recommended reading

Network at Los Alamos vulnerable to attacks

Unclassified information on a network the Los Alamos National Laboratory operates is susceptible to unauthorized access because of major information security weaknesses, according to a Government Accountability Office report released on Friday. Among the problems GAO cited was the large number of foreign nationals from countries the government deems sensitive who have access to the network.

Comment on this article in The Forum.Los Alamos has made progress to improve security and to detect threats, but vulnerabilities such as identifying and authenticating network users, encrypting sensitive information, and restricting physical access to computer resources remain, according to the GAO report. For example, while Los Alamos implemented strong authentication measures for accessing the network, once a user has accessed the network, he or she could create a simple password that would allow them to access sensitive information.

The lab is a national security facility located in Los Alamos, N.M., whose core mission is to ensure the safety and reliability of the nuclear weapons stockpile. Los Alamos employs more than 12,000 people in 2,700 buildings and has an annual operating budget of about $2 billion. Its unclassified network contains sensitive information, including unclassified but sensitive nuclear information, data on nuclear reactor safeguards, the military's critical technology list, confidential foreign government information, and personally identifiable information on lab employees.

"Owing to the nature of the research and development conducted at [Los Alamos], the information on the unclassified network presents a valuable target for foreign governments, terrorists and industrial spies," GAO noted.

The agency detailed a number of weaknesses in the laboratory's information security program, including the absence of adequate risk assessments and effective policies to govern information security.

GAO highlighted as an issue the large number of foreign nationals who have access to the lab's unclassified network. As of May 2008, 688 foreign nationals, including more than 300 from countries identified as sensitive by the Energy Department, including Russia, China and India, were granted network access. Energy identifies countries as sensitive based on national security, nuclear nonproliferation or terrorism concerns.

"The number of foreign nationals who have access to the unclassified network has raised security concerns among some laboratory and [the National Nuclear Security Administration, which operates the Los Alamos lab] officials because of the sensitive information contained on the network," GAO reported.

Los Alamos spent more than $51 million from 2001 to 2007 to protect its unclassified network, but the lab's cybersecurity officials told GAO that funding had been inadequate to address some of their security concerns. In response, NNSA's chief information officer told the agency that Los Alamos had not adequately justified its requests for additional funds to address the lab's shortfalls. NNSA also said the lab's past budget requests were "prepared on an ad hoc basis and were not based on well-defined threat and risk assessments."

In 2006, NNSA implemented a more systematic approach to developing cybersecurity budgets across the nuclear weapons complex, including Los Alamos. The report said, however, the agency still has not provided guidance that clearly lays out spending priorities. GAO made 41 recommendations, including Los Alamos conducting a risk assessment and strengthening its information security policies. NNSA did not comment specifically on the recommendations but agreed with the general conclusions of the report.

Threatwatch Alert

Network intrusion

Florida’s Concealed Carry Permit Holders Names Exposed

See threatwatch report


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.


When you download a report, your information may be shared with the underwriters of that document.