HomeFeaturesDailyBriefingsRapidReconSpecial ReportsAbout Us

Computers that Walk out of the Door

The number of computers missing from Los Alamos ranges from 70 to "almost" 100. In reality, the actual number of machines doesn't mean as much as the lax security that allows this to happen at one of our Nation's nuclear laboratories.

It starts with a theft in January:

The Project on Government Oversight (POGO) , a watchdog group, Wednesday released a memo from the Department of Energy's National Nuclear Security Administration (NNSA) expressing concern over the theft of three computers from the home of an employee at Los Alamos National Security LLC (LANS) in January.

Apparently in follow-up investigations, as many as 67 computers were unaccounted for.

The watchdog group POGO (Project On Government Oversight) disclosed on Feb. 11 a memo from the Department of Energy's NNSA (National Nuclear Security Administration) (PDF) sharply critical of security at Los Alamos, particularly regarding a failure to treat lost computers as a cyber-security issue.

The issue of course is not whether the missing computers actually had sensitive or classified material on their hard drives, but the apparent lack of security and oversight of the computers from Los Alamos. This is not the first time that Los Alamos has had a security breach of this type. The Department of Energy lodged multi-million dollar fines against Los Alamos in 2007.

Considering the budget cuts that are rumored to be on the blocks for the Department of Energy Labs, and the possible merger (actually blending) of certain labs, it is surprising that security lapses like this would occur. At best, it is embarrassing.

1 Comment

Most companies enjoy “security” insofar as they haven’t been targeted, or had an employee make a human error with catastrophic exposure. Price Waterhouse Cooper and Carnegie-Mellon’s CyLab have recent surveys that show the senior executive class to be, basically, clueless regarding IT risk and its tie to overall enterprise (business) risk. Data breaches and thefts are due to a lagging business culture – absent new eCulture, breaches will, and continue to, increase. As CIO, I’m constantly seeking things that work, in hopes that good ideas make their way back to me - check your local library: A book that is required reading is "I.T. WARS: Managing the Business-Technology Weave in the New Millennium." It also helps outside agencies understand your values and practices.
The author, David Scott, has an interview that is a great exposure: www.businessforum.com/DScott_02.html -
The book came to us as a tip from an intern who attended a course at University of Wisconsin, where the book is an MBA text. It has helped us to understand that, while various systems of security are important, no system can overcome laxity, ignorance, or deliberate intent to harm. Necessary is a sustained culture and awareness; an efficient prism through which every activity is viewed from a security perspective prior to action.
In the realm of risk, unmanaged possibilities become probabilities – read the book BEFORE you suffer a bad outcome – or propagate one.

Leave a comment