Sunday, June 11, 2006

Another federal breach exposes employee records

By Heather Greenfield, National Journal's Technology Daily
The Energy Department disclosed to Congress on Friday that it suffered a security breach from a hacker in September that compromised 1,500 personnel records.

The news broke just as a House Energy and Commerce Oversight and Investigations Subcommittee was supposed to start a hearing on how secure Energy Department computers are in light of recently reported data breaches at the Internal Revenue Service and Veterans Affairs Department.

Kentucky Republican Ed Whitfield, chairman of the Subcommittee, said there is no excuse for the department to have its current "F" in cyber-security compliance -- or for waiting eight months to tell the Energy secretary or his committee about the security breach.

"It's unbelievable [that] 1,500 personnel files can be compromised with Social Security numbers," Whitfield said. "The impact that can have on individuals is quite disturbing."

Full Energy and Commerce Committee Chairman Joe Barton, R-Texas, visited the hearing room to express his outrage at the data breach and later called Energy Secretary Samuel Bodman. "If the administration won't do something about this incident, this committee will," he said.

[...]

Full Story


Comments:
'NNSA Administrator Linton Brooks said he learned of the "sophisticated" hacking incident in September. He said he did not know whose job it was to tell Bodman, but he wished he had.

"Mr. Brooks, I'm going to recommend you be removed from office, and I think you would do the country a service if you resigned," Barton said. Brooks said that because the breach was labeled a counterintelligence issue, the two sides of the organization each assumed the other had notified the secretary. Barton called that explanation "hogwash." '

 
Let's run a little thought experiment.

Assume this cyber-theft of personal data had occurred at LANL and
our Director knew about it, but kept the information under wraps
from both those affected and from the NNSA for 9 months (until NNSA
finally found out about it via other means).

----------------------------------------------------------
1. What would Congress be doing to LANL?

2. What would DOE/NNSA being doing to LANL?

3. How long would the LANL Director keep his job?

4. How long would the resulting stand-down at LANL last?

5. What would happen to the LANL management contract?

-----------------------------------------------------------

Of course, it didn't happen at LANL. It happened at NNSA's ABQ
office -- the same facility which the news reported was missing some
classified disks during the 2004 stand-down. We found ours - it was
a simple book-keeping mistake. It's anybody's guess if the NNSA ever
found theirs.

Now, let's observe if a double-standard exists. If Brooks and the
NNSA CIO are still in their jobs by the end of next week, then we know
there are obviously two separate standards in play here. One standard
is for all DOE/NNSA contractors, and another much, much lower standard
for all DOE/NNSA employees. Anyone have any doubts about this?

-
 
This is Linton Brooks' second cover up. He and Nanos tried to keep the fact that the phantom media didn't exist under wraps.
(Don't you just love how these ring knockin fools stick together?)

Or, maybe, he just thought someone else was going to tell the world that the disks never existed.

As for Congressman Barton, he was the first one to say that 19 innocent Americans should be thrown in jail without any proof of wrong doing in July of 04. If that is the standard used for us, why is it so difficult to put two former Admirals responsible for a $billion fraud behind bars? There is substantial evidence to support the charge. Of course, the answer is that a double standard does exist. Justice in America is dead.
 
the DOE/NNSA response to these type incidents is all too well known..."Our Cyber-Security Program is understaffed because of the lack of proper funding"...now the program will become even more bloated with staff and DOE Orders to ensure proper oversight of the DOE/NNSA Contractors...aaah, good old Government accountability!
 
There's only one possible solution: hang the son of a bitch out to dry, just like he did to us. While we're at it, hang out those incompetent CIOs as well.
 
Interesting how I was left a voicemail from NNSA stating that my personal information had been part of the hack.

Would I have ever been notified if this didn't make public media????

I'm not a happy camper.
 
Full Energy and Commerce Committee Chairman Joe Barton, R-Texas, visited the hearing room to express his outrage at the data breach and later called Energy Secretary Samuel Bodman. "If the administration won't do something about this incident, this committee will," he said.

Rep Barton isn't going to do jack.
 
