Wednesday, February 02, 2005

LANL in the News

Wednesday, February 2, 2005

LANL Ditching Its Disks; Lab Gets Funds To Go 'Medialess'

By Adam Rankin
Journal Staff Writer
In response to recent classified security concerns at Los Alamos National Laboratory, the Energy Department is allocating about $20 million to expand the lab's "medialess" computer network, reducing reliance on less-secure computer disks and CDs.
At the same time, LANL officials are restricting access to so-called "Classified Removable Electronic Media," or CREM, such as Zip and floppy disks, by moving them into secure libraries and destroying tens of thousands of unneeded disks.
In fact, LANL has destroyed or erased about 66,000 pieces of CREM in a little over a year, reducing its inventory from about 90,000 pieces to a little more than 23,000 pieces.
LANL spokesman Kevin Roark said the laboratory has so far reduced the number of rooms where CREM can be stored by 95 percent, from 733 rooms down to 37, including 19 CREM libraries, which house the majority.
He said LANL officials have also restricted employee and scientist access to CREM by a whopping 99 percent, so now only 50 people have access, down from 4,500.
The $20 million allocated for fiscal year 2005 is expected to further reduce the CREM inventory, Roark said.
All these actions come on the heels of 24 months highlighted by a series of clerical errors impacting classified information that Congress and federal officials deem unacceptable.
Since January 2003, four separate clerical errors have resulted in confusion over 14 pieces of CREM at LANL, 12 of which lab officials say were probably erased or destroyed, although they lack documentation to prove it.
Two classified disks, discovered missing in July 2004, never existed. According to a Jan. 26 DOE report on the matter, a CREM custodian entered 10 bar codes into the CREM tracking database in late 2003, when only eight Zip disks had been created. The other two bar codes were never taken off the database.
The mistake should have been caught during an April inventory, but wasn't, apparently because proper procedures weren't followed during the "hands on" inventory; the person doing the inventory recorded that they were accounted for, when they actually weren't, according to the report.
Only after careful forensic review, analyzing the computer that allegedly created the missing disks, were federal investigators able to determine that the disks were probably never created.
The inherent risks of a classified computer system that allows disks to be removed and tracked with a system susceptible to human fallibility have long been known to government officials.
After the Wen Ho Lee case, in which the Los Alamos scientist pled guilty to mishandling classified data, LANL officials said they were aiming to establish a "medialess" computer network so classified information could not be copied to tapes, CDs or disks by September 2000.
The need for reducing the number of classified computer disks was highlighted shortly after Lee's case, when a pair of computer hard drives were misplaced for 11 days and were eventually found behind a copy machine in LANL's Dynamic Experimentation Division.
Glenn S. Podonsky, director of DOE's Office of Independent Oversight and Performance Assurance, told Congress in June 2003 that many of DOE's computer security lapses in the late 1990s "were partially attributable to the fact that DOE policies and practices... did not always keep pace with changing technology."
But it has only been in the last year, after a series of clerical errors highlighting those liabilities, that efforts to reduce those risks have been implemented with any kind of imperative.
In May 2004, former DOE Secretary Spencer Abraham proposed an initiative to move to a "medialess" classified network across the DOE's 59 sites over the next five years "to permanently eliminate the threat of such problems."
Across the entire Energy Department network, there are nearly 190,000 pieces of accountable CREM that can be plugged into computers or disk drives, then carried away.

Comments: Post a Comment

<< Home

This page is powered by Blogger. Isn't yours?