Nov 17, 2008

New information security training required for Laboratory employees

A comment on the This is Getting Stupid post...

>From the LANL [only] NewsBulletin, posted 17 Nov 2008:
New information security training required for Laboratory employees

November 17, 2008
Must be completed prior to winter closure

New online training about information security is required for all Laboratory workers using a Laboratory computer.

"We're required to train all Laboratory workers on the new information security procedures in order to better protect our information," said Leslie Linke of the Chief Information Office (CIO).

Linke said all employees must complete the new annual information security refresher training, course number 47075 (or course number 47926 for employees who don't have an administrative-level cryptocard), before the Laboratory's winter closure begins on December 25.

Information security, formerly part of the annual security refresher training (course number 1425), has been expanded to provide employees a more comprehensive understanding of their responsibilities in helping the Laboratory meet its cyber defense requirements, said Linke. She emphasized that the new annual information security refresher is now required in addition to the annual security refresher training.

Beginning today the new training can be found through the Virtual Training Center. Employees receive credit for the course through the Virtual Training Center upon completion.


Anonymous said...

More mandatory online training for LANL employees. How very special!

Anonymous said...

They're going to start running out of numbers to use for these mandatory online classes.

Anonymous said...

It gets dumber and dumber. I heard somebody opened up the new training and it crashed and took out their computer! I guess that solves any security holes if LANS destroys the computers. Nobody is working anymore anyways.

Anonymous said...

Maybe it's a trick. You're not supposed to click on the link to take the new training, because it will upload a virus to your computer. Or maybe you need to click on the link to take the training or else be reprimanded for not taking it. I'm so confused.

Anonymous said...

There must be a trick. I did the course today and scored 100% on the Quiz. I always try to get at least one wrong answer on those things. I wonder if its rigged to give everyone 100% just for the boost of morale.

Anonymous said...

I took the training this afternoon and its just a rehash of everything we've ever learned over our lifetimes at LANL. How many time can you repackage something? Maybe it looks different but still the same ole' content.

Just for hoots I went straight to the test and passed. So, I obviously have learned and retained some things since the inception of security requirements. It also confirmed what I said earlier----nothing new.

Anonymous said...

I am still stunned by the comment of the week.

Anonymous said...

I got the perfect score. 80%.

Anonymous said...

I bypassed all the words and went right to the test also... and passed.... there's nothing new but the course number. Another big "panic" about nothing.

Anonymous said...

OH.... and every I know got an 80% which seems rather odd.

Anonymous said...

In our group, anybody who score 100% on these things is considered to be spending too much time studying for the tests and not doing their assigned work!

Anonymous said...

As repetitive as this training is, it's far better than a whole-day cyber stand-down like PNNL and ORNL had. Or maybe the stand-down is coming anyway.

Anonymous said...

The ORNL stand-down meant 1/2 day with no connection to the outside internet. Otherwise it was business as usual for the TSMs.

More odious is that nearly everyone lost administrator privileges on their own PCs, which of course made many programs fail.

Anonymous said...

I scored a 100% on the test. I think that anyone that says this training is stupid needs to be forced into a month long course on the subject. The network security at the lab is only as strong as the weakest link.

Anonymous said...

"I scored a 100% on the test."

YAY! You get a gold star.

Anonymous said...

You never want to score 100% on any LANS quizzes. LANS lawyers use this as evidence to demonstrate willfull neglect when you trip up on one of their policies. Scoring less than 100% can be used to demonstrate you really didn't understand the policy. That is what is all about in this new corporation: Litigate Anyone Not Special (LANS).

Anonymous said...

> The network security at the lab is
> only as strong as the weakest link.


Because, ya know, the Lab exists for the purpose of keeping its network secure. Getting work done is only secondary.

And why is being blocked? Is this a mistake, or is there some real cyber threat posed by this external website (I mean, other than the fact that it's a right-wing political nutjob site)?
Whatever, I can still get there.

Anonymous said...

Upon completion of this mandatory training, each employee will recieve their very own tube of JB-Weld as a badge of completion.

Anonymous said...

Zero safety and security incidents are the only figures of merit that seems to matter at LANL. It's what keeps NNSA happy, gets LANS executives the big bucks, and keeps most of the support orgs fully funded with overhead cash.

Whenever you see an organization value compliance above all else, you are looking at a dysfunctional organization. LANL has become a highly dysfunctional organization.

Anonymous said...

From today's Newsbulletin. I find the tip about spelling errors especially bizarre. Frankly, the mere idea that LANS wanted my opinion, or was planning to give me a gift for being an outstanding employee, was a much bigger red flag.