If this was a CI case, then it is the responsibility of the CI official to brief the Secretary, not Brooks. This division of responsibility is quite clear.

Arcs_n_Sparks
 
This post has been removed by a blog administrator.
 
"If this was a CI case, then it is the responsibility of the CI
official to brief the Secretary, not Brooks. This division of
responsibility is quite clear." -- Arcs_N_Sparks


Bullshit! If there was accounting fraud at LANL, then I suppose it
would be up the the CFO to brief NNSA about it? I don't think so.
LANL's John Browne found his ass in the sling over loose accounting
practices. It cost him his job.

Linton Brooks should have plenty of blame heaped on his back over not
realizing and then reporting this incident directly to Bodman. Stop
trying to pass the buck, Arcs_n_Sparks. You were supposedly a manager
at one time. You should know better than this.
 
good2go,

You need to follow Doug's advice and pace yourself. Only two weeks to go on the blog.

Read the implementing law regarding the CI program. You will then understand the chain of responsibility and reporting requirements. If you read Brooks' testimony, he referred twice to proposed legislation to fix the problem he was being excoriated over. No committee member responded. Nor did you see futher Barton vitriol in the press after whatever was said in closed session explaining the situation.

Arcs_n_Sparks
 
Arcs_N_Sparks,

I highly doubt Congress is finished with this incident. Brooks
said he was aware of the stolen personal info back in September.
Even if it wasn't in his "official" chain of command, he would have
to be an idiot not to comprehend the seriousness of this situation
and talk it over with Bodman. Common sense comes in to play here.
Even Bodman is indicating he is very upset with Brooks performance
on this matter.

Your defense is typical of "pass the buck" management that we have
seen all too often at DOE/NNSA/UC/LANL.

And don't wet your pants in anticipation of the blog's closing.
I'm sure you, Dave, Anonymous, and others will be over joyed in
celebration when July 1st rolls around. Frankly, I, too, am
looking forward to this blog's demise. Sometimes you open doors
and see things you would rather not have seen. I can never
look at LANL or UC or DOE/NNSA quite the same way as before.

Ignorance can, indeed, be bliss!

-
 
As usual, I find myself in complete agreement with good2go. I discovered things about LANL and it's staff during the course of running this blog that I could have done without knowing.

On the bright side, I'd like to buy good2go a beverage of his/her own choosing (I hope it's beer) some time after July 1.

--Doug
 
good2go and Doug2go (on July 1):

I will be glad to join you in consumption of said celebratory beer!

-Brad2go
 
good2go,

"Even if it wasn't in his "official" chain of command, he would have
to be an idiot not to comprehend the seriousness of this situation
and talk it over with Bodman. Common sense comes in to play here."

You obviously believe that "common sense" (whatever that means, since common sense appears uncommon here) trumps the law. You also believe, presumably, that the New York Times was justified in leaking classified information regarding the NSA on the same basis.

I am not suggesting "passing the buck" regarding anything. I am only saying that the law regarding the creation of the CI program had some very specific chain of reporting responsiblities. It also precluded those outside the chain to even acknowledge that something had been referred to the CI official.

In closing, I am not wetting my pants regarding the blogs closure; I am not a regular contributor here. The entropy is excessive, and the five-sigma behavior is evident.

I am actually excited about sweeping up a large amount of WFO that LANL will lose due to the financial blunder foisted upon the many fine scientists and engineers at LANL, let alone the taxpayers of the country.

Arcs_n_Sparks
 
Arcs_N_Sparks,

Sweeping it up to where, exactly? ORNL? PNL? SNL? Which
lab (or private contractor) do you believe is most capable of
handling LANL's current (and diminishing) WFOs? I guess it
is very clear now that you don't work at LANL and you don't
work directly for DOE/NNSA. You also appear to have a fair
amount of knowledge of CI-type affairs. I'm guessing there
may also be some former military service in your background.
Am I close?

I see that the vultures are circling to pick at LANL's carcass.
But we aren't dead just yet, my friend. As you say, we still
have many fine scientists here at Los Alamos. Obviously from
your comments, you are not one of them.
 
Post a Comment

<< Home

This page is powered by Blogger. Isn't yours?