Los Alamos National Laboratory has experienced yet another computer-related security failure. Lab spokesmen admit that nine floppy disks and one large-capacity storage disk have gone missing. The lab immediately assumed its customary “no harm, no foul” attitude and a spokesman assured the American public that there had been “no threat to national security” from the loss. He blamed human error and inadequate inventory procedures for the missing disks.
This latest computer-security flap at Los Alamos understandably frustrated Energy Department officials in Washington. Security officers have warned about vulnerabilities within the computer networks at the nation’s nuclear weapons labs for years. In testimony to a blue-ribbon panel investigating the labs in 1999, one security officer likened the labs’ computers to automated teller machines from which practically anyone could make “withdrawals at our nation’s expense.”
That panel completed its work before the magnitude of Los Alamos scientist Wen Ho Lee’s computer transgressions were fully appreciated. Over the space of a decade, Lee managed to transfer classified data on at least twenty U.S. thermonuclear warheads onto both an unclassified computer network and high-capacity computer storage tapes. Hackers from China, Russia, and elsewhere repeatedly penetrated that unclassified network. An intelligence- community report would later conclude that outsiders had acquired “complete access and total control to create, view, modify or execute any and all information stored on the system.”
After the breach was discovered, then-Secretary Bill Richardson assured the nation that its nuclear secrets were now “safe and secure.” But less than a year later, Richardson was on Capitol Hill trying to explain the loss of ten removable computer hard drives at Los Alamos. Those disks contained classified intelligence data on foreign nuclear weapons programs. In the latest flap, lab spokesmen made similar claims; no U.S. warhead data were compromised, they said, only data on foreign nuclear weapons. After weeks of searching by the FBI, Richardson’s hard drives turned up behind a copy machine inside a taped-off crime scene at the lab. The FBI never solved the case of the missing hard drives and it had no better luck with Lee. Lee got off with a slap on the wrist; in return, he promised to tell the Bureau what he had done with the tapes. Despite extensive searches, the Bureau has never found the tapes.
Energy Secretary Spencer Abraham termed this latest episode unacceptable and another department spokesman lamented that Los Alamos just can’t seem to get computer security right. Over the past two years, Los Alamos has suffered repeated embarrassments over not only missing disks, but also over lost, stolen or missing computers that had been processing classified data. Earlier this spring, an internal Energy Department report concluded that because of its poor computer security procedures, Los Alamos couldn’t “provide adequate assurance that classified, sensitive, or proprietary information is appropriately protected.” A “limited stand down” has been declared at Los Alamos while employees receive retraining on computer security. Incredibly, however, Los Alamos has yet to fix the security gap that allowed Lee to transfer data for years without detection.
Abraham said that the latest flap justified the Bush administration’s decision to open up the Los Alamos management contract to new bidders. The University of California has held the contract, now said to be worth about $2 billion, since the lab’s establishment in 1943. The University has taken the brunt of the criticism for Los Alamos’ security failures, especially from Capitol Hill and, more recently, the Department. In truth, it’s not at all clear that new management could rectify the lab’s problems. A private-sector defense contractor runs Sandia National Lab, another New Mexico weapons lab, that has recently experienced it own security problems. Despite being under private management, Sandia’s response to these problems was classic lab behavior: “first deny, then cover up.” Many believe that an external review uncovered only the tip of the iceberg of security problems at Sandia.
The media’s reaction to this latest flap has been mixed. The incident was widely reported in media outlets on the West Coast and in the trade press. Both the Washington Post and the New York Times ignored the incident, however. In truth, that’s probably justifiable since past history indicates that this latest episode will simply be swept under the rug and, after a brief interlude, the lab will be back to business as usual.