GAO: Los Alamos National Lab's cybersecurity lacking

13.11.2009
Cybersecurity efforts to protect a leading U.S. nuclear laboratory's classified computer network remain lacking even after a series of security lapses, according to a new report from the U.S. Government Accountability Office.

The Los Alamos National Laboratory, which has suffered multiple security breaches in recent years, continues to have "significant weaknesses ... in protecting the confidentiality, integrity, and availability of information stored on and transmitted over its classified computer network," the GAO said in a report released Friday.

The lab has vulnerabilities in several "critical" areas, including identifying and authenticating users, authorizing user access, encrypting classified information and maintaining secure software configurations, the said.

"A key reason for the information security weaknesses GAO identified was that the laboratory had not fully implemented an information security program to ensure that controls were effectively established and maintained," the report said.

The lab has not conducted comprehensive risk assessments to ensure against unauthorized use, has not marked the classification level of information stored on its classified network, and has inadequate training for users with security responsibilities, the GAO report said.

In January, there were reports of the theft of three computers from a lab employee's home in Santa Fe, New Mexico. Later reports said as many as 67 computers were missing from the lab.