GAO: Los Alamos Lab has cybersecurity gaps

The nuclear weapons lab, in Los Alamos, N.M., has experienced breaches in its security in several incidents over the last decade. It was budgeted nearly $200 million in fiscal 2007 to provide for physical and cybersecurity. Despite improvements, the facility continues to have gaps in its physical security and cybersecurity, the GAO report concluded. “Our review of cybersecurity at Los Alamos National Laboratory found that the laboratory has implemented measures to enhance its information security, but weaknesses remain in protecting the confidentiality, integrity and availability of information on its unclassified network,” the report said. Vulnerabilities exist in identifying and authenticating users; encrypting sensitive information; and monitoring and auditing compliance with security policies. Furthermore, the lab has not fully implemented an information security program. GAO made 52 recommendations to fix the lab’s cybersecurity gaps, some of which had been documented in prior years. Lab officials have said that their cybersecurity funding amount is inadequate to address all the security concerns, but that assessment has been questioned by the National Nuclear Security Administration. From fiscal years 2001 through 2007, the lab spent $51.4 million to protect and maintain its unclassified network.