GAO: Los Alamos National Lab's Cybersecurity Lacking

Cybersecurity efforts to protect a leading U.S. nuclear laboratory's classified computer network remain lacking even after a series of security lapses, according to a new report from the U.S. Government Accountability Office.

By Grant Gross
Fri, November 13, 2009

IDG News Service — Cybersecurity efforts to protect a leading U.S. nuclear laboratory's classified computer network remain lacking even after a series of security lapses, according to a new report from the U.S. Government Accountability Office.

The Los Alamos National Laboratory, which has suffered multiple security breaches in recent years, continues to have "significant weaknesses ... in protecting the confidentiality, integrity, and availability of information stored on and transmitted over its classified computer network," the GAO said in a report released Friday.

The lab has vulnerabilities in several "critical" areas, including identifying and authenticating users, authorizing user access, encrypting classified information and maintaining secure software configurations, the GAO report said.

"A key reason for the information security weaknesses GAO identified was that the laboratory had not fully implemented an information security program to ensure that controls were effectively established and maintained," the report said.

The lab has not conducted comprehensive risk assessments to ensure against unauthorized use, has not marked the classification level of information stored on its classified network, and has inadequate training for users with security responsibilities, the GAO report said.

In January, there were reports of the theft of three computers from a lab employee's home in Santa Fe, New Mexico. Later reports said as many as 67 computers were missing from the lab.

In July 2007, the U.S. Department of Energy moved to fine the lab for an October 2006 breach that exposed classified data. A contract worker illegally downloaded and removed hundreds of pages of data from the lab using USB thumb drives.

Also in mid-2007, U.S. lawmakers criticized the lab after reports that several officials there had used unprotected e-mail networks to share highly classified information.

There were other security problems at the lab, including instances in 2003 and 2004 when the lab could not account for classified removable electronic media, such as compact discs and removable hard drives.

A lab spokesman did not immediately return an e-mail seeking comment on the GAO report. The DOE's National Nuclear Security Administration (NNSA), while it said it generally agreed with the report, said the lab has made progress in its cybersecurity efforts.

Many of the shortcomings have been addressed, said Michael Kane, associate administrator for the NNSA, in a letter to the GAO. In response to a DOE compliance order issued in 2007, "a number of key technical issues and policy implementation concerns have been or are currently being addressed," Kane said.

The DOE oversees the lab, a multidisciplinary research institution working on strategic science on behalf of U.S. national security. The lab is jointly operated by several groups, including NNSA and the University of California.

White Papers »
The Next Generation of Archiving
Governing electronic content archives presents a significant challenge for any
organization, regardless of industry or regulatory profile. Content stores and
communication channels have multiplied and user behaviors now include
myriad mobile and social media interaction methods. These factors make
it difficult to quantify and leverage the value of enterprise information.
Top Solutions and Tools to Prevent Devastating Malware
Custom malware frequently goes undetected. According to Forrester Research, the best way to reduce risk of breach is to deploy file integrity monitoring (FIM) tools that provide immediate alerts. This white paper has been brought to you by NetIQ, the leader in solving complex IT challenges.
Identity Governance: The Business Imperatives
This white paper describes the business challenges and opportunities that are driving interest in Identity Governance while discussing considerations your organization should make to help achieve project success.
CA Technology Brief: CA Point of View: Content Aware Identity & Access Management
This paper explores the concept of content-aware IAM, describes the integrated architecture for this new approach, and highlights the benefits that this approach provides.
Measuring the Business Value of CI in the Data Center - IDC-HP White Paper
One of the key strategies that IT teams are pursuing to reduce capital costs while boosting asset utilization and employee productivity is the transition to highly virtualized data centers. However, IDC finds that expectations for further boosts in IT asset use and operational efficiency often surpass the actual results for a variety of reasons. These problems can quickly overwhelm any hoped-for benefits as the scope of virtual server deployment expands.
Accelerate time to application value
For your IT organization to keep pace with the business, you need a new, faster approach to infrastructure deployment-an approach that increases agility and accelerates time to application value. That's HP Converged Systems. Built on Converged Infrastructure, these systems deliver the industry's first portfolio of pre-integrated, tested, and optimized infrastructure solutions for applications running in virtual, cloud, dedicated, or hybrid environments.
Webcasts »
Virtual Desktop Solutions in the Federal Government
Federal IT managers are on the forefront of realizing the benefits that a secure, easy-to-manage virtual desktop environment can provide. The key is how to deliver the end-user experience that is comparable to a physical desktop. This webcast will show how the recently released VMware View 5 environment is being used to deploy virtual desktops to provide mission-critical solutions around Disaster Recover/COOP, telework and secure mobile applications to federal organizations. View this webcast and learn how new features and benefits of the VMware View 5 environment meet the needs of Federal customers
Apps QuickStart Series Part 2: Designing and Deploying SQL Server on VMware vSphere
Download this webcast to learn about the design considerations for virtualizing SQL workloads, performance and scalability information and high-availability options, as well as support considerations
Quantifying the Business Value of VMware View - Webcast
Many enterprises have discovered that the use of virtualization to support desktop workloads creates a range of significant benefits. These benefits include price efficiencies, improved IT management and greater agility and choice for end users.

