Computer security at center of DOE problems, top officials say

The former director of the Energy Department's Office of Safeguards and Security today outlined for Congress years of cybersecurity problems at the nation's nuclear weapons laboratories, claiming officials were aware of ongoing espionage but failed to do anything about it.

Edward McCallum, the former chief of DOE security who is now detailed to the Defense Department as the Pentagon's acting director of the Combating Terrorism Technology Support Office, said DOE officials "knew our greatest secrets were being stolen and . . . did nothing about it."

McCallum, who testified today before the House Armed Services Committee's Military Procurement Subcommittee, said efforts by his office dating to 1995 to enhance DOE cybersecurity met with "significant laboratory resistance" and ultimately failed. "Several laboratories and their program assistant secretaries in Washington, [D.C.], believed that protection, such as firewalls and passwords, was unnecessarily expensive and a hindrance to science," McCallum said. "A variety of computer security tools and techniques, such as encryption devices, firewalls and disconnect features, are required by policy; however, these policies were frequently ignored."

Retired Air Force Gen. Eugene Habiger, director of DOE's Office of Security and Emergency Operations, told committee members that during his review of DOE security measures, under way since he took the post in June, he discovered that the department had lost its focus on security. "By-products of this organizational dysfunction and lack of focus included . . . a lack of attention to our cybersecurity practices in a world of increased computer hacking and cyberterrorism," said Habiger.

McCallum identified the lack of protection afforded classified information systems and the ease with which that information could be transferred to and from classified systems as one of the DOE's primary security weaknesses. "Something as simple as using different size floppy disks between classified and unclassified systems was rejected as unnecessary," he said. "Indeed, I believe we are sitting at the center of the worst spy scandal in our nation's history."

Habiger also laid blame on Congress' failure to fund additional cybersecurity initiatives requested by DOE in the department's fiscal 2000 budget proposal. "We have valid requirements in the area of cybersecurity to buy hardware, encryption equipment and to train our system administrators," Habiger said. However, "simply stated, we have been given a mandate but not the additional resources to accomplish that mandate."

Featured

  • IT Modernization
    shutterstock image By enzozo; photo ID: 319763930

    OMB provides key guidance for TMF proposals amid surge in submissions

    Deputy Federal CIO Maria Roat details what makes for a winning Technology Modernization Fund proposal as agencies continue to submit major IT projects for potential funding.

  • gears and money (zaozaa19/Shutterstock.com)

    Worries from a Democrat about the Biden administration and federal procurement

    Steve Kelman is concerned that the push for more spending with small disadvantaged businesses will detract from the goal of getting the best deal for agencies and taxpayers.

Stay Connected