By ROGER SNODGRASS
Monitor Assistant Editor
June 17, 2007
Reports of a major breach of security involving the board of directors
of the corporation managing Los Alamos National Laboratory came to light
The chairman of the House Energy and Commerce Committee that oversees
the nuclear complex wrote to Energy Secretary Samuel Bodman citing
information obtained by committee staff from sources outside the
The letter expressed concern that information about the breach, reported
on Jan. 19, 2007, was withheld from the committee, despite two
subcommittee hearings that were held in the meantime for the express
purpose of investigating security practices at LANL.
Largely because of a series of security problems in the past, the
contracts for LANL and its sister laboratory Lawrence Livermore National
Laboratory were put out to bid. LANL's contract was awarded to Los
Alamos National Security, (LANS), LLC, and they assumed responsibility
on June 1, 2006.
"Apparently, open e-mail networks were used by several LANS officials to
share classified information relating to the characteristics of nuclear
material in nuclear weapons," wrote committee chair John Dingle,
D-Mich., to Bodman, in a letter detailing what the committee knows now.
An article in Time magazine, first to publish the story on Thursday,
said the highly sensitive message at issue came from the laptop computer
of Harold P. Smith, a LANS consultant. The article said at least five
LANS board members received the e-mail.
The reported breach was rated as an Impact Measurement Index 1 (IMI-1)
security incident, a reportable incident which "poses the most serious
threats to national security interests and/or critical DOE assets or
creates serious security situations."
According to DOE guidelines, IMI-1 is "the most serious of the four
categories of security incidents, established by DOE's Safeguards and
Security Program Planning and Management manual dated Aug. 26, 2005."
It is characterized by "actions, inactions, or events that pose the most
serious threats to national security interests and/or critical DOE
assets, create serious security situations, or could result in deaths in
the workforce or general public."
For comparison, IMI-2 involves those incidents "that potentially create
According to Dingell's letter, a University of California official
notified the National Nuclear Security Administration about the breach
on Jan. 19. NNSA is the agency that supervises the nuclear complex for
DOE. NNSA deployed a team from Lawrence Livermore National Laboratory to
"identify, recover and sanitize the computer laptops and hardware
involved in the incident," Dingell wrote.
LANS also began an investigation, completing a report conducted by LANL
employees on May 18.
LANL and NNSA have both declined comment on the issue, citing federal
"For reasons of national security and consistent with federal law and
the Laboratory's own longstanding policy, Los Alamos National Security,
LLC, will not discuss the details of any purported security violation of
vulnerability, regardless of whether it exists," stated Jeff Berger,
director of the LANL Communications Office in a prepared statement
Bryan Wilkes, spokesperson for NNSA, in a prepared message Thursday,
said much the same thing, adding that NNSA holds "our sites to very high
levels of accountability when it comes to security."
He stated, "If procedures are found to have been violated, then
appropriate actions are taken."
Peter Stockton, chief investigator for the Project on Government
Oversight said he was concerned that NNSA had allowed LANL to
investigate its own incident.
"The first guy to the document and the witnesses can steer the
investigation," he said. "They should have had federal guys out there to
do that, whether it's the FBI or capable people from the Inspector
POGO has specialized in safety and security incidents in the weapons
complex and executive director Danielle Brian testified during the
hearing on Jan. 30.
Dingell's letter to Bodman requested answers to questions and additional
documents, including a briefing and access to the investigation inquiry
and an unclassified version of the report for the committee.
Additionally, Bodman was asked to explain NNSA failure to notify the
committee, and to emphasize the point, requested a list and summary
descriptions of all reportable security incidents at LANL since June 30,
At the time the e-mail incident was being reported to NNSA, the House
was preparing to hold the first of two investigative hearings they
conducted into security problems at LANL earlier this year. The first
one on Jan. 30 focused on classified material found in a Los Alamos
mobile home during a drug investigation.
Thursday's article in Time magazine erroneously reported that "police
stumbled on 1,500 highly classified nuclear weapons designs stashed in a
trailer park near the lab..."
In fact, the police found computer storage devices known as jump drives
and pages of classified documents.
Thomas D'Agostino, who was named acting NNSA administrator on Jan. 20,
the day after the undisclosed breech occurred, was nominated to become
deputy administrator and administrator of NNSA on May 17, the day before
a report was completed on the LANS e-mail violation.
In the acting capacity, D'Agostino replaced former administrator Linton
Brooks, whose resignation was linked to the previous breach of security.
The New Mexico Congressional delegation expressed concerns about the new
Sen. Pete Domenici, R-N.M., referring to the Time article said he was
once again "troubled and disappointed."
He cautioned those who might try to use it "as another excuse to punish
the entire laboratory," but he traced the root of a particular
shortcoming by which sensitive material is still technically able to
migrate to unclassified computers.
Sen. Jeff Bingaman, D-N.M., said in his statement, "I am deeply
disturbed that it happened even after extensive security measures were
to have been put in place at the laboratory, and that I would have to
learn about it from a news account."
"I have no doubt the LANL community is as tired and frustrated with
these repeated incidents as I am," said Rep. Tom Udall, D-N.M. in a
statement on LANL security.
He continued, "Enough is enough, and for the sake of the lab's future,
those who are responsible must be held accountable to put an end to this
broken record of breaches."
Attend Black Hat USA, July 28-August 2 in Las Vegas,
the world's premier technical event for ICT security
experts. Featuring 30 hands-on training courses and
90 Briefings presentations with lots of new content
and new tools. Network with 4,000 delegates from
70 nations. Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on
June 1 so register today. http://www.blackhat.com