Wednesday, July 25, 2007
Department hits university with fine over Los Alamos breach
Department hits university with fine over Los Alamos breach
Dan Kaplan Jul 17 2007 23:35
The U.S. Department of Energy has imposed a $3.3 million fine against the current and former operators of the Los Alamos National Laboratory following an incident last year in which a subcontractor's employee stole classified documents by storing them on a USB stick.
The enforcement action penalizes the University of California (UC), which managed the nuclear weapons lab until May 2006, $3 million and fined the new manager, Los Alamos National Security, $300,000. The new operation and management contractor, which took over June 1, consists of UC, Bechtel National, BWX Technologies and the Washington Group International.
The October 2006 theft occurred months after the lab was supposed to include tighter security controls, the Energy Department contends.
Jessica Lynn Quintana, 22, pleaded guilty in May in U.S. District Court in Albuquerque, N.M. Hired to archive classified information, Quintana admitted that when she was working at the lab on July 27, 2006, she printed pages of classified documents and downloaded other classified data onto a USB device, then carried the data home in a backpack.
It is unknown why she took the documents, which were later discovered in an unrelated drug raid at a mobile home park. Quintana faces up to one year in prison, five years of probation and a $100,000 fine.
University spokesman Chris Harrington said the college was reviewing the Energy Department’s enforcement action, but noted that the incident occurred in October 2006, five months after its management contract of the laboratory expired. In addition, the culprit was not a university employee, he added.
Still, "the university remains outraged at the actions taken by the individual involved in this incident," he said. "We believe the type of behavior involved — a failure to follow clearly defined security protocols and a violation of the law — is completely unacceptable."
A lab spokeswoman has told SCMagazine.com that the lab has since reduced removable media in use, disabled USB ports and encrypted laptop hard drives. She said the lab also has enhanced training measures and policies.
This is not the first breach the lab has dealt with this year. In April, it warned employees that their identity may be at risk after the names and Social Security numbers of 550 lab workers was posted on a website operated by a subcontractor working on a security system.
Dan Kaplan Jul 17 2007 23:35
The U.S. Department of Energy has imposed a $3.3 million fine against the current and former operators of the Los Alamos National Laboratory following an incident last year in which a subcontractor's employee stole classified documents by storing them on a USB stick.
The enforcement action penalizes the University of California (UC), which managed the nuclear weapons lab until May 2006, $3 million and fined the new manager, Los Alamos National Security, $300,000. The new operation and management contractor, which took over June 1, consists of UC, Bechtel National, BWX Technologies and the Washington Group International.
The October 2006 theft occurred months after the lab was supposed to include tighter security controls, the Energy Department contends.
Jessica Lynn Quintana, 22, pleaded guilty in May in U.S. District Court in Albuquerque, N.M. Hired to archive classified information, Quintana admitted that when she was working at the lab on July 27, 2006, she printed pages of classified documents and downloaded other classified data onto a USB device, then carried the data home in a backpack.
It is unknown why she took the documents, which were later discovered in an unrelated drug raid at a mobile home park. Quintana faces up to one year in prison, five years of probation and a $100,000 fine.
University spokesman Chris Harrington said the college was reviewing the Energy Department’s enforcement action, but noted that the incident occurred in October 2006, five months after its management contract of the laboratory expired. In addition, the culprit was not a university employee, he added.
Still, "the university remains outraged at the actions taken by the individual involved in this incident," he said. "We believe the type of behavior involved — a failure to follow clearly defined security protocols and a violation of the law — is completely unacceptable."
A lab spokeswoman has told SCMagazine.com that the lab has since reduced removable media in use, disabled USB ports and encrypted laptop hard drives. She said the lab also has enhanced training measures and policies.
This is not the first breach the lab has dealt with this year. In April, it warned employees that their identity may be at risk after the names and Social Security numbers of 550 lab workers was posted on a website operated by a subcontractor working on a security system.
