Los Alamos breach caused by human error, says US gov't

Classified data on nukes was sent out over unsecured e-mail

A critical security breach that may have exposed nuclear secrets at the Los Alamos National Laboratory (LANL) in January was the result of human error and not a breakdown in security processes.

The "unintentional security incident" resulted in the transmission of sensitive information through an unsecured e-mail system, Samuel Bodman, secretary of the U.S. Department of Energy (DOE), said in a letter to Congress last Friday.

He was responding to an earlier letter by Rep. John Dingell (D-Mich.), chairman of the House Committee on Energy and Commerce. Dingell had sought an explanation from Bodman on why a subcommittee investigating an October 2006 security breach at LANL was not told about the January breach. Dingell's letter expressed concern over the failure of the National Nuclear Security Administration (NNSA) to notify the subcommittee of the incident -- even though the breach received the highest possible DOE severity rating.

The NNSA is a semiautonomous body within the DOE that's responsible for supervising the country's nuclear facilities.

In his letter, Bodman offered no explanation for the NNSA's failure to notify Dingell's subcommittee about the breach. But he said he had directed appropriate officials at the department and at NNSA to meet with Dingell and his staff to provide further details about the incident.

"While I cannot go into great detail here about the specific circumstances of the incident referenced in your letter, I can affirm that an individual did in fact unintentionally transmit sensitive information through an unsecured e-mail system," Bodman said in his letter. "The incident was immediately recognized and reported, fully investigated and the responsible officials have reported that appropriate measures have been taken to address the situation."

Though measures have been implemented at the facility to minimize such risks, such errors can occasionally happen, he said. "Therefore we have a robust system in place to report and investigate potential violations. In my opinion, this is a circumstance where those systems worked well."

The January breach was the latest in a series of security incidents disclosed by the lab over the past few years. In October 2006, three USB thumb drives supposedly containing nuclear data was found in a trailer belonging to a former subcontractor at the lab. Police discovered the drives while they were searching the trailer for drugs after initially responding to a domestic disturbance call. In 2004, two computer disks that were thought to have contained classified data were reported missing by the laboratory. Similar losses were reported in 2003 and in 2000.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

More about HIS

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jaikumar Vijayan

Latest Videos

More videos

Blog Posts