Storm Clouds Over Los Alamos

5:15 PM -- There is more trouble brewing at the Los Alamos National Lab, with a major government watchdog and a group of National Nuclear Security Administration (NNSA) employees launching complaints about the top-secret research facility.

Yesterday, the Project on Government Oversight (POGO) put the boot on management at the lab, which is the birthplace of the atomic bomb, accusing officials of shirking their security responsibilities.

POGO says it has copies of an internal assessment of the lab showing that six months into the tenure of the facility's new management, no cyber-security plan is in place.

In addition to not having a site-wide plan, the lab is reported to lack "rudimentary components" of a cyber-security program, according to POGO officials. This includes "standardized periodic training," a site-wide cyber-security manual, and an overarching policy for the lab's security strategy.

All this in the wake of a range of security problems that forced a turnover in management. Last year, a consortium led by the University of California and Bechtel took over the running of Los Alamos. Prior to that, the lab was the responsibility of the University alone, but the contract was re-bid in the wake of high-profile storage snafus. (See Lab Upgrades Monitoring System, Secretary Sweet-Talks Los Alamos Staff, UK Scientist to Los Alamos: Lock Up!, and UC to Lab: Help Save Us!)Last year, the lab hit the headlines when three USB drives containing sensitive data were reportedly found by police in the home of a lab worker. This followed the supposed disappearance of classified defense secrets on portable floppies at Los Alamos a couple of years ago. (See Los Alamos Disks May Not Be Lost, Latest From Los Alamos, and Los Alamos Fallout Continues.)

To make matters worse, a group of current and former workers at the Los Alamos Site Office (LASO), part of the NNSA which oversees contractors at the lab, sent an "SOS" to Congress this week. The anonymous letter alleged cronyism, understaffing, and a generally poor standard of management at the office.

A Los Alamos spokesman told Byte and Switch that a number of "major steps" have been taken to improve cyber-security.

Nonetheless, if these accusations are proved correct, it suggests that Los Alamos has learned nothing from the last few years, particularly about storing data. Technology is only a fraction of an organization's broader IT strategy; the people that manage tapes, disks, and USB drives are just as critical, if not more so.

We'll see whether Los Alamos needs to revisit its storage [and staffing] systems.James Rogers, Senior Editor Byte and Switch