Computer security at center of DOE problems, top officials say

The former director of the Energy Department's Office of Safeguards and Security today outlined for Congress years of cybersecurity problems at the nation's nuclear weapons laboratories, claiming officials were aware of ongoing espionage but failed to do anything about it.

Edward McCallum, the former chief of DOE security who is now detailed to the Defense Department as the Pentagon's acting director of the Combating Terrorism Technology Support Office, said DOE officials "knew our greatest secrets were being stolen and . . . did nothing about it."

McCallum, who testified today before the House Armed Services Committee's Military Procurement Subcommittee, said efforts by his office dating to 1995 to enhance DOE cybersecurity met with "significant laboratory resistance" and ultimately failed. "Several laboratories and their program assistant secretaries in Washington, [D.C.], believed that protection, such as firewalls and passwords, was unnecessarily expensive and a hindrance to science," McCallum said. "A variety of computer security tools and techniques, such as encryption devices, firewalls and disconnect features, are required by policy; however, these policies were frequently ignored."

Retired Air Force Gen. Eugene Habiger, director of DOE's Office of Security and Emergency Operations, told committee members that during his review of DOE security measures, under way since he took the post in June, he discovered that the department had lost its focus on security. "By-products of this organizational dysfunction and lack of focus included . . . a lack of attention to our cybersecurity practices in a world of increased computer hacking and cyberterrorism," said Habiger.

McCallum identified the lack of protection afforded classified information systems and the ease with which that information could be transferred to and from classified systems as one of the DOE's primary security weaknesses. "Something as simple as using different size floppy disks between classified and unclassified systems was rejected as unnecessary," he said. "Indeed, I believe we are sitting at the center of the worst spy scandal in our nation's history."

Habiger also laid blame on Congress' failure to fund additional cybersecurity initiatives requested by DOE in the department's fiscal 2000 budget proposal. "We have valid requirements in the area of cybersecurity to buy hardware, encryption equipment and to train our system administrators," Habiger said. However, "simply stated, we have been given a mandate but not the additional resources to accomplish that mandate."

Featured

  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Stay Connected