February 10, 2008   Sign In |  About ebizQ |  Contact Us |  Join ebizQ Gold Club
Peter Schooff
Peter Twenty-Four Seven Security
 Peter Schooff's blog is a daily look at what's going on in the world of computer security with an emphasis on how it affects businesses.

« Podcast with Arbor Networks: The Evermore Deadly Evolution of Malicious Software | Main | Avoiding the Easy Website Hack »

August 13, 2007
Los Alamos a Data Loss Leader

Since last October, when it was discovered a crack dealer had nuclear weapons data on a USB stick (you think they were trying to smoke it?), Los Alamos has had two more high-profile data losses. The Los Alamos lab was fined $3.3 million (who pays, us?) over this breach, and since then vowed to no longer store sensitive information on removable media. But Los Alamos continues to have a history of shoddy handling of classified data, and this can be directly attributed to Los Alamos National Security, or LANS.

According to CSO Online, the first data slip occurred in typical fashion, with the theft of a laptop. An employee took his lab laptop to Ireland, where it was stolen. It was inevitably determined that the information was of low sensitivity, and even if the employee had followed standard protocol and requested permission to travel with the laptop, it would have been granted.

Following this theft, though, Los Alamos has begun restricting employees traveling with laptops.

The second, and more disturbing data fumble, occurred last January when Harold P. Smith, a LANS board consultant and former Pentagon atomic weapons adviser, sent an email containing classified data over the ordinary Internet instead of using the secure Defense department network. The email was originally intended for two board members, but the message was relayed on to at least three other boards members.

This incident has been called "the most serious breach of U.S. national security," and has been rated as Impact Measurement Index-1 (IMI-1), the most serious level of security violation.

Los Alamos has had serious data breaches extending back seven years, and the problem is that they keep applying insufficient fixes to each problem after they’ve occurred. Peter Stockton, senior investigator of POGO, or Project on Government Oversite, said the person "has been fined, lab officials have been fired, and the lab was even closed for a number of months so that it could get its act together. It’s clear that it just can’t."

What Los Alamos needs is a top-down all encompassing review of data security. I mean, with data protection like this for our nation’s most vital secrets, who needs terrorists?

Posted by pschooff in |Digg This|Add to del.icio.us

Trackback Pings

TrackBack URL for this entry:
http://www.ebizq.net/mt/mt-tb.cgi/2220

Comments Post a comment




Remember Me?

(you may use HTML tags for style)

We ask that you type your code (displayed below) in the text box.This code is an image that cannot be read by a machine. It prevents automated programs from submitting comments.


Code:



Most Recent ebizQ Blog Entries
ADVERTISEMENT
Subscribe
News Feed
Recent Posts
Categories
Archives
Blog Roll
Blogosphere
This Work
Accountability:The opinions expressed in this blog are solely representative of the blog's author, and not of ebizQ
Subscribe to our Newsletters
ebizQ Weekly Gold Club Update
Live Webinar Updates
Updates from ebizQ Partners
ebizQ SOA Update
ebizQ BPM Update
ebizQ Security Update
ebizQ BI Update
ebizQ Open Source Software Update
Virtual Show Newsletter
Your E-mail Address:
BAM: The Killer App for CEP
Date: Feb 12, 2008
Time: 12:00 PM ET
(17:00 GMT)
I WANT TO ATTEND
Event Processing Market Pulse
Date: Feb 14, 2008
Time: 12:00 PM ET
(17:00 GMT)
I WANT TO ATTEND
Archived Webinars | Upcoming Webinars

Marketing Solutions | Feedback | About ebizQ | Unsubscribe | Privacy Policy | Site Map