Wednesday, June 14, 2006
LANL-ALL2001: Message from NNSA Director Brooks regarding cyber security breach
Sent: Wednesday, June 14, 2006 2:07 PM
To: LANL-ALL@lanl.gov
Subject: LANL-ALL2001: Message from NNSA Director Brooks regarding cyber security breach
Please note the following message from National Nuclear Security Administration Director Linton Brooks to all NNSA employees and contractors:
As most of you knowŠan attack on an unclassified NNSA system resulted in personal information on approximately 1,502 NNSA federal and contractor employees being unlawfully obtained. About 75 of the affected individuals are federal employees. Most others work at the production plants, the Nevada Test Site, or the national laboratories. Some are retired. The data was in a list that included names, social security numbers, level of security clearance, when that clearance was last updated, and a code identifying the company (but not the geographic location) where the affected individuals worked. Neither dates of birth, nor addresses, nor other personal information were included in the compromised information. Still, this is a very serious event.
Starting last Friday evening, and continuing nearly around the clock all weekend, senior NNSA managers began contacting by phone each employee whose personal information was compromised in order to provide them with information about protecting themselves from such dangers as identity theft. About 80 percent of the affected employees were contacted by last night. We are continuing to try to reach the remaining employees until we have personally contacted everyone. In addition to these phone calls, I sent letters first thing Monday morning directly to the federal employees and to the managers of the contractor employees who were affected. The contractor managers were asked to provide the information to their employees (we don't have mailing addresses for most contractor employees). I have also instructed the NNSA Site Managers to follow up and ensure that the contractors promptly provide the information to the employees.
I suspect that most of you who were involved (and many who weren't) are upset and angry, both over the incident and over the fact that I was aware of it for several months before I told you about it. You have a right to be. With regard to the attack itself, because the criminal investigation is still ongoing, I cannot provide you any details. I am convinced that no NNSA employee could have prevented this attack. Due to the nature and sensitivity of our work, NNSA is a frequent target for sophisticated hackers. Every day there are thousands upon thousands of attempts to gain unauthorized access to our computer systems. And every day, such efforts are thwarted by the safeguards built into these systems and by the expertise of the hundreds of cyber security experts across the NNSA and DOE complex. These experts go to extraordinary lengths to protect our data. They do an incredible job.
Even with this strong cyber security effort, the fact that we lost data testifies to the sophistication of the attack.
The delay in informing you, however, could have been prevented. Quite simply, we screwed up. Given the involvement of other federal agencies that investigate such breaches, when attacks occur, we are not always at liberty to immediately notify people. Sometimes we need to delay while investigators try to identify the hacker(s) and determine the level of compromise, etc. Thus, some short delay would be understandable. Most of the delay, however, was preventable and unnecessary. I am still trying to sort out exactly what happened, but it is clear that a number of people, including me, failed in their responsibilities to keep you informed.
All of you deserved better. I am working to fix our procedures so that such an inadvertent delay cannot happen again. I will keep all of you posted on this matter as progress is made, with particular attention given to those of you directly affected. In the meantime, I apologize for our failure.
Linton
-- Communications Office
Los Alamos National Laboratory
P.O. Box 1663, Mail Stop C177
THIS IS A NOTIFICATION SYSTEM ONLY. PLEASE DO NOT RESPOND TO THIS MESSAGE. THANK YOU!
Bullshit.
# posted by DOE Guy : 6/14/2006 04:52:07 PM
If NNSA had no way to prevent the attack, they have no business handling sensitive data.
--Doug
# posted by Doug Roberts : 6/14/2006 07:21:30 PM
We design nuclear weapons. Can anyone quote me what the design criteria is for accidental nuclear detonation? Hint: it is not zero. By Doug's logic, we should not be handling the stuff (which a number of people, of course, would happily agree with). I am not defending what happened; merely pointing out that there are no perfect systems.
Arcs_n_Sparks
Inadvertent delay? What a crock! The problem isn't procedures, or policy, or training or inadvertent delays. The problem is trying to cover up problem by not reporting them. The problem goes much deeper though, because when the little fish does the very same thing he gets sliced, diced and canned. When the big fish does it, he just swims away to spawn another mess. "I screwed up." Is that supposed to impress, to suggest some semblance of leadership? ...by accepting responsibility (sort of, perhaps, kind of, maybe?) How about "I got caught trying to cover up, so I resign?" Yes, now that would be the honorable thing to do, wouldn't it? Did UC President Bob Dynes do this? Did the UC Regents ask him to do this? Did Nanos do this? Did Bob Dynes ask him to do this? No? Is anybody in leadership these days even capable of accept responsibility, much less acknowledging the messes they make? Well certainly not without a golden parachute attached! The rest of us can just keep on fanaticizing about justice, honor, fair play, leadership and integrity. Nice concepts, but apparently too difficult to put into practice once you become a God.
Subscribe to Post Comments [Atom]
<< Home
Subscribe to Posts [Atom]
