Los Alamos failed to track its computers, feds report

[InfoSec News <isn () c4i org>]

http://www.bayarea.com/mld/cctimes/5741689.htm

By Andrea Widener
CONTRA COSTA TIMES
April 29, 2003

In another blow to a flailing lab, the Energy Department's inspector
general said Monday that Los Alamos Laboratory failed to properly
track thousands of laptop and desktop computers, including several
with classified information.

The finding is just the most recent report of accounting
irregularities, purchasing system defects and business system failures
since last fall, when the New Mexico weapons lab's problems came to
light because of two fired whistleblowers.

Their claims have led to dozens of internal and external reviews that
will culminate this week with a decision on the lab's future. On
Wednesday, the DOE will announce if the University of California will
lose its contract to run the lab.

There is no way to know how the new inspector general's report will
factor into the DOE's decision, to be followed Thursday by a House
hearing on UC management.

The contract could be taken away at once or, more likely, officials
will tell UC it must compete to continue running the lab when its
current contract expires in September 2005. It would be the first time
UC has had to compete to run Los Alamos, or its sister lab, Lawrence
Livermore, in 60 years.

While not alleging that classified information was lost, the report
says the lab has inadequate controls to ensure computers are safe from
theft and to protect classified nuclear weapons information.

"We do not believe that Los Alamos can provide adequate assurance that
classified, sensitive or proprietary information is appropriately
protected," wrote Gregory Friedman, the inspector general.

Lab officials said classified information was not compromised. Lab
security experts will use the report to correct known accounting
errors.

"They feel very, very confident that we have maintained full
accountability" of classified information, said lab spokesman Jim
Fallin. "We know what our responsibilities are. We take this report
very seriously."

This is the sixth Los Alamos-focused report from the DOE inspector
general this year. Spokeswoman Wilma Slaughter said the reports come
out of a comprehensive review of Los Alamos initiated by the watchdog
agency; several have been specifically requested by National Nuclear
Security Administration leaders.

The most recent findings show the lab couldn't account for all laptops
containing classified information. The lab sometimes wrote off lost or
stolen computers, did not always report thefts to proper authorities
and did not hold employees liable for lost computers.

Los Alamos has 35,000 computers, 5,000 laptops and 30,000 desktop
models. The audit found two computers were purchased with lab credit
cards after that became against lab policy. Four classified laptops
were not on the lab's secure inventory list, and others that were no
longer in use remained on the list. In the previous two years, 22
laptop computers, worth $81,000 when new, were lost or stolen without
an investigation taking place.

Fallin said many of the computers were tracked in multiple ways, and
some problems happened during transition to a new accountability
system, which does not allow credit card purchases of computers and
which created a new system for theft and employee accountability. The
lab will look at the other issues and see whether more tracking is
required, he said.

Lawrence Livermore, which is likely to come under similar scrutiny,
follows different procedures to account for computers, said
spokesperson Susan Houghton. The lab does not allow credit card
computer purchases, and all computer losses are automatically
investigated.

The inspector general referred findings to DOE counterintelligence
officials. The nuclear security administration had no comment, except
to say it would add the findings to the ongoing investigation of Los
Alamos' business and property tracking practices, as well as its
review of UC's management.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.