Fresh Security Breaches At Los Alamos

WrongSizeGlass writes "MSNBC is carrying Newsweek reporting on two new security breaches at Los Alamos. Both of these latest incidents were 'human error' on the part of employees. In one, an e-mail containing classified material was sent over the open Internet rather than through the secure defense network. In the other incident, an employee took his lab laptop on vacation to Ireland, where it was stolen out of his hotel room. The machine reportedly contained government documents of a sensitive nature."

One mail?

[suv4x4]

In one, an e-mail containing classified material was sent over the open Internet rather than through the secure defense network.

So he sent one mail and it was intercepted? Damn, this puts the "insecurity" of email communication in an entire new light.

Re:Human element is the greatest danger

[WgT2]

Speaker sidestepped No-Fly and other watchlists by flying to Prague, then to Montreal, and then driving to the United States.

Sounds to me that his actions were completely intentional, that he was not at all concerned about the health of others, that he wanted to fulfill his desires regardless of how it might affect others.

I wonder if there are charges that could be brought up against him.

In any case, you make a very good point about the human factor in security.

Sensitive nature

[suv4x4]

The machine reportedly contained government documents of a sensitive nature.

I for one am sick of hearing about the military's sensitive nature. What was the document containing, poems about the war in Iraq or something?

We all know 90% of those documents have no reason to be hidden from anyone, except to hide the abuse and money laundering that's going on at furious speeds over there.

Perceived status as an issue

[Flying pig]

What makes the Speaker case even more interesting is two factors. First, an educated professional given grave personal information behaved in a way that could possibly be interpreted by some people as irrational and maybe even putting others in danger. Second, subsequent comments reported to be by Speaker suggested that, like many lawyers, he is a very forceful individual who sees his own interests as paramount. It would be very interesting to know if the customs agent felt intimidated by Speaker and this accounted for his being allowed into the country.

In the UK, a large number of intelligence protection failures have occurred basically because of the perceived status of the perpetrators. (the best known cases being Philby, Blunt, MacLean and Burgess, all of whom were fairly upper class members of the Intelligence services.) In his fictional books based on composites of the Philby-Burgess case (A Perfect Spy and Tinker,Tailor,Soldier,Spy), John le Carré (who was in a position to know) suggested that the Intelligence services suspected or half knew that they had traitors in their midst all along, but were inhibited from acting against fellow members of the upper classes and their own community.

It would be very interesting indeed to know how far this culture extends into research establishments. It would be expected to be quite pervasive because of the esprit de corps among any professional group.

Of course, perhaps the real answer is that scientists and engineers, by their nature, are the worst people to be allowed to work on secret weapons systems because it contravenes their tendency to want to cooperate, share knowledge and see their own work published. Let's replace them all with Fortune 500 CEOs. That should result in a real peace dividend.

Re:Perceived status as an issue

[morgan_greywolf]

Well, not all security personnel can be swayed by someone's status. I know people who have worked airport security (prior to the TSA takeover, in fact) and you'd better believe that everyone was required to go through the screening, at least at Detroit's Metro Airport (DTW). And I mean everyone. The pilots, the flight attendants, even high-ranking politicians, celebrities, off-duty police, off-duty FBI, and other high-ranking officials. (The only people allowed through without screening were U.S. military showing proper ID, and police or FBI/ATF/etc. if they were on duty). They all complained, and the louder they complained, the more insistent the security people got.

The reason is that it boils down to training. The security folks prior to the TSA takeover were actually very well-trained -- security is actually worse with the TSA takeover than before. They were told "You don't let anyone by, no matter who they are."

But I sort of agree about scientists and engineers -- but I also know that with proper security measures and procedures in place, it's definitely possible to get even the worst offenders to cooperate with you.

It's Also Worth Noting...

[NeverVotedBush]

That quite a few senators and representatives, in this time of tighter money, see the Los Alamos budget as a juicy target. The more they can keep Los Alamos in the news and hold it up as "incompetent" to handle security, the better chance they have of yanking funding and redirecting it to whatever their pet projects are in their own states. Not that it matters what Los Alamos does to enhance the Nation's security - little things like the chem/bio sensors used at the Salt Lake City Olympics, inventing a lot of the new DNA techniques, work on alternative energy, fighting terror in many ways, and yes, even making sure that the USA has reliable nuclear weapons. Check their web page. They do a lot for the country.

But by yanking funding and threatening to "close the place down", those senators and representatives are risking a valuable National resource. It's their choice I suppose. But I don't think this continued beating down is very productive.

Los Alamos has name recognition. It makes great headlines every time anyone even takes a dump out there.

Crypto?

[Lethyos]

Is it a gross simplification to state that using encryption would have rendered both mistakes harmless?

Is this really so hard for IT departments to set up PGP or one of its clones? Same goes for disk encryption? I have argued with people up and down who claim this is too hard to deploy, but I say that something is better than nothing, even if it nothing more than checking “encrypted folder” on your NT system.

These tools have gotten so easy to use these days and while I understand this is largely a social and policy problem, there is plenty of low-hanging fruit that can help mitigate the damage.

Re:Sensitive nature

[Vitriol+Angst]

It turns out that a lot of the Security breaches at Los Alamos in the past were mistakes of the FBI. Due to a database reporting error, they "lost" documents that didn't exist, and still others were recovered inside the area.

So the "Los Alamos security breach" stories got big headlines and the "FBI screws up" got little headlines. Maybe there is a pattern there. As the newly privatized single-source nuclear weapons manufacturing company for the USA had a walk-out of 500 security guards over 36-hour work shifts and poor security protocols that didn't make headlines.

I think there is a dangerous move to privatize a lot of key military functions. And the FBI seems to bring up a lot of accusations before verifying the actual security risk.

Couple this with their seeming lack of interest in securing laptops and databases of American citizens. The rates is about a few million records a month. No biggie if some third party has your SSN right? The government can't have a Total Information Awareness database, but it appears that a private company can. Check out what John Poindexter (Iran/Contra felon) is still up to these days. Who knew he was such a great database expert?

Los Alamos is now privatized, and the good old "employee takes laptop with sensitive files and gets it stolen" oops is happening at rapid pace. Anyone want to be whether THAT particular employee gets reprimanded? My bet they will get a promotion. As does everyone who seems to fail upwards in this current administration.
http://www.fas.org/blog/secrecy/2007/05/los_alamos _blocks_researcher_a_1.html [fas.org]

Article is Crap. here's actual press release

[goombah99]

los alamos has a press release [lanl.gov] response to this. The laptop did not contain sensitive info. Indeed it would be highly unusual for a laptop with sensitive info to leave the Los Alamos site on travel. Moreover, what Los Alaoms considers "sensitive" info is a much higher standard than you would think. For example, if an employee has someones resume on their computer and that resume, despite being a public document, perhaps taken off Monster.com or Nature.jobs, has a birthdate in it, then it's treated as sensitive information. Think about that next time you hear "sensitive" info being lost at Los alamos.