The Project On Government Oversight has obtained an internal memo in which the government overseer of the Los Alamos National Laboratory (LANL) rebuked the Lab for its handling of the January theft of three computers from the home of a Lab employee.
"This DOE memo shows that the Lab admits that 67 computers are currently 'missing', and that 13 have been lost or stolen in the past year alone," says Danielle Brian, Executive Director of POGO. "It is troubling that the contractor only informed the government of this during investigations into the most recent thefts."
Additionally, the Los Alamos Site Office (LASO) expressed frustration with LANL's decision to treat the lost computers merely as a property management issue, and not as a potential lapse in cyber security.
Further, according to the DOE memo, when LANL did recognize the potential cyber security risks of the stolen computers, in its communications with LASO it used "vague terminology" and "made assertions that suggested significant weaknesses in individual controls…etc."
The magnitude of the security risk that the missing computers pose to LANL is unknown to DOE at this point. POGO is also concerned that the memo does not mention a LANL BlackBerry that was recently lost in a "sensitive foreign country."
"It's great to see that the federal overseer is more aggressively pursuing its oversight role," says Peter Stockton, POGO Senior Investigator. "But, the true test of how rigorous the government will be in holding the Lab to high security standards will be whether LASO significantly cuts LANL's contract performance fees for FY09."
LANL was awarded the full available amounts for security in the FY08 Performance Evaluation Plan, which Jay Coghlan, Executive Director of Nuclear Watch New Mexico, points out "just doesn't seem right."