Los Alamos confirms e-mail security holes

Security troubles at Los Alamos National Laboratory has continued as officials confirmed that workers recently sent out an...

Security troubles at Los Alamos National Laboratory has continued as officials confirmed that workers recently sent out an undisclosed number of classified e-mails over a non-secure system.

The disclosure came less than two weeks after the New Mexico-based lab announced that two removable computer discs containing classified nuclear weapons data were missing. That incident marked at least the third time since 2000 that storage media containing classified information has been lost at the facility.

Los Alamos spokesman Kevin Roark confirmed that the lab recently discovered new incidents of classified information being sent through a non-classified e-mail system. "We have had occurrences recently," he said. "We have had them in the past. It's anticipated we will have them in the future."

Roark said the incidents occurred when scientists at the lab, which employs about 12,000 people, incorrectly judged information as being classified versus unclassified and sent it without asking for assistance in categorising the content of their e-mails. Such incidents are always promptly reported to the US Department of Energy and other agencies, as required by law, he said.

When such incidents recur, employees are given additional training to remind them of the proper procedures, Roark said. The problem is that there are "vagaries in the classification rules" that can make it difficult to determine what is classified.

He declined to comment on the number of classified e-mails that were sent over the unclassified e-mail system but that it was "a very small number".

"We would like to get that to zero," he said. "But you have got to understand, you cannot legislate perfection on people. All you can do is tell them in security briefings and reiterate it every time you talk about security."

Early in July, the lab suspended most activities while continuing the investigation into the missing discs.

Todd R Weiss writes for IDG News Service

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close