Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

DOE Discloses Data Theft

From: David Farber <dave () farber net>
Date: Sat, 10 Jun 2006 15:27:48 -0400


Begin forwarded message:

From: Ari Ollikainen <Ari () OLTECO com>
Date: June 10, 2006 1:37:31 PM EDT
To: dave () farber net
Subject: DOE Discloses Data Theft

        Foot dragging on an incident which occurred in September 2005...
http://www.washingtonpost.com/wp-dyn/content/article/2006/06/09/ AR2006060901505.html 

Energy Dept. Discloses Data Theft
Victims, Top Officials Were Not Told About 2005 Hacking

Associated Press
Saturday, June 10, 2006; A04

A hacker stole a file containing the names and Social Security
numbers of 1,500 people working for the Energy Department's nuclear
weapons agency.

But the incident last September, somewhat similar to recent problems
at the Department of Veterans Affairs, was not reported to senior
officials until two days ago, officials told a congressional hearing
yesterday. None of the victims was notified, they said.

The data theft occurred in a computer system at a service center
belonging to the National Nuclear Security Administration in
Albuquerque, N.M. The file contained information about contract
workers throughout the agency's nuclear weapons complex, a department
spokesman said.

NNSA Administrator Linton F. Brooks told a House hearing that he
learned of the security break late last September but did not inform
Energy Secretary Samuel W. Bodman about it. It had occurred earlier
that month.

Brooks blamed a misunderstanding for the failure to inform either
Bodman or Deputy Energy Secretary Clay Sell about the security
breach. The NNSA is a semiautonomous agency within the department,
and Brooks said he assumed the DOE's counterintelligence office would
have briefed the two senior officials.

"That's hogwash," Rep. Joe Barton (R-Tex.), chairman of the House
Energy and Commerce Committee, told Brooks. "You report directly to
the secretary. . . . You had a major breach of your own security, and
yet you didn't inform the secretary."

Bodman's spokesman Craig Stevens said the secretary is "deeply
disturbed by the way this was handled." He said Bodman has asked the
department's inspector general to investigate why the security breach
was not made known sooner.

Barton called for Brooks's resignation because of his failure to
inform Bodman and other senior DOE officials of the security failure.

The Energy and Commerce oversight and investigations subcommittee
learned of the security lapse late Thursday, on the eve of its
hearing on DOE cyber security, said Rep. Edward Whitfield (R-Ky.),
chairman of the panel.

Although the compromised data file was in the NNSA's unclassified
computer system -- and not part of a more secure classified network
that contains nuclear weapons data -- DOE officials would provide
only scant information about the incident during the public hearing.

Brooks said the file contained names, Social Security numbers,
birthdates, codes showing where the employees worked and codes
showing their security clearances. A majority of the individuals
worked for contractors, and the list was compiled as part of their
security clearance processing, he said.

Tom Pyke, the DOE official charged with cyber security, said he
learned of the incident a few days ago. He said the hacker, who
obtained the data file, penetrated a number of security safeguards in
obtaining access to the system.

Stevens said Bodman, upon learning of the incident, directed that the
individuals affected be immediately told that their information had
been compromised.

The Energy Department spends $140 million a year on cyber security,
Gregory H. Friedman, the DOE's inspector general, told the committee.
But he said that while improvements have been made, "significant
weaknesses continue to exist," making the unclassified computer
system vulnerable to hackers.

--
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 
   "The release of atom power has changed everything except our way of
thinking...the solution to this problem lies in the heart of mankind. 
   If only I had known, I should have become a watchmaker."
                                                      --Albert Einstein



-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/
Previous By Date Next
Previous By Thread Next

Current thread: