Computerworld - Security troubles at Los Alamos National Laboratory continued last week as officials confirmed that workers recently sent out an undisclosed number of classified e-mails over a nonsecure system.
The disclosure came less than two weeks after the New Mexico-based lab announced that two removable computer disks containing classified nuclear weapons data were missing . That incident marked at least the third time since 2000 that storage media containing classified information has been lost at the facility.
Los Alamos spokesman Kevin Roark last week confirmed that the lab recently discovered new incidents of classified information being sent through a nonclassified e-mail system. "We have had occurrences recently, yes," he said. "We have had them in the past. It's anticipated we will have them in the future."
Questionable Judgment
Roark said the incidents occurred when scientists at the lab, which employs about 12,000 people, incorrectly judged information as being classified versus unclassified and sent it without asking for assistance in categorizing the content of their e-mails. Such incidents are always promptly reported to the U.S. Department of Energy and other agencies, as required by law, he said.
When such incidents recur, employees are given additional training to remind them of the proper procedures, Roark said. The problem is that there are "vagaries in the classification rules" that can make it difficult to determine what's classified. Roark said that he couldn't comment on the number of classified e-mails that were sent over the unclassified e-mail system but that it was "a very small number."
"We'd like to get that to zero," he said. "But you've got to understand, you can't legislate perfection on people. All you can do is tell them in security briefings and reiterate it every time you talk about security."
Earlier this month, the lab suspended most activities while continuing the investigation into the missing disks.
Security experts and analysts expressed varied opinions on the recent security incidents at Los Alamos.
Scott Larson, a managing director at Stroz Friedberg LLC, a New York-based consultancy that specializes in computer forensics, acknowledged that accidental releases of sensitive information using nonsecure e-mail systems are unavoidable. But he was critical of the lab's position that such incidents are mostly attributable to human judgment.
"The ... throwing-your-hands-up approach is unacceptable for this kind of information," Larson said. Classified and nonclassified e-mail systems must be completely separate, and the people who use them must be trained to know the difference, he said.
Nathaniel Palmer, a security analyst at Delphi Group in Boston, called the security lapses"scary." Palmer said he's amazed that a nonsecure e-mail system is even used in the lab, when instead one system could be used by everyone and all correspondence could be better monitored.
Other analysts were more forgiving.
Pete Lindstrom, an analyst at Spire Security LLC in Malvern, Pa., said it's possible that the Los Alamos facility experiences no more security lapses than other classified government facilities but that officials there are more willing to discuss problems publicly.
Read more about Networking in Computerworld's Networking Topic Center.
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
