mixed Grade
By Raam Wong
Journal Staff Writer

An "official use only" document prepared within Los Alamos National Laboratory gives the lab's new corporate management a mixed grade on matters of safety and security.

There have been 13 highest-level security breaches since June 2006, when the lab came under the management of the contractor Los Alamos National Security, according to the document, a slide presentation given to lab managers in September on security and safety trends.

"These incidents cause doubt of our ability to protect national secrets, potentially cost millions in fines, and bring in additional external oversight," one of the slides says.

At the same time, the number of employee injuries and missed work days have fallen significantly, under LANS, a partnership among Bechtel, the University of California and others, the slides say.

The document, marked "dissemination prohibited," was obtained by the Project on Government Oversight and released Wednesday.

The Washington, D.C.-based group said in a statement: "The impact of poor work force management and the government turning oversight of safety and security to the contractor leads inexorably to personnel upheaval, congressional oversight and, most importantly, national security breaches that affect the entire nation."

IMI-1 incidents are defined as "any security incident that can be expected to cause serious damage to national security or (Department of Energy) interests."

Lab spokesman Kevin Roark said that, statistically speaking, the number of IMI-1 incidents since LANS took over is flat, if not decreasing.

Roark said the lab takes the incidents seriously and follows up with comprehensive inquiries and new procedures and polices when warranted.

Roark said in the last year the lab has significantly cut back and consolidated its holdings of classified items, thereby reducing the risk of a security breach.

A few high-profile security incidents have occurred on the partnership's watch. In January, members of the lab's corporate management team e-mailed classified nuclear weapons information, requiring security officials to track down and recover the laptop computers used to send the e-mails.

And last year, a contract worker named Jessica Quintana took home hundreds of pages of classified documents.

Of the 13 incidents mentioned in the slide presentation, all of them involved the lack of protection and/or the release of classified information, according to the slides. And two of the incidents involved visiting guests sponsored by active lab employees.

One of the slides entitled "security improvement" showed photos of a lab security guard demonstrating proper traffic hand signals.

Referring to the slide, POGO Executive Director Danielle Brian said: "Can you believe one of new security measures touted in the presentation was the use of stop-and-go hand signals for guards posted at vehicle entrances? It hurts too much to laugh."

17 comments:

Anonymous said...

from the article: "the number of employee injuries and missed work days have fallen significantly..."

That's because no work is going on. Everybody is worrying about the RIF.

Anonymous said...

Yes, and as soon as this one is over, they will be worrying about the next RIF.

Anonymous said...

yep, and if you have ever been involved in a documented incident/injury that has brought the Lab any bad press you can be sure that you will be targeted during the involuntary RIF phase 2/3.

Anonymous said...

Yes, very definitely the way to reduce reported accidents is to punish those who report them.

Anonymous said...

Sigh.

Here we go again. These slides are from an All-Managers Meeting about 4 months ago and have been posted on the yellow net ever since.

The slide about hand signals was from the Worker Safety and Security Team leader's presentation. (A young TSM chemist, NOT a top Lab manager). Puh-lease, these are the same eager beavers who are handing out stress brains and YakTrax.

Supposedly the WSST was asked by workers to get the hand signals at the new access posts cleared up. Supposedly they fixed this and standardized the hand signals. I'm not seeing a difference... but whatever.

Anonymous said...

So is the security situation better or worse than before the changeover?

Anonymous said...

LDRD Strategic Priorities Town Hall
Physics Auditorium Tuesday, December 18, 1:15 – 4:30 pm
...
To facilitate this, Terry Wallace, Principle Associate Director for Science and Technology, and Bill Priedhorsky, ...

Maybe a quick edit before releasing Labwide would be fruitful? Just a suggestion, of course.

Anonymous said...

POGO is just concerned that Bechtel will constrain the flow of info to the point they won't even get leaked documents to hyperventilate about.

Their real concern should be that the government has given the responsibility for nuclear weapons to a for-profit company which is private and whose books are not open for public scrutiny.

Anonymous said...

Who is passing along OUO documents to POGO? That's what I want to know. All indications from past events like this point to a mole somewhere up at DOE HQ. The passing of these types of documents to POGO has been going on for several years now.

Anonymous said...

"One of the slides entitled "security improvement" showed photos of a lab security guard demonstrating proper traffic hand signals."

I'm mightily impressed with the professional hand signal program instituted by LANS for guards at LANL's front gate.

