Fresh Security Breaches At Los Alamos 127
WrongSizeGlass writes "MSNBC is carrying Newsweek reporting on two new security breaches at Los Alamos. Both of these latest incidents were 'human error' on the part of employees. In one, an e-mail containing classified material was sent over the open Internet rather than through the secure defense network. In the other incident, an employee took his lab laptop on vacation to Ireland, where it was stolen out of his hotel room. The machine reportedly contained government documents of a sensitive nature."
One mail? (Score:3, Interesting)
So he sent one mail and it was intercepted? Damn, this puts the "insecurity" of email communication in an entire new light.
Re:Human element is the greatest danger (Score:5, Interesting)
Sounds to me that his actions were completely intentional, that he was not at all concerned about the health of others, that he wanted to fulfill his desires regardless of how it might affect others.
I wonder if there are charges that could be brought up against him.
In any case, you make a very good point about the human factor in security.
Sensitive nature (Score:1, Interesting)
I for one am sick of hearing about the military's sensitive nature. What was the document containing, poems about the war in Iraq or something?
We all know 90% of those documents have no reason to be hidden from anyone, except to hide the abuse and money laundering that's going on at furious speeds over there.
Perceived status as an issue (Score:5, Interesting)
In the UK, a large number of intelligence protection failures have occurred basically because of the perceived status of the perpetrators. (the best known cases being Philby, Blunt, MacLean and Burgess, all of whom were fairly upper class members of the Intelligence services.) In his fictional books based on composites of the Philby-Burgess case (A Perfect Spy and Tinker,Tailor,Soldier,Spy), John le Carré (who was in a position to know) suggested that the Intelligence services suspected or half knew that they had traitors in their midst all along, but were inhibited from acting against fellow members of the upper classes and their own community.
It would be very interesting indeed to know how far this culture extends into research establishments. It would be expected to be quite pervasive because of the esprit de corps among any professional group.
Of course, perhaps the real answer is that scientists and engineers, by their nature, are the worst people to be allowed to work on secret weapons systems because it contravenes their tendency to want to cooperate, share knowledge and see their own work published. Let's replace them all with Fortune 500 CEOs. That should result in a real peace dividend.
Re:Perceived status as an issue (Score:2, Interesting)
The reason is that it boils down to training. The security folks prior to the TSA takeover were actually very well-trained -- security is actually worse with the TSA takeover than before. They were told "You don't let anyone by, no matter who they are."
But I sort of agree about scientists and engineers -- but I also know that with proper security measures and procedures in place, it's definitely possible to get even the worst offenders to cooperate with you.
It's Also Worth Noting... (Score:3, Interesting)
But by yanking funding and threatening to "close the place down", those senators and representatives are risking a valuable National resource. It's their choice I suppose. But I don't think this continued beating down is very productive.
Los Alamos has name recognition. It makes great headlines every time anyone even takes a dump out there.
Crypto? (Score:3, Interesting)
Is it a gross simplification to state that using encryption would have rendered both mistakes harmless?
Is this really so hard for IT departments to set up PGP or one of its clones? Same goes for disk encryption? I have argued with people up and down who claim this is too hard to deploy, but I say that something is better than nothing, even if it nothing more than checking “encrypted folder” on your NT system.
These tools have gotten so easy to use these days and while I understand this is largely a social and policy problem, there is plenty of low-hanging fruit that can help mitigate the damage.
Re:Sensitive nature (Score:5, Interesting)
So the "Los Alamos security breach" stories got big headlines and the "FBI screws up" got little headlines. Maybe there is a pattern there. As the newly privatized single-source nuclear weapons manufacturing company for the USA had a walk-out of 500 security guards over 36-hour work shifts and poor security protocols that didn't make headlines.
I think there is a dangerous move to privatize a lot of key military functions. And the FBI seems to bring up a lot of accusations before verifying the actual security risk.
Couple this with their seeming lack of interest in securing laptops and databases of American citizens. The rates is about a few million records a month. No biggie if some third party has your SSN right? The government can't have a Total Information Awareness database, but it appears that a private company can. Check out what John Poindexter (Iran/Contra felon) is still up to these days. Who knew he was such a great database expert?
Los Alamos is now privatized, and the good old "employee takes laptop with sensitive files and gets it stolen" oops is happening at rapid pace. Anyone want to be whether THAT particular employee gets reprimanded? My bet they will get a promotion. As does everyone who seems to fail upwards in this current administration.
http://www.fas.org/blog/secrecy/2007/05/los_alamo
Article is Crap. here's actual press release (Score:3, Interesting)