Report slams DOE counterintelligence

[InfoSec News <isn () C4I ORG>]

http://www.fcw.com/fcw/articles/2000/0626/web-energy-06-28-00.asp

BY Dan Verton
06/28/2000

The Energy Departments counterintelligence training and awareness
program has "failed dismally," a study by an independent panel of
security experts concluded, characterizing cyber-based
counterintelligence as the departments biggest challenge.

The "Report of the Redmond Panel," led by counterintelligence expert
Paul Redmond and delivered to Congress June 21, studied DOE efforts to
weed out spies and security leaks at the nations weapons laboratories.
The House Permanent Select Committee on Intelligence established the
bipartisan team of investigators to examine the progress of security
reforms throughout Energy in the wake of last years Cox Committee
report on Chinese nuclear espionage.

"There has been no discernible, effective effort from DOE headquarters
to establish and support an effective counterintelligence training and
awareness program," the report stated. It called DOEs annual security
refresher programs "perfunctory," adding that the "sample training
materials were bureaucratic, boring, turgid and completely
inefficient."

However, the most pressing challenge still facing the laboratories is
cybercounterintelligence, according to the report. "The magnitude of
the problem and the complexities of the issues are daunting," the
report stated.

DOEs security environment is marked by thousands of systems
administrators that have "very wide access," and tens of thousands of
e-mail messages are sent to external addresses each day, the report
found.

DOE has taken measures to beef up its cybersecurity mechanisms, such
as keyword searches on outgoing e-mail messages and a pilot program to
enhance intrusion detection, but some efforts are meeting stiff
resistance from DOE employees, the report stated. DOE and lab
personnel, for example, have complained about "excessive reporting
burdens" spurred by DOEs use of a comprehensive intrusion incident
reporting system.

DOE also recently hired a dozen retired FBI, CIA and military
intelligence officers to help inspect DOEs counterintelligence
programs. However, it will be a long time before results can be seen,
the report concluded.

"In spite of progress in some areas, statements from DOE headquarters
to the effect that all is now well are nonsense," the report stated.
"Problems and deficiencies caused by decades of nonfeasance and
neglect cannot be fixed overnight."

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".