Skip to Main Content
 

 

 

 

"New" LANL Management Can't Get a Grip

March 22, 2007 

 

WASHINGTON —The Project On Government Oversight (POGO) has received copies of an internal assessment of the Los Alamos National Laboratory showing that six months into its tenure the lab’s new management had no cyber security protection plan.

The new management is a consortium led by University of California and Bechtel.  The University alone managed the lab for 60 years—until a series of cyber-security lapses and breaches forced a re-bid of the original management contract. However, the internal assessment of the lab’s Cyber Security Program conducted in November 2006 reveals crucial management problems.  These problems include lack of a clear cyber-security policy and a program plan that still hadn’t been finalized.

Two sections of the lab’s draft master cyber-security plan titled “Bull in a China Shop” and “Flatheaded” are cited as “derogatory statements regarding the new LANS [Los Alamos National Security] management structure and its likely impacts on cyber security at LANL.” These sections were drafted by the lab’s Information System Security Officers.

In addition to not having a site-wide plan, the lab is reported to lack “rudimentary components” of a cyber security program including standardized periodic training, a site-wide cyber security manual, and an overarching policy for the lab’s cyber-security, noting “limited procedural documentation was available.”

The assessment involved representatives from several nuclear weapons facilities and was conducted in mid-November—weeks after a major cyber-security breach that led to more than 1,000 pages of highly classified documents from the lab being discovered in a trailer during a methamphetamine lab drug bust.

POGO’s investigations have found seven cyber-security breaches at LANL since 2002 (see Los Alamos Classified Info Found in Drug Raid
).  These breaches include a 2004 report of the loss of computer disks containing classified information and the mishandling of classified emails. Those events prompted LANL Director Pete Nanos to suspend all work activities for the Lab in July 2004 for several months, at a cost of at least $370 million.

“LANL seems to have the same never-ending problems,” said POGO’s Executive Director Danielle Brian.  “Time after time the lab has promised to strengthen its cyber-security program, including finding better ways to secure classified removable media, but little gets done.  I hope it doesn’t take another security breach to spur lab officials to real action, but I’m afraid it will.”


 


Founded in 1981, the Project On Government Oversight (POGO) is a nonpartisan independent watchdog that champions good government reforms. POGO's investigations into corruption, misconduct, and conflicts of interest achieve a more effective, accountable, open, and ethical federal government.

# # #