[ISN] E-mail security problems reported at Los Alamos National Lab

[InfoSec News]

http://www.computerworld.com/securitytopics/security/story/0,10801,94638,00.html

By Todd R. Weiss 
JULY 20, 2004 
COMPUTERWORLD

Security troubles continue at the Los Alamos National Laboratory, 
where officials have confirmed that workers recently sent out an 
undisclosed number of classified e-mails over a nonsecure e-mail 
system. 

The new disclosure comes less than two weeks after the New 
Mexico-based lab announced that two removable computer disks 
containing classified nuclear weapons data were missing.
That incident represents at least the third time since 2000 that 
storage media containing classified information have been lost in the 
facility. 

In the latest incident, lab spokesman Kevin Roark late yesterday 
confirmed a Los Angeles Times report that the lab recently discovered 
new incidents of classified information being sent through a 
nonclassified e-mail system. 

"We have had occurrences recently, yes," Roark said. "We have had them 
in the past. It's anticipated we will have them in the future." 

The incidents, he said, occurred when scientists in the lab, which 
employs about 12,000 people, incorrectly judged information as being 
classified or unclassified and sent it without asking for assistance 
about the contents of their e-mails. The incidents are always promptly 
reported to the U.S. Department of Energy and other agencies, as 
required by law, Roark said. 

When such incidents reoccur, employees are given additional training 
to remind them of the proper procedures, he said. The problem is that 
there are "vagaries in the classification rules" which can sometimes 
make it difficult to determine what is or isn't classified. 

"It's not as simple as people might think it would be," he said. 
"We're not in a situation where a scientist knows what he's writing 
about is classified and he just doesn't care." 

Robert K. Musil, executive director and CEO of the Washington-based 
Physicians for Social Responsibility, a non-profit group that seeks 
the elimination of nuclear and other weapons of mass destruction, said 
the security incidents should remind the public that "nuclear weapons 
remain the single most important threat to U.S. security that exists. 

"Even though it is quite dangerous to have these kinds of classified 
files and materials floating around somewhere, at least it will 
underscore a problem that people haven't paid enough attention to," 
Musil said. "It also reminds people that ultimately the best way for 
us to be secure is to ... prevent the proliferation of such weapons 
and reduce or eliminate our own nuclear weapons." 

Roark said he couldn’t comment on the exact number of classified 
e-mails that were recently sent over the unclassified e-mail system, 
but he said it is "a very small number."

"We'd like to get that to zero," he said. "But you've got to 
understand, you can't legislate perfection on people. All you can do 
is tell them in security briefings and reiterate it every time you 
talk about security."

Late last week, the lab suspended all activities while the 
investigation into the missing computer disks continues. Only some 
essential activities are ongoing, Roark said, including certain 
important national security functions and human resources, public 
relations and building infrastructure tasks. 

The suspension will continue until officials there believe the latest 
security problems are corrected, Roark said. All classified activities 
were suspended on July 9 after the disks were reported missing. 

Some reviews are complete, while others may take several more days or 
even weeks for high-risk activities, Roark said. 

The Los Alamos facility develops and applies technology to ensure the 
safety and reliability of U.S. nuclear deterrent systems and to reduce 
the threat of weapons of mass destruction and terrorism. The lab also 
does research aimed at solving national problems in defense, energy 
and the environment.