DOE clamps down on whistleblower for security leaks

In the aftermath of what may be one of the most damaging cases of espionage in U.S. history, the Energy Department has placed a former director of security on administrative leave for blowing the whistle on lax security—including failed computer-security practices—at a top nuclear weapons lab.

DOE officials claim Edward J. McCallum, the former director of safeguards and security for DOE, disclosed classified information during a phone call with an informant from the Rocky Flats, Colo. nuclear facility who detailed the security lapses to him.

That information, detailing significant failures in computer and network security across the department, became publicly available when Rep. Curt Weldon (R-Pa.), speaking on the floor of the House of Representatives this week, entered McCallum's statement into the congressional record.

According to Weldon, McCallum has been placed on "political administrative leave" for informing members of Congress about the various security problems at the facility and therefore embarrassing DOE. The revelations come as DOE grapples with the task of developing new counterintelligence and security procedures after China managed to steal highly classified nuclear weapons secrets.

In a written statement, McCallum alleged that DOE's computer security program suffers from a variety of problems, including an indiscreet relationship between classified and unclassified networks, a lack of guidance from the department on proper security procedures and a severe lack of system administrators trained and skilled in computer security.

Most of DOE's system administrators are responsible for developing their own network security architectures and procedures, but "many of them do not have the computer security background or knowledge to implement a sound computer security program," McCallum said. In addition, attempts to issue and enforce a comprehensive set of rules and regulations met with significant resistance, he said. "Several laboratories complained that providing protection such as firewalls and passwords were unnecessarily expensive and a hindrance to operations," he said.

McCallum also detailed security violations involving the processing of classified information on networks designed to handle only unclassified data. "My office has noted a number of problems in this area, [including the] failure to conduct classification reviews before placing information onto an unclassified processing system, intentionally creating unclassified data that is very close to classified data to ease processing, and using personal computers at home to process classified information," McCallum said.

Featured

  • CLOUD
    pentagon cloud

    Court orders temporary block on JEDI

    JEDI, the Defense Department’s multi-billion-dollar cloud procurement, is officially on hold, according to a federal court announcement Feb. 13.

  • Defense
    mock-up of the shore-based Aegis Combat Information Center

    Pentagon focuses on research, cyber in 2021 budget request

    The Defense Department wants to significantly increase funds for research, cyber, and cloud.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.