recommended reading

Network at Los Alamos vulnerable to attacks

Unclassified information on a network the Los Alamos National Laboratory operates is susceptible to unauthorized access because of major information security weaknesses, according to a Government Accountability Office report released on Friday. Among the problems GAO cited was the large number of foreign nationals from countries the government deems sensitive who have access to the network.

Comment on this article in The Forum.Los Alamos has made progress to improve security and to detect threats, but vulnerabilities such as identifying and authenticating network users, encrypting sensitive information, and restricting physical access to computer resources remain, according to the GAO report. For example, while Los Alamos implemented strong authentication measures for accessing the network, once a user has accessed the network, he or she could create a simple password that would allow them to access sensitive information.

The lab is a national security facility located in Los Alamos, N.M., whose core mission is to ensure the safety and reliability of the nuclear weapons stockpile. Los Alamos employs more than 12,000 people in 2,700 buildings and has an annual operating budget of about $2 billion. Its unclassified network contains sensitive information, including unclassified but sensitive nuclear information, data on nuclear reactor safeguards, the military's critical technology list, confidential foreign government information, and personally identifiable information on lab employees.

"Owing to the nature of the research and development conducted at [Los Alamos], the information on the unclassified network presents a valuable target for foreign governments, terrorists and industrial spies," GAO noted.

The agency detailed a number of weaknesses in the laboratory's information security program, including the absence of adequate risk assessments and effective policies to govern information security.

GAO highlighted as an issue the large number of foreign nationals who have access to the lab's unclassified network. As of May 2008, 688 foreign nationals, including more than 300 from countries identified as sensitive by the Energy Department, including Russia, China and India, were granted network access. Energy identifies countries as sensitive based on national security, nuclear nonproliferation or terrorism concerns.

"The number of foreign nationals who have access to the unclassified network has raised security concerns among some laboratory and [the National Nuclear Security Administration, which operates the Los Alamos lab] officials because of the sensitive information contained on the network," GAO reported.

Los Alamos spent more than $51 million from 2001 to 2007 to protect its unclassified network, but the lab's cybersecurity officials told GAO that funding had been inadequate to address some of their security concerns. In response, NNSA's chief information officer told the agency that Los Alamos had not adequately justified its requests for additional funds to address the lab's shortfalls. NNSA also said the lab's past budget requests were "prepared on an ad hoc basis and were not based on well-defined threat and risk assessments."

In 2006, NNSA implemented a more systematic approach to developing cybersecurity budgets across the nuclear weapons complex, including Los Alamos. The report said, however, the agency still has not provided guidance that clearly lays out spending priorities. GAO made 41 recommendations, including Los Alamos conducting a risk assessment and strengthening its information security policies. NNSA did not comment specifically on the recommendations but agreed with the general conclusions of the report.

Threatwatch Alert

Stolen laptop

3.7M Hong Kong Voters' Personal Data Stolen

See threatwatch report


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.


When you download a report, your information may be shared with the underwriters of that document.