In Brief

Lost Disks at Los Alamos

Just when you thought the security situation at Los Alamos National Laboratory couldn't get any more confusing, it did.

By Tom Wailgum

October 01, 2004 — CSO — NATIONAL SECURITY Just when you thought the security situation at Los Alamos National Laboratory couldn't get any more confusing, it did. In July, two computer Zip disks ("controlled removable electronic media" or CREM in government parlance) were reported missing at the New Mexico facility. The lab, run by the University of California, works on national security issues such as research on nuclear weapons, terrorism and weapons of mass destruction. After Energy Secretary Spencer Abraham concluded that "Los Alamos lacks an effective system to ensure the proper accountability of so-called controlled removable electronic media," he suspended all classified work at the lab using CREM until the agency fixed the problems.

In August, while some operations remained down and an inventory of all classified assets was under way, it was reported that there was a possibility that the disks might never have existeda so-called inventory system failure. "What's disturbing is that they are saying they can't keep an accurate inventory of the disks, and they don't have control over their classified media," says Beth Daley, communications director for the Project on Government Oversight, which has pressed the DoE to change its security practices.

With pressure from lawmakers and interest groups, the energy agency has tried to address computer security concerns, promising to move workers to diskless workstations for classified computing functions such as weapons design. Abraham also has proposed physical security improvements at the lab, including keyless facility access and consolidation of nuclear materials. But those fixes appear to be years away.

As of late August, lab spokesman Kevin Roark says that all risk level one tasks (such as administrative tasks) have resumed. Risk level two (some classified computing) and risk level three activities (such as work with nuclear materials) are expected to resume this month. Roark says a program aims to eliminate most of the CREM devices and so far has cut 90,000 pieces down to about 20,000. He expects it to take three to four years and cost between $26 million and $30 million.

And the missing disks? Roark says the inquiries into lab security procedures are ongoing. "Once they have been validated, we will make the findings known."