Nuclear Research Facility Lacks Adequate Cyber Security

Thursday, April 21, 2011



The findings from a federal audit of the Lawrence Livermore National Laboratory indicate that the lab has failed to implement adequate security measures to protect classified information.

Lawrence Livermore is one of the primary facilities for conducting nuclear research for the federal government and houses some of the most sophisticated supercomputing hardware for analyzing classified research data.

The Energy Department's audit concluded that multiple security problems persist due to improper risk assessments regarding system changes.

Specifically, the audit points out an instance where private contractors made changes to systems that measure nuclear explosions without first consulting the appropriate federal officials to receive approval.

"Without improvements, the weaknesses identified may limit program and site-level officials' ability to make informed risk-based decisions that support the protection of classified information and the systems on which it resides," the audit concluded.

A spokesman for the Energy Department's National Nuclear Security Administration, Damien LaVera,  was quick to issue statements assuring that there is not evidence of a data loss event. Other White House officials stated that the audit's findings do not reflect the overall state of security at the lab.

"We do not believe conclusions documented in this report can be extrapolated to determine the state of the entire risk management program. Furthermore, the general recommendations made by the IG were already in place," wrote Gerald Talbot, Jr., the Obama administration's associate director for management and administration.

The release of the audit comes less than a week after internet access and email systems where temporarily shut down at the Oak Ridge National Laboratory as investigators looked into events surrounding a reported cyber attack.

“In this case, it was initiated with phishing email, which led to the download of some software that took advantage of a ‘zero day exploit,’ a vulnerability for which there is no patch yet issued,” said ORNL Director Thom Mason.

Lawrence Livermore National Laboratory officials maintain that they believe network security at the lab is up to par, contrary to the finding of the federal audit.

"We feel we have a good strong cyber security system at the lab. That said, we're always looking to improve it and make it better," said a spokesman for the Lawrence Livermore National Laboratory, Don Johnston.


Possibly Related Articles:
Attack Government Data Loss Prevention Security Audits Headlines Network Security Oak Ridge National Laboratory Lawrence Livermore National Laboratory
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.