GAO report says Los Alamos lab classified computer network has security weaknesses

By Heather Clark, AP
Tuesday, November 17, 2009

GAO: Los Alamos computer security has weaknesses

ALBUQUERQUE, N.M. — Security weaknesses uncovered in Los Alamos National Laboratory’s classified computer network could increase the risk of a breach of classified information, the U.S. Government Accountability Office said in a new report.

The GAO audited key parts of the nuclear weapons lab’s classified computers from November 2008 to July 2009. The classified computer network consists of more than 3,900 computers and devices for about 3,800 users, the report said.

Preventing leaks of sensitive information on the northern New Mexico lab’s classified computer network is “critical to national security,” the report stated.

“While the laboratory has taken steps to protect information on its classified computer network, a number of security weaknesses remain,” the report said.

Lab spokesman Kevin Roark said Tuesday the vast majority of the issues raised by the report already have been resolved.

“All classified data at Los Alamos is extremely well protected and isolated from the Internet and all indications — including other external audits — confirm that this most important of information continues to be safe,” Roark said.

Among the GAO’s findings:

— The lab failed to mark the classification level of documents stored on its classified computer network or keep an inventory of the numbers and types of classified documents stored there. The report said that increased the risk that the lab may not be able to detect inappropriate uses.

— The lab also cannot effectively monitor the actions of computer users. While it monitored the network regularly, certain events were not being logged, which increased the risk that an unauthorized user would not be detected.

— Not all users were provided with the necessary specialized security training.

— Each division at the lab was responsible for securing its own computer systems that are connected to the classified network, which has resulted in a patchwork of cyber security practices.

The lab has had a number of high-profile security lapses in recent years, most recently in 2006 when a worker took home documents on a portable computer storage drive and 200 pages of hard copies.

It was later found that none of the classified materials were top-secret or contained the most sensitive computer information.

“It’s just ongoing, and how many times can they say that they fixed it?” said Scott Kovac, operations and research director for the watchdog group Nuclear Watch New Mexico in Santa Fe.

The National Nuclear Security Administration, which oversees the lab, said it will provide corrective actions to the House Committee on Energy and Commerce.

November 19, 2009: 8:39 am

thank you very good blog, has given me a lot of information

will not be displayed