Energy chastised over security

The scandal over two missing computer drives containing nuclear secrets

from the Los Alamos National Laboratory is raising new questions about whether

the Energy Department can handle security at its defense facilities.

Members of Congress expressed outrage last week over the disclosure

that lab employees discovered classified material missing on May 7, but

did not report it to their superiors for three weeks. Energy officials,

as well, vented their frustration over the breakdown in their security system.

"Frankly, if one of these people had discovered his car stolen from

a garage, they would not have waited one day," said Energy Deputy Secretary

T.J. Glauthier.

Lab director John Browne said he was not going to make any excuses. But

he said Los Alamos was faced with chaos last month when raging wildfires

threatened to engulf the area and destroy the lab.

"I'm not going to use the fire as an excuse for this," Browne said. "People

do make mistakes under stress."

But lawmakers said this is the latest in a long stream of security violations

involving Energy facilities. Last year, former Los Alamos scientist Wen

Ho Lee was charged with copying top-secret computer files that have never

been found. He's now awaiting trial.

Lawmakers began raising new questions about security within hours after

the latest lapse was disclosed, and they dismissed Energy officials' explanations

that computer drives may have been misplaced, not stolen.

"Some of their most sensitive nuclear information seems to have walked

out the door," said Sen. Richard Shelby (R-Ala.), chairman of the Senate

Select Committee on Intelligence.

"I seriously question whether we have better security at our Wal-Marts

than at our labs," said Sen. Wayne Allard (R-Colo.).

Lawmakers also were angered because Energy Secretary Bill Richardson

declined to appear at the hearing. As the nation's chief Energy official,

he is responsible for overall security at Energy's nuclear facilities. Although

he issued a statement expressing his outrage, he did not appear before the

intelligence committee hearing June 14.

Retired Air Force Gen. Eugene Habiger, now director of Energy's Office

of Security and Emergency Operations, said that more than 100 interviews

have been conducted by the FBI, which has opened a criminal investigation,

and that 28 people who had unescorted access to the vault where the computer

drives were kept would undergo polygraph tests.

"We will not tolerate security lapses at DOE," Habiger said.

Nevertheless, the missing computer drives have already put Energy on

alert that it has to close its security holes and close them quickly to

halt the political and national security damage from the latest incident.

Work has been suspended at Los Alamos while officials continue to search

for the computer drives. Six lab employees who had access to the vault

have been placed on leave, and the CIA has been called in to assess whether

there has been damage to national security.

Among the flaws highlighted during the hearings were the lack of a requirement

that visitors to the vault sign in and that the classified material be immediately

available for SWAT teams in the event of a nuclear threat from terrorists.

In addition, some lawmakers expressed concern that the lab is run by

the University of California, which is conducting its own investigation

into the chain of command involving the disclosure.

"It gives me no confidence when you tell me there's an academic group

looking into it," said Sen. Richard Bryan (D-Nev.).

Energy officials have promised new measures to protect the nation's

nuclear secrets. Richardson appointed two former members of Congress — Rep.

Lee Hamilton (D-Ind.) and Sen. Howard Baker (R-Tenn.) — to conduct an investigation

and make recommendations about security measures.

Meanwhile, the Senate swiftly confirmed the No. 2 man at the CIA to

head a new nuclear weapons agency within Energy. Air Force Gen. John Gordon,

now deputy CIA director, won unanimous confirmation Wednesday after his

nomination had been held up for months. The vote was 97-0.


Information security metrics being used or developed throughout government:

* CIO Council Information Technology Security Assessment Framework (draft).

* GAO Federal Information System Controls Audit Manual (Chapters 3

and 4).

* GAO's five levels of security effectiveness (used only internally

for reference in audits).

* Government/private-sector Systems Security Engineering Capability

Maturity Model.

* DOD Information Assurance Readiness Assessment (draft).


  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.