This is yet another sign that we have nothing to worry about at LANL. LANS is on the job, taking care of business.

Anonymous said...

Oh-kay. Let us once again review what is included in the IMI-1 category of security incidents:

http://www.pnl.gov/isrc/2006/word/Inc_Inq_report.doc

"Confirmed or suspected loss, theft, or diversion of a nuclear device or components."

Yes, that would be bad.

"Confirmed or suspected loss, theft, or diversion of Category I or II quantities of Special Nuclear Material (SNM)."

Also very bad. You can make bombs out of this stuff, you know!

"Confirmed or suspected acts or attempts of terrorist-type actions"

That would ruin my whole day.

"Confirmed or suspected acts of sabotage, at any DOE facility, that place the safety or security of personnel, facilities, or the public at risk."

Also very bad.

But according to the presentation, none of these very bad things have occurred at LANL.

Mostly, what happens is that a LANL employee sends an email to another NNSA site. Recipient says "Hmm, that doesn't sound quite right." The two sites argue over interpretation of obscure classification rules. DOE errs toward the worst-case interpretation. Since the email has passed outside the LANL firewall, it is assumed to be a "Confirmed or suspected loss, theft, diversion, or unauthorized disclosure of weapon data."

The recently retired head of LANL's classification group, during the last training session for Authorized Derivative Classifiers, stated the problem well. Paraphrased, he said that there is no way to completely prevent the loss of weapons information over time. The job of the ADC's is to keep their thumb in the dike, to keep the rate of leakage as slow as possible.

One thought experiment: A couple of years ago I heard that best in class digital encryption technology will take a couple of decades to crack. The newest US weapons design is about 20 years old.

So all it takes is patience.

What am I supposed to be worried about here? One in every 100,000 emails that leaves the Laboratory contains a detail so obscure that it's overlooked by one or more ADC subject matter experts? And some foreign agent who's monitoring the daily stream of drivel ("Hi honey, would you mind picking up pizzas for dinner? Remember Susie doesn't eat pepperoni anymore since she started dating that vegan boy. I don't think I like my new hair color but I want to see what you think.") - actually winnows it out and recognizes it as a valuable weapons secret?

Here's a fix, if NNSA really wants to solve this problem. Put the entire DOE complex behind a single, integrated firewall. Sure, the different sites can fence off their proprietary data from each other. But keep all of the emails among NWC sites and HQ inside the NWC firewall. You'd instantly eliminate about 90% of IMI-1 incidents that way.

Anonymous said...

An interesting newspaper article on the LLNL transition.

Anxiety fills the air at lab as management changes..Scientists shaken by shifts accompanying transition away from UC as sole administrator

http://www.contracostatimes.com/portal/news/ci_7676644?_loopback=1

Anonymous said...

"indications from past events like this point to a mole somewhere up at DOE HQ. The passing of these types of documents to POGO has been going on for several years now."
12/13/07 12:00 PM

We need to institute lie detector testing of all suspected whistleblowers. How dare them share public information with the public.

Anonymous said...

7:45 pm: "We need to institute lie detector testing of all suspected whistleblowers. How dare them share public information with the public."

Sorry, but it isn't "public information." I assume that you would agree that not EVERYTHING the government does should be made public. If so, then it is arguable (legally) whether information relating solely to the internal rules and practices of an agency (i.e., one of the Freedom of Information Act exemptions) should apply to details of security breaches. If the details would reveal a significant pathway for further compromise, would you like to see it in the POGO press release? Who gets to make that judgement? POGO? I would hope not.

Gussie Fink-Nottle said...

Dare them?

Shit oh dear! We need to encourage and help them!

We need to implement a lie detector program that randomly selects LANS managers and asks them questions like:

"Did you knowingly violate any New Mexico or US environmental law today?"

"Did you cover up any security or safety infractions at any time in the past 3 weeks?

Anonymous said...

Gus,

Yep, more polygraphs of LANL employees on open-ended witch hunts. That's the ticket. Great morale booster!

I can't see clearly - is that your tongue in your cheek, or are you just suffering from a toothache?

Anonymous said...

When I drove through the LANL security gates this morning, the half asleep guard used a "lifted index finger" method to indicate it was OK to proceed. He was leaning so far back in his chair that there was no way he could see anything inside my vehicle.

Of course, this must be part of the professional Hand Signal Training Program that LANS management is so proud of bringing to our site. What a crock!