Wednesday, March 28, 2007

 

“Bull in a China Shop”, “Flatheaded”

http://www.pogo.org/p/homeland/ha-070304-lanl.html




March 22, 2007


“New” LANL Management Can’t Get a Grip
on Cyber-Security Issues



For Immediate Release
Contact: Jennifer Porter Gore jgore@pogo.org or Peter Stockton (202) 347-1122


WASHINGTON —The Project On Government Oversight (POGO) has received copies of an internal assessment of the Los Alamos National Laboratory showing that six months into its tenure the lab’s new management had no cyber security protection plan.

The new management is a consortium led by University of California and Bechtel. The University alone managed the lab for 60 years—until a series of cyber-security lapses and breaches forced a re-bid of the original management contract. However, the internal assessment of the lab’s Cyber Security Program conducted in November 2006 reveals crucial management problems. These problems include lack of a clear cyber-security policy and a program plan that still hadn’t been finalized.

Two sections of the lab’s draft master cyber-security plan titled “Bull in a China Shop” and “Flatheaded” are cited as “derogatory statements regarding the new LANS [Los Alamos National Security] management structure and its likely impacts on cyber security at LANL.” These sections were drafted by the lab’s Information System Security Officers.

In addition to not having a site-wide plan, the lab is reported to lack “rudimentary components” of a cyber security program including standardized periodic training, a site-wide cyber security manual, and an overarching policy for the lab’s cyber-security, noting “limited procedural documentation was available.”

The assessment involved representatives from several nuclear weapons facilities and was conducted in mid-November—weeks after a major cyber-security breach that led to more than 1,000 pages of highly classified documents from the lab being discovered in a trailer during a methamphetamine lab drug bust.

POGO’s investigations have found seven cyber-security breaches at LANL since 2002 (see http://pogo.org/p/homeland/ha-061003-lanl.html ). These breaches include a 2004 report of the loss of computer disks containing classified information and the mishandling of classified emails. Those events prompted LANL Director Pete Nanos to suspend all work activities for the Lab in July 2004 for several months, at a cost of at least $370 million.

“LANL seems to have the same never-ending problems,” said POGO’s Executive Director Danielle Brian. “Time after time the lab has promised to strengthen its cyber-security program, including finding better ways to secure classified removable media, but little gets done. I hope it doesn’t take another security breach to spur lab officials to real action, but I’m afraid it will.”

Founded in 1981, the Project On Government Oversight (POGO) is an independent nonprofit that investigates and exposes corruption and other misconduct in order to achieve a more accountable federal government.

# # #


Comments:
Y'all have three more days here to read all about those aspects of LANS management practices which our esteemed LLC corporate presence really would prefer not being in the public eye.

You're on you own after that, as this blog will go dark on April 1st.

-Pat, The Dog
 
You'll be thrilled to know that DOE/NNSA also cut the LANL cybersecurity budget quite a bit. So, they want the work done, they just don't want to pay for it.

NNSA needs to be shut down. The sooner this shutdown is done, the better. Until then, things will just get worse and worse.
 
Things will get worse and worse until someone realizes that too large a percentage of LANL's budget is going to USELESS managers. If the estimate of $40M to upper management is correct and if that were cut in 1/2 there would be plenty of money for many programs.

However, just because you have the money does not mean you can do the work. CSO-CYSEC is full of people who have no basic understanding of operating systems so they have no understanding of the underpinings of computer security vulnerabilities. Until the right people are hired, having more money to do the work is just as wasteful as paying managers gross salaries.
 
Pat, I hope you enjoy your new job. Thanks for trying to make a difference. I hope someone with computer saavy will take on the onerous task of maintaining a blog so that the corruption and mismanagement at LANL continues to be publicized.
 
USELESS and corrupt = Neu. No management experience and using her position to help her husband's and her own programs with no oversight or accountability. Nice. But what can we expect out of Wallace and since when has he made a decision over the past 3 years.
 
"“Bull in a China Shop”, “Flatheaded”"

Yep, that about describes the LANS that I know.

Way to go, D'Agostino, you picked a real gem in LANS.

Of course, we all recognize that this was all part of the plan.

Don't mind us, this blog will be gone soon, and your sneaky, corrupt activities will once again be safe and secure from scrutiny. Except from the likes of Pogo.

Thank you, Pogo.
 
New themesong for the lab:

http://cdbaby.com/mp3lofi/dickieweed-07.m3u
 
Hi Pat the Dog,

You may wish to go to www.nukewatch.org to find the lead article (March 28, 2007) concerning the LANL Biosafety Lab facility. The Feds (NNSA) were just about to authorize LANS to go ahead and violate Federal NEPA law at LANS' request.
 
so where is the blog item on the dismissal of Steve Yarbro? Doubtless he'll me replaced by yet another LANS clone from Bechtel or such......
 
Yarbro was ousted? What did he do wrong?
 
My favorite issue has been that both Sandia and Los Alamos helped DOE/HQ and NNSA deal with some very bad issues on their fields.. and then get a 60% cut in cybersecurity budgets as a thankyou.

And many of the items listed as being broken in that article are funny as they were considered 'best of DOE' just 6 months before.
 
What sort of reputation does POGO have?

In light of the demise of the blog where real problems can be documented is POGO a reasonable alternative?

Does POGO protect "whistleblowers" during investigations?

If someone has reliable documentation about a lack of LANL's action to a reported computer security problem, is POGO the one who should hear about it?

Is POGO interested in poor management, waste, fraud, and abuse, etc.?
 
Post a Comment



<< Home

This page is powered by Blogger. Isn't yours?