This VMware sponsored webcast with IDC will provide both quantitative measurement of the business value -- defined as the expected ROI -- and qualitative analysis associated with the use of VMware View™. IDC will also provide an analysis of the View Composer and ThinApp™ features of VMware View, including the business value of these solutions and an overview of how they work.

Attend this webcast to learn about:
- Challenges and barriers that might impede the adoption of desktop virtualization
- Navigating roadblocks to facilitate a strategic implementation
- Optimizing qualitative and quantitative benefits to IT and your business
Architecting a Modern Approach to Data Management
Applications are changing - they're increasingly web-oriented, global in nature and run from multiple device types. Additionally, the volume of data is growing exponentially every year. How do you ensure your applications have fast, accurate, up-to-date information in this new world? Modern applications are data-intensive; delivering data the old way using monolithic databases isn't working. What's needed is a modern approach to data. One that scales-out as needed and delivers predictable high performance, but without sacrificing data consistency or integrity.
Introduction to VMware View 5
VMware View™ 5 simplifies IT management while increasing end user freedom by delivering desktop services from your cloud. Building upon VMware's leadership in desktop virtualization, VMware View 5 delivers a high-performance user experience while giving IT greater policy control.

View this webcast and find out how VMware View 5 can help you:
- Deliver the highest fidelity experience of desktop services across any device and any network
- Simplify and automate IT management, security and control of desktop services
- Reduce the costs associated with your desktop environment
The CIO's View: Time-to-Value Through Automation
IT professionals are being asked to deliver faster "time-to-value" than ever before. An IDG Research survey found that CIOs are eager to invest in technologies that will enable them to get new applications and services up quickly, achieving faster time-to-value.
Newsletter Sign-Up »

Receive the latest news test, reviews and trends on your favorite technology topics

Choose a newsletter
  11. View all Newsletters | Privacy Policy
White Papers » All White Papers

The Next Generation of Archiving

Top Solutions and Tools to Prevent Devastating Malware

Identity Governance: The Business Imperatives

CA Technology Brief: CA Point of View: Content Aware Identity & Access Management

Measuring the Business Value of CI in the Data Center - IDC-HP White Paper

Accelerate time to application value

Business Value of Blade

HP CloudSystem Matrix: Managing at a Higher Level

Virtual Infrastructure Yields Real TCO and ROI Advantages

Quantifying the Business Value of VMware View

TechRepublic: Cloud Computing - Potential Value for Your Company?

Forrester: Economic Impact of Switching to Google Apps

HBR: What Every CEO Needs to Know About the Cloud

VMware Delivers a Modern Approach to Data Management: Solutions Brief

VMware View 5 Performance and Best Practices

Desktop Total Cost of Ownership: 2011 Update - Gartner Research

The Next Step in the Evolution of SaaS-Managed TMSĀ®

A Power Brand Gains Strength Through Managed TMS

Supply Chains: Where to Find the Biggest, Fastest Transportation Savings

How to Source, Implement and Manage a Transportation Management Solution
Sponsored Links

Push the limits of virtualization with HP. Get the tech dossiers and learn how you can put an end to runaway virtual sprawl.

Splunk translates machine data into "aha" moments for IT and the business.

Evolving Your Data Center for the Cloud

Get Ethernet speeds from 1 Mbps to 10 Gbps - Comcast Business Class

Gain cutting-edge insights at MIT in 2-5 day executive programs.

Converge your infrastructure with HP. Access a valuable case study in the CI Resource Center now.

Redefine Software support with HP

Click to see how Accenture has delivered high performance to clients

Learn how Accenture helps clients become high-performing businesses.

Join the Conversation. Follow Oracle EPM & BI on Twitter Today.

Check Point Trusted by the Global 100

Customized information views & Twitter events at New Fulcrum Point

ShoreTel UC cuts costs like no other. Mobilize your business today.

E-book: Discover Business-Ready Storage Systems For Oracle Environments

Managed Hosting Buyer's Guide - Benefits to key considerations

Discover how integration of operations mgmt and service mgmt enhances productivity.

Converge your infrastructure with HP. Access white papers, case studies, videos and more.

High performance. Delivered. Click to see Accenture's client successes

See how Accenture helps clients perform at the highest levels

Compare risk and TCO in single and multivendor networks on Feb 23.

Connect with global CIOs now at Enterprise CIO Forum

Upcoming Webinar: Managing Cost in the Cloud

Resource Center
buy a link »
Ads by TechWords