Wednesday, March 28, 2007
March 22, 2007
“New” LANL Management Can’t Get a Grip
on Cyber-Security Issues
| For Immediate Release|
Contact: Jennifer Porter Gore firstname.lastname@example.org or Peter Stockton (202) 347-1122
The new management is a consortium led by
Two sections of the lab’s draft master cyber-security plan titled “Bull in a China Shop” and “Flatheaded” are cited as “derogatory statements regarding the new LANS [Los Alamos National Security] management structure and its likely impacts on cyber security at LANL.” These sections were drafted by the lab’s Information System Security Officers.
In addition to not having a site-wide plan, the lab is reported to lack “rudimentary components” of a cyber security program including standardized periodic training, a site-wide cyber security manual, and an overarching policy for the lab’s cyber-security, noting “limited procedural documentation was available.”
The assessment involved representatives from several nuclear weapons facilities and was conducted in mid-November—weeks after a major cyber-security breach that led to more than 1,000 pages of highly classified documents from the lab being discovered in a trailer during a methamphetamine lab drug bust.
POGO’s investigations have found seven cyber-security breaches at LANL since 2002 (see http://pogo.org/p/homeland/ha-061003-lanl.html ). These breaches include a 2004 report of the loss of computer disks containing classified information and the mishandling of classified emails. Those events prompted LANL Director Pete Nanos to suspend all work activities for the Lab in July 2004 for several months, at a cost of at least $370 million.
“LANL seems to have the same never-ending problems,” said POGO’s Executive Director Danielle Brian. “Time after time the lab has promised to strengthen its cyber-security program, including finding better ways to secure classified removable media, but little gets done. I hope it doesn’t take another security breach to spur lab officials to real action, but I’m afraid it will.”
Founded in 1981, the Project On Government Oversight (POGO) is an independent nonprofit that investigates and exposes corruption and other misconduct in order to achieve a more accountable federal government.
# # #
You're on you own after that, as this blog will go dark on April 1st.
-Pat, The Dog
NNSA needs to be shut down. The sooner this shutdown is done, the better. Until then, things will just get worse and worse.
However, just because you have the money does not mean you can do the work. CSO-CYSEC is full of people who have no basic understanding of operating systems so they have no understanding of the underpinings of computer security vulnerabilities. Until the right people are hired, having more money to do the work is just as wasteful as paying managers gross salaries.
Yep, that about describes the LANS that I know.
Way to go, D'Agostino, you picked a real gem in LANS.
Of course, we all recognize that this was all part of the plan.
Don't mind us, this blog will be gone soon, and your sneaky, corrupt activities will once again be safe and secure from scrutiny. Except from the likes of Pogo.
Thank you, Pogo.
You may wish to go to www.nukewatch.org to find the lead article (March 28, 2007) concerning the LANL Biosafety Lab facility. The Feds (NNSA) were just about to authorize LANS to go ahead and violate Federal NEPA law at LANS' request.
And many of the items listed as being broken in that article are funny as they were considered 'best of DOE' just 6 months before.
In light of the demise of the blog where real problems can be documented is POGO a reasonable alternative?
Does POGO protect "whistleblowers" during investigations?
If someone has reliable documentation about a lack of LANL's action to a reported computer security problem, is POGO the one who should hear about it?
Is POGO interested in poor management, waste, fraud, and abuse, etc.?