Lab strives to regain security credibility

-A A +A
By Roger Snodgrass

No one has found that security problems at Los Alamos compromised national security in 2007, but dealing with past and persistent security vulnerabilities at the lab was one of the major stories of the year.

Although the discovery of hundreds of pages and electronic files of classified documents in a mobile home park adjoining laboratory property occurred in Oct. 2006, the Jessica Quintana affair and its repercussions set a tone and created a stir that spanned 2007 as well.

As the year came to a close, Quintana, the archivist who had removed copies of the documents from the laboratory, was sentenced on Dec. 20 to two years of probation by U.S. Judge Lorenzo Garcia.

Quintana avoided fines and a request by the Department of Energy that she pay restitution of $384,150. She told the court, “There’s nobody to blame but myself.”

Beginning with a stormy Congressional hearing in January, LANL Director Michael Anastasio was cross-examined by members of the investigations subcommittee of the House Energy and Commerce committee, who demanded an explanation and threatened financial retribution.

“It is my belief that many of the past problems at Los Alamos were never fully rectified,” Anastasio said “Many corrective actions were formulated and implemented at the local organizational level, without clear and consistent implementation across the entire Laboratory. That approach continues to leave the laboratory vulnerable to the recurrence of security problems that are the basis for this hearing.”

By midyear, the top DOE and NNSA officials were also grilled about security violations at the laboratory that were known but unacknowledged even as the previous hearing took place.

These breaches, first reported in Time magazine, involved a consultant to Los Alamos National Security, the managing consortium for the laboratory, and at least five LANS board members who shared classified material over open e-mail networks.

In October, a “serious and malicious” cybersecurity attack took place against national weapons laboratories, including LANL. The incident may have compromised personal information such as unencrypted social security numbers of an unspecified number of individuals from an internal LANL network. The threat of personal identity theft was disclosed to the affected individuals by mail in December.

At years end, an internal presentation on the lab’s security record for the year was obtained by the Washington-based Project on Government Oversight and distributed to the national press. A slide outlining security performance said there had been 13 top-level security incidents during the period from June 2006 through June 2007, and 35 external audits for physical security since that period began.

Additional fines and penalties, if they are assessed, have yet to be determined or made public.

A laboratory spokesperson said the security trend was actually improving, especially in comparison to 2004 and 2005, and “a marked improvement over ’06.”

The year saw many corrective efforts, as well, which Anastasio and staff have pointed out during the year.

Along with new training programs and reviews, there was a crackdown on portable devices and a campaign to glue shut all computer information ports that could enable unauthorized downloading. There was continuing consolidation of corals for classified information and a the first “Super Vault Type Room” combining both high technology with “tried and true systems such as the bank teller’s window common at financial institutions.” A $20 million item in next year’s budget will continue to support vault consolidation activities at the laboratory.