IT security problems blight US nuclear weapons lab

Security troubles continue at the Los Alamos National Laboratory, where officials have confirmed that workers recently sent out...

Security troubles continue at the Los Alamos National Laboratory, where officials have confirmed that workers recently sent out an undisclosed number of classified e-mails over a nonsecure e-mail system.

The disclosure comes less than two weeks after the lab announced that two removable computer discs containing classified nuclear weapons data were missing. That incident represents at least the third time since 2000 that storage media containing classified information have been lost in the facility.

In the latest incident, lab spokesman Kevin Roark confirmed a report that the lab recently discovered new incidents of classified information being sent through a nonclassified e-mail system.

The incidents, he said, occurred when scientists in the lab, which employs about 12,000 people, incorrectly judged information as being classified or unclassified and sent it without asking for assistance about the contents of their e-mails. The incidents are always promptly reported to the US Department of Energy and other agencies, as required by law, Roark said.

When such incidents reoccur, employees are given additional training to remind them of the proper procedures, he said. The problem is that there are “vagaries in the classification rules” which can sometimes make it difficult to determine what is or isn’t classified.

“It’s not as simple as people might think it would be,” he said. “We’re not in a situation where a scientist knows what he’s writing about is classified and he just doesn’t care.”

Roark said he could not comment on the exact number of classified e-mails that were recently sent over the unclassified e-mail system, but he said it is “a very small number”.

“We’d like to get that to zero,” he said. “But you’ve got to understand, you can’t legislate perfection on people. All you can do is tell them in security briefings and reiterate it every time you talk about security.”

Late last week, the lab suspended all activities while the investigation into the missing computer discs continues. Only some essential activities are ongoing, Roark said, including certain important national security functions and human resources, public relations and building infrastructure tasks.

The suspension will continue until officials there believe the latest security problems are corrected, Roark said. All classified activities were suspended on 9 July after the discs were reported missing.

Some reviews are complete, while others may take several more days or even weeks for high-risk activities, Roark said.

The Los Alamos facility develops and applies technology to ensure the safety and reliability of US nuclear deterrent systems and to reduce the threat of weapons of mass destruction and terrorism. The lab also does research aimed at solving national problems in defense, energy and the environment.

Todd R Weiss writes for Computerworld

Read more on IT risk management