GAO: Cybersecurity flaws at Los Alamos lab

The classified computer network of a major U.S. nuclear laboratory remains vulnerable to cyber attack, according to a congressional watchdog agency. The Government Accountability Office said in a report that the Los Alamos National Laboratory in New Mexico continues to have significant computer security problems, warning that it is having difficulty "protecting the confidentiality, integrity, and availability of information stored on and transmitted over its classified computer network."

The GAO said the critical vulnerabilities include identifying and authenticating users, authorizing user access, encrypting classified information and maintaining secure software configurations. It faulted the laboratory for failing to fully implement an information security program, for not conducting a comprehensive risk assessment to ensure against unauthorized use, and for not adequately training users with security responsibilities.

But there's been a running list of problems in the lab at Los Alamos. Earlier this year, there were reports that 67 computers were missing from the lab. In 2007, the Department of Energy, which oversees the laboratory, cited Los Alamos for a 2006 breach that exposed classified data.

The same year, members of Congress criticized the lab after reports that several officials there had used unprotected email networks to share highly classified information. In 2003 and 2004, the laboratory could not account for classified removable electronic media, such as compact discs and removable hard drives.

The DoE's National Nuclear Security Administration said it generally agreed with the report, but also pointed out that it has made progress in its cybersecurity efforts. Still, it's clear that Los Alamos needs a major lift in protecting its labs, a better security system and a way to keep track of lost computers and a foolproof way to prevent breaches.

For more on the IG's report on the Los Alamos lab:
- see this PCWorld article