Friday, February 16, 2007
By: Associated Press
WASHINGTON (AP) - Two US House members are asking what the FBI has learned about an October security breach at New Mexico’s Los Alamos National Laboratory.
The FBI is investigating the breach at the northern New Mexico nuclear weapons lab.
The problem came to light when more than 1,500 pages of documents—some of them classified—were found during a drug raid at the home of a lab subcontractor’s former employee.
Democratic Congressman Bart Stupak of Michigan and Republican Congressman Ed Whitfield of Kentucky have asked FBI Director Robert Mueller for a briefing on the extent of security problems in the Energy Department complex.
Stupak says he’s concerned similar problems may exist elsewhere in the nation’s nuclear weapons complex.
February 12, 2007
WASHINGTON (CNN) -- The FBI lost at least 10 laptop computers containing classified information during a four-year period ending in 2005, the Justice Department's inspector general has found.
To quote our very favorite Senator: "Just get over it!"
2/16/2007 4:46 PM
So are you saying that you believe LANL will get RRW and NOT LLNL, or, is LANL only going to be PIT Facility and maybe possibly get the new Bio Lab that Tracy, Ca city is rejecting? I thought I read somewhere that the people in Washington said RRW was to much of a risk to have at LANL because of the massive security vilations over the years.
This post is where we're wondering if the FBI report that Stupak requested will shed any light on Mitchell's purported security violation.
I suggest Mr. Stupak start by looking at the details of the Shawn Carpenter case in which Shawn just won over $4 million from SNL due to SNL management's bungling of this national security fiasco. The details in this case are truly shocking and put SNL management in an extremely bad light.
It's not hard too find this stuff, Mr. Stupak. All you have to do is look. And after you've finished looking, think of all the fun you'll have calling for more Congressional hearings and bullying other Lab directors with threats to "shut the place down". It could offer endless hours of ass-whipping enjoyment plus plenty of 15 second sound bites for the folks back home in rural Michigan.
BTW, Mr. Stupak, Barton, Whitfield and Ms. DeGette. Are staff and aides in Congress allowed to bring USB memory sticks into their offices? Naughty, naughty! Better get on top of that one right now. I understand that JB Weld works wonders when injected into a USB port. You should try it out before some young staffer decides to take God-knows-what out from your office computers.
During my time at LANL (retired 1994), which included working up some policy to comply with DOE orders, I concluded that LANL was engaged in what is called "malicious compliance". This means that one give the appearance of compliance, but not the substance. This was true, as I observed directly, with DOE orders concerning software practices. It was also true with security practices, which varied widely across the Lab. I came to LANL for the DOD environment, and I was appalled at the LANL attitude.
What I saw was management giving over the generation of compliance documents and strategies to admin staff without, in many cases, the proper qualification or management support. The resulting documentation was very poor and quite unworkable, but that was ok, as the goal was not compliance only the appearance. Those asked to use the unworkable documents could, with justification, claim that they were unworkable, thus giving them licensce to "do their own thing". The result, a hodge podge of implementation across the Lab. This made the burden of "compliance" higher than it needed to be, and very spotty compliance also resulted. If the DOE put pressure on LANL, a call from Senator Domenici's staff could well result. In my time the DOE did what they could and shrugged their shoulders. LANL was the bad boy with the big dad.
Contrasting this with Sandia Lab, which has an excellent record of compliance with DOE orders, it is night and day. Sandia achieves good results with a lot less cost and resentment. The do real compliance, not "malicious compliance". It is possible, as Sandia demonstrates, but it requires a real sea change at LANL. I personally think that a big mistake was made when LANS was selected, as Sandia had a history of doing these things, and many others, well without a lot of fuss and bother.
Some of my experience was on the NWC SQAS, the Nuclear Weapons Complex Software Quality Assurance Subcommittee. When I was appointed to the Committee, which had members from across the complex, I found it trying to cope with a very serious issue, the quality and reliability of software, for the present and the future. The Committee was chaired by Sandia, which had two well qualified members on the committee. LANL also had two members, who were not well qualified, and they seemed intent to block committee action as those actions might require change at LANL. This was too typical.
In closing, my experience is that LANL will not improve, in security or software, by having the same people making incremental changes to the rubbish they have created in the spirit of "malicious compliance". They would do better to import the scheme(s) of those who do it well; Sandia is one such. LANL has, in this area and others, a very bad history to confront, and the first thing necessary is to acknowledge that history. The LANL attitude which is "we're Los Alamos, and we're different, and better" must be checked at the door. The may be different alright, but their compliance record is terrible. It is time for a bit of attitude adjustment and some humility.
The driver, a young man in a Brioni suit, Gucci shoes, Ray Ban sunglasses and YSL tie, leans out the window and asks the cowboy, "If I tell you exactly how many cows and calves you have in your herd, will you give me a calf?"
The cowboy looks at the man, obviously a yuppie, then looks at his peacefully grazing herd and calmly answers, "Sure, Why not?"
The yuppie parks his car, whips out his Dell notebook computer, connects it to his Cingular RAZR V3 cell phone, and surfs to a NASA page on the Internet, where he calls up a GPS satellite navigation system to get an exact fix on his location which he then feeds to another NASA satellite that scans the area in an ultra-high-resolution photo.
The young man then opens the digital photo in Adobe Photoshop and exports it to an image processing facility in Hamburg , Germany .
Within seconds, he receives an email on his Palm Pilot that the image has been processed and the data stored.
He then accesses a MS-SQL database through an ODBC connected Excel spreadsheet with email on his Blackberry and, after a few minutes, receives a response.
Finally, he prints out a full-color, 150-page report on his hi-tech, miniaturized HP LaserJet printer and finally turns to the cowboy and says, "You have exactly 1,586 cows and calves."
"That's right. Well, I guess you can take one of my calves," says the cowboy.
He watches the young man select one of the animals and looks on amused as the young man stuffs it into the trunk of his car.
Then the cowboy says to the young man, "Hey, if I can tell you exactly what your business is, will you give me back my animal?"
The young man thinks about it for a second and then says, "Okay, why not?"
"You're a Congressman for the U.S. Government", says the cowboy.
"Wow! That's correct," says the yuppie, "but how did you guess that?"
"No guessing required." answered the cowboy. "You showed up here even though nobody called you; you want to get paid for an answer I already knew, to a question I never asked. You tried to show me how much smarter than me you are; and you don't know a thing about cows...this is a herd of sheep.
Now give me back my dog."
While I totally agree with your post, you might want to consider a different term than malicious compliance. The term really means following an order to the letter knowing that doing so will cause harm. For example, if your boss asks you to do something that you know will hurt him or his reputation, and you do it with that intention in mind, you would be guilty of malicious compliance. It's a form of sabotage.
I think what you describe is pure old-fashioned fraud and yes, it is alive and well at the lab.