Avoid becoming target of phishing scams

November 20, 2008

A group of Laboratory employees were attacked last week - cyber attacked that is - as part of an effort to test employee awareness about "phishing" scams.

A Laboratory red team conducted a "phishing" attack on some employees. The attack used two different e-mail messages, one from "" with the subject "LANS Employee Survey," and the other from "" with "Congratulations!" in the subject line. The exercise was conducted under the direction of the Chief Information Office.

The e-mails were crafted to appear to be official correspondence, and they asked the employee recipients to click on an embedded link that took them to a Web site, said Maco Stewart of International Research, Analysis, and Technology Development (IAT-1), coordinator of the Lab's Information Security Operations Center. At the Web sites, recipients were prompted to provide additional information to either complete the "survey" or obtain their special gift.

Most employees receiving the e-mails recognized them as scams and either deleted them or reported the phishing attempt to their OCSRs. But some employees did click on the links, said Stewart.

"This type of attack is a common means used by adversaries who attempt to either gather sensitive information or deposit malicious software on the user's system," said Stewart.

Here are some tips to avoid becoming a victim of a phishing scam at work and home:

• A well configured and patched system is the first line of defense. Contact a system administrator if not sure about the state of your system.
• Ensure that your e-mail system does not automatically open any links or images. This is a setting that can be verified under the Options or Preferences menu for the email software.
• Be suspicious of e-mail requests asking for inappropriate information, such as a home e-mail address, Z-numbers, or other personal information. Look for slight irregularities in the address or link, such as as opposed to a .gov address.
• Most e-mail software enables the user to "hover" over a link to see whether the true linked destination site is the same as that shown in the blue text.

Phishing e-mails may contain spelling errors or sound too good to be true. When in doubt, contact an OCSR. Don't click first and ask questions later, as this could compromise both your system and potentially, other systems on the network.

Employees should forward suspicious e-mails to and contact the Cyber Security Incident Response Team (CSIRT) at 5-8641. All information security events or incidents also must be reported to the SIT at 5-3505 during normal business hours or through SOC-Los Alamos after hours at 5-1279.

Anonymous said...

This is kind of pissing me off. Around the same time as the internal phishing attack was launched, all of the PADSTE AD's were instructed to send an email to their troops, reminding people to be cautious about opening emails from unknown senders. So clearly Terry (and presumably all his AD's) was in the know and wanted his directorates to come out looking good. That's fine for a one-time, planned attack. But these same AD's respond with silence or dumb looks when employees request a reasonable set of tools to help stay aware and informed of ongoing cyber (and other security) threats. Remember the Nuclear Deterrent Workforce Survey? It took the lab *weeks* to determine whether employees could safely respond. What about all the mixups between and Why can't we get better support in this arena?

Anonymous said...

This doesn't really belong on this thread, but posting it was irresistable. From the current DPR newsletter, another great efficiency improvement:


Effective Monday, November 24, 2008, all High End Digital Equipment orders
will have a default setting of "Yes" on the Property Flag. It will be the
DPRs responsibility to ensure that the item they are ordering is a property
item. (Ex. If you are ordering a dust cover for $5 the DPR will need to
change the default from "Yes" to "No")."

Anonymous said...

From the "try to keep up, people" department, and communicated via LINKS on a day that half the workforce is absent.


New Badge E-mails:
Workers eligible to receive the new federal security badge will receive e-mails from Effective in December, the e-mail address will be These e-mails are not spam or phishing attempts and
should not be deleted.

Anonymous said...

This internal phishing expedition was just a local test. The DOE audits are coming during the months of January and February. It's the DOE audits that will probably result in a 1 day cyber stand down and more rules and regulations, regardless of the audit outcomes (see PNNL and ORNL). Get ready, people.

Anonymous said...

In the security training, it stated that Responsible Line Managers must insure that their employees only use LANL computers for business purposes. As a manager, how am I supposed to monitor that? I don't get a list of what web sites my folks surfed or any other tools. I can't limit or lockout sites through their browsers, like they do at Qualcomm. Am I supposed to watch over their shoulders? I feel like the designated fall-guy.

Anonymous said...

At the last All-Managers meeting, it was stated that the HSS cyber attacks are coming in early December.

Anonymous said...

"Workers eligible to receive the new federal security badge will receive e-mails from Effective in December, the e-mail address will be" (8:58 AM)

Ah, so be on the lookout for LANL phishing attacks from:

How convenient. The US Federal security badge issuing system doesn't even use a proper ".gov" address.

What idiots! I guess the US contracted out the badge issuing job to some sleazy, for-profit corporate outfit... like Bechtel.