From: NTI.org
By Chris Schneidmiller
WASHINGTON – A leading U.S. nuclear arms site has taken significant steps in recent years to defend against strikes on its computer systems, but key weaknesses remain to be fixed, the Energy Department’s inspector general said this week.
The Los Alamos National Laboratory in New Mexico uses a host of information systems and networks to carry out its duties, which include research and production programs in support of maintaining the nation’s nuclear arsenal, Inspector General Gregory Friedman said in a memorandum attached to a cybersecurity report.
“The vulnerabilities in the report do cover national security systems (systems which process classified data),” Felicia Jones, spokeswoman for the DOE Inspector General’s Office, told Global Security Newswire by e-mail. “We cannot comment on whether or not these systems pertained to the lab’s nuclear arms work.”
Friedman’s office in previous audits has found vulnerabilities in Los Alamos’ defenses against computer-based assaults, such as insufficient monitoring at the laboratory and federal levels and key protections that did not work correctly.
“LANL has taken steps to address concerns regarding its cybersecurity program raised in prior evaluations,” Friedman stated. “Our current review, however, identified continuing concerns related to LANL’s implementation of risk management, system security testing and vulnerability management practices.”
Troubles persist in the absence of “effective monitoring and oversight’ of defense operations by the on-site office that oversees Los Alamos for the Energy Department’s National Nuclear Security Administration, according to Friedman. In some cases, the Los Alamos Site Office signed off on “practices that were less rigorous than those required by federal directives.”
Friedman warned that additional adjustments must be made to reduce the threat of breaches to the laboratory’s computer systems.
Among the issues identified in the latest report:
— The laboratory has failed to consistently prepare and employ adequate risk management systems, including insufficiently detailed analyses of threats to its computer operations.
— Los Alamos personnel have not consistently found effective responses to particularly worrisome weaknesses. Checks by auditors identified five “critical” and 15 “high-risk” weaknesses on four systems that feature national security data.
— Computer network servers and systems featured “easily guessed log-in credentials or required no authentication. For example, 15 web applications and five servers were configured with default or blank passwords.”
The Energy Department has been subject to a massive increase in cyberstrikes in recent years, including system breaches and malware infections, the inspector general said in a late 2012 report. The public website for the NNSA Y-12 National Security Complex had to be taken down temporarily after one 2011 attack.
Los Alamos has faced a number of security and safety setbacks in recent years, most recently faulty defense technology in the area that houses production of plutonium cores for nuclear weapons.
Read Complete Article
Leave a Reply