GAO again fails Energy security

The Energy Department was forced to take two of its laboratories off the

Internet for as long as a week after hackers attacked computer systems at

least four times, the General Accounting Office said in a report made available

on June 30.

The report gave DOE another flunking grade for not providing adequate

security defenses, this time for its unclassified civilian research files.

A review of security found that DOE facilities had weak spots just waiting

to be attacked, the report stated.

"The DOE laboratories have become a popular target of the hacking community,"

the report said. The number of incidents has increased dramatically, from

less than 500 to 3,000 between 1997 and 1999.

Rep. F. James Sensenbrenner Jr. (R-Wis.), chairman of the House Science

Committee, said Congress is losing patience with DOE's security problems.

The latest report comes in the wake of disclosures that classified computer

drives were missing and then found at the Los Alamos National Laboratory

in New Mexico.

"Cutting off access to the Internet to DOE scientists for days on end

or exposing experimental data to tampering or theft because of poor computer

security is simply unacceptable," Sensenbrenner said.

The report said DOE did not have a clear policy regarding what information

should be accessible to the public. It also found there were no security

plans for 17 of the 20 major systems reviewed by GAO. "IT security policies

have not been enforced," the report said. "And incidents are not consistently

reported."

Energy Department officials had no immediate comment.