A string of information security breaches earlier this decade has led to some measures being taken to protect classified security networks at Los Alamos National Laboratory (LANL) but vulnerabilities remain in critical areas, the Government Accountability Office (GAO) says in a new report.
Vulnerabilities remain in “identifying and authenticating the identity of users, authorizing user access, encrypting classified information, monitoring and auditing compliance with security policies, and maintaining software configuration assurance,” says the report, Information Security: Actions Needed to Better Manage, and Sustain Improvements to Los Alamos National Laboratory’s Classified Computer Network (GAO-10-28).
LANL, which is part of the Department of Energy’s national laboratory network, is responsible for the nation’s nuclear weapons stockpile and it uses its classified computer network to analyze results of non-nuclear experiments and to simulate the performance of nuclear weapons to meet military requirements.
Between 1999 and 2006 several security breaches occurred, including the removal of computer hardware and physical documents from the lab, some of which contained nuclear weapon design information, GAO says.
The computer vulnerabilities identified by GAO could lead to insiders gaining inappropriate access to classified information, the unnecessary of exposure of data to unauthorized individuals, and that unauthorized activity may not be detected or investigated.
The Energy Department’s National Nuclear Security Administration says it will provide to Congress detailed corrective actions it plans to implement regarding computer security, GAO says.