Security News > 2004 > July > E-mail security problems reported at Los Alamos National Lab

E-mail security problems reported at Los Alamos National Lab
2004-07-21 13:49

http://www.computerworld.com/securitytopics/security/story/0,10801,94638,00.html By Todd R. Weiss JULY 20, 2004 COMPUTERWORLD Security troubles continue at the Los Alamos National Laboratory, where officials have confirmed that workers recently sent out an undisclosed number of classified e-mails over a nonsecure e-mail system. The new disclosure comes less than two weeks after the New Mexico-based lab announced that two removable computer disks containing classified nuclear weapons data were missing. That incident represents at least the third time since 2000 that storage media containing classified information have been lost in the facility. In the latest incident, lab spokesman Kevin Roark late yesterday confirmed a Los Angeles Times report that the lab recently discovered new incidents of classified information being sent through a nonclassified e-mail system. "We have had occurrences recently, yes," Roark said. "We have had them in the past. It's anticipated we will have them in the future." The incidents, he said, occurred when scientists in the lab, which employs about 12,000 people, incorrectly judged information as being classified or unclassified and sent it without asking for assistance about the contents of their e-mails. The incidents are always promptly reported to the U.S. Department of Energy and other agencies, as required by law, Roark said. When such incidents reoccur, employees are given additional training to remind them of the proper procedures, he said. The problem is that there are "vagaries in the classification rules" which can sometimes make it difficult to determine what is or isn't classified. "It's not as simple as people might think it would be," he said. "We're not in a situation where a scientist knows what he's writing about is classified and he just doesn't care." Robert K. Musil, executive director and CEO of the Washington-based Physicians for Social Responsibility, a non-profit group that seeks the elimination of nuclear and other weapons of mass destruction, said the security incidents should remind the public that "nuclear weapons remain the single most important threat to U.S. security that exists. "Even though it is quite dangerous to have these kinds of classified files and materials floating around somewhere, at least it will underscore a problem that people haven't paid enough attention to," Musil said. "It also reminds people that ultimately the best way for us to be secure is to ... prevent the proliferation of such weapons and reduce or eliminate our own nuclear weapons." Roark said he couldn’t comment on the exact number of classified e-mails that were recently sent over the unclassified e-mail system, but he said it is "a very small number." "We'd like to get that to zero," he said. "But you've got to understand, you can't legislate perfection on people. All you can do is tell them in security briefings and reiterate it every time you talk about security." Late last week, the lab suspended all activities while the investigation into the missing computer disks continues. Only some essential activities are ongoing, Roark said, including certain important national security functions and human resources, public relations and building infrastructure tasks. The suspension will continue until officials there believe the latest security problems are corrected, Roark said. All classified activities were suspended on July 9 after the disks were reported missing. Some reviews are complete, while others may take several more days or even weeks for high-risk activities, Roark said. The Los Alamos facility develops and applies technology to ensure the safety and reliability of U.S. nuclear deterrent systems and to reduce the threat of weapons of mass destruction and terrorism. The lab also does research aimed at solving national problems in defense, energy and the environment. _________________________________________ Help InfoSec News with a donation: http://www.c4i.org/donation.html


News URL

http://www.computerworld.com/securitytopics/security/story/0,10801,94638,00.html