More security breaches at Los AlamosLos Alamos cybersecurity focus of congressional hearing
The names of 550 Los Alamos employees were posted on the Web site of a former subcontractor; the information was gathered for a badge reader which was never used
It is bad enough that the names and Social Security numbers of 550 Los Alamos National Laboratory workers were posted on a Web site run by a subcontractor working on a security system for the lab — but this mishap was the result of software development nine years ago for a badge reader system which ultimately was not even used. The Oversight and Investigations Subcommittee of the House Energy and Commerce Committee wants to know what is going on, and it has called Energy Secretary Samuel Bodman to discuss with it security issues at Los Alamos and the Department of Energy’s Pantex plant at Amarillo, Texas.
The Dalls Morning News reports that last month a former Los Alamos subcontractor, Lujan Software Services, posted the information about the current and former lab workers on a demonstration Web site the company created. It is not clear how long the information was posted, who accessed it, and whether it was being used improperly. The lab had the site removed immediately after discovering the posted information in late March. The lab also notified the employees whose information was posted on the site. Lab officials are angry with the former subcontractor for using real names and Social Security numbers on a demo site.
The University of California ran the lab for more than sixty years, but several security breaches led DOE to put the contract out for bid. Last June, a new management team, which includes Bechtel and the university, took over. This latest security breach is not reassuring. Representative Bart Stupak (D-Michigan), chairman of the oversight subcommittee, said the panel has already held a dozen hearings on problems at the lab “and our patience has grown thin. Absent significant improvements, we will be seeking alternative locations in the DOE complex for having this classified work performed.”
Among the more notroious security problems at the lab:
* In 1999 nuclear scientist Wen Ho Lee was charged with fifty-nine counts of mishandling sensitive information; in 2000 he pleaded guilty to a single count of mishandling computer files and a federal judge apologized for how the government treated him
* In 2004 the lab shut down for seven months after an inventory showed two computer disks of nuclear information were missing; a year later, the lab concluded the disks never existed
* Last October police found classified information during a drug raid aimed at the roommate of a former archivist for a lab contractor