Labels: Los Alamos National Laboratory
Friday, May 25, 2007
Los Alamos beefs up security in wake of data breach
Los Alamos beefs up security in wake of data breach
Jim Carr May 22 2007 19:39
The theft of classified information by a contractor's former employee has forced the Los Alamos National Laboratory to implement a variety of tactical and strategic security policies commonly found in a private enterprise.
The lab has disabled all ports, including USB ports, on classified computers — some via physically gluing the port shut, others with locking devices or software — and has begun encrypting personal information on laptop hard drives.
Meanwhile, Jessica Lynn Quintana pleaded guilty in U.S. District Court in Albuquerque, N.M., last week. Hired by the northern New Mexico laboratory to archive classified information, Quintana faces up to one year in jail, five years of probation and a $100,000 fine.
Quintana admitted in her plea that when she was working in a secure area at the lab on July 27, 2006, she printed pages of classified documents and downloaded other classified data onto a USB drive, then carried the data home in a backpack, according to the U.S. Department of Justice. The government didn't say why she took the information.
In addition to disabling USB ports and encrypting laptop hard drives, the lab has "significantly reduced risks in both cyber- and physical security [by] reducing and consolidating classified holdings" since the theft, according to a lab spokeswoman reached by SCMagazine.com, and who requested anonymity. "All of our classified systems have been inspected and found to be compliant, and we have reduced the number of standalone classified systems by 28 percent."
The lab also began construction on what it calls "a super vault-type room, the first of its kind," according to the spokeswoman. The vault, or data center, will allow the lab to "consolidate and uniformly control classified information managed by security professionals. By constructing additional super vault-type rooms, we'll reduce the number of classified vaults to an absolute minimum."
In addition, the lab has instituted searches "of all belongings carried by those escorted both in and out of the vaults."
In the area of policy and social engineering, the lab has "uniformly trained our information systems security officers, our ISSOs, and is hiring senior ISSOs in all key organizations to provide consistency across the laboratory," according to the spokeswoman.
Jim Carr May 22 2007 19:39
The theft of classified information by a contractor's former employee has forced the Los Alamos National Laboratory to implement a variety of tactical and strategic security policies commonly found in a private enterprise.
The lab has disabled all ports, including USB ports, on classified computers — some via physically gluing the port shut, others with locking devices or software — and has begun encrypting personal information on laptop hard drives.
Meanwhile, Jessica Lynn Quintana pleaded guilty in U.S. District Court in Albuquerque, N.M., last week. Hired by the northern New Mexico laboratory to archive classified information, Quintana faces up to one year in jail, five years of probation and a $100,000 fine.
Quintana admitted in her plea that when she was working in a secure area at the lab on July 27, 2006, she printed pages of classified documents and downloaded other classified data onto a USB drive, then carried the data home in a backpack, according to the U.S. Department of Justice. The government didn't say why she took the information.
In addition to disabling USB ports and encrypting laptop hard drives, the lab has "significantly reduced risks in both cyber- and physical security [by] reducing and consolidating classified holdings" since the theft, according to a lab spokeswoman reached by SCMagazine.com, and who requested anonymity. "All of our classified systems have been inspected and found to be compliant, and we have reduced the number of standalone classified systems by 28 percent."
The lab also began construction on what it calls "a super vault-type room, the first of its kind," according to the spokeswoman. The vault, or data center, will allow the lab to "consolidate and uniformly control classified information managed by security professionals. By constructing additional super vault-type rooms, we'll reduce the number of classified vaults to an absolute minimum."
In addition, the lab has instituted searches "of all belongings carried by those escorted both in and out of the vaults."
In the area of policy and social engineering, the lab has "uniformly trained our information systems security officers, our ISSOs, and is hiring senior ISSOs in all key organizations to provide consistency across the laboratory," according to the spokeswoman.
Labels: Los Alamos National Laboratory
