The recent theft of three Los Alamos National Laboratory (LANL) computers from an employee's home and the loss of a BlackBerry in a foreign country has led the Nex Mexico-based laboratory to institute a month-long review to ensure that all computers held off-site comply with data security policies, reports ComputerWorld.com.
On January 16, three computers were stolen from the home of a LANL employee in Santa Fe, New Mexico. Sometime in the next two weeks, a BlackBerry was also lost in a "sensitive foreign country," according to an e-mail from Stephen Blair, a senior manager at LANL, obtained by the Project on Government Oversight (POGO). The breaches, he wrote, have been "garnering a great deal of attention with senior management as well as NNSA [National Nuclear Security Administration] representatives," who are responsible for the security of U.S. nuclear weapons, nuclear nonproliferation, and naval reactor programs
In a subsequent letter from the NNSA to the lab's national security director, Michael Anastasio, the agency revealed that 13 other computers were lost or stolen over the past year and that 67 computers in total were currently missing.
The letter also castigated LANL for treating the stolen and missing computers as solely a property management issue without also treating it as a cybersecurity concern. It also ordered the lab to treat any lost or missing computer that can store data as a cybersecurity concern.
Jeffrey Berger, director of communications at LANL, told ComputerWorld.com that the lab was taking the missing and stolen computers seriously and that the three stolen computers had no sensitive information on them.
He also said that the media had exaggerated the lab's computer losses.
Under NNSA requirements, the Los Alamos lab must account "for at least 98.7%" of its bar-coded property, including computer equipment, Berger said. "Over the past several years, [Los Alamos] has consistently exceeded that requirement, accounting for 99.5% or more of its bar-coded property. The results of these annual inventories are independently validated by the NNSA's Service Center in Albuquerque as part of its annual assessment of LANL's property management system."
In response to LANL's data breaches, POGO recommends that NNSA's Los Alamos Site Office (LASO) hold the lab accountable for its cybersecurity failures.
"The true test of how rigorous the government will be in holding the Lab to high security standards will be whether LASO significantly cuts LANL's contract performance fees for FY09," said Peter Stockton, POGO's senior investigator.
Cybersecurity is a paramount concern for President Barack Obama. Last week, he ordered a 60-day review of all government cybersecurity policies to stem data breaches that could jeopardize national security. The order came after it was revealed that the Federal Aviation Administration suffered a breach that exposed the personal information of 45,000 employees.