Blackhacker

First …

Fresh Security Breaches at Los Alamos - Newsweek National News - MSNBC.com
In late May, a Los Alamos staffer took his lab laptop with him on vacation to Ireland. A senior nuclear official familiar with the inner workings of Los Alamos—who would not be named talking about internal matters—says the laptop’s hard drive contained “government documents of a sensitive nature.” The laptop was also fitted with an encryption card advanced enough that its export is government-controlled. In Ireland, the laptop was stolen from the vacationer’s hotel room. It has not been recovered.

And then…

Then, 10 days ago, a Los Alamos scientist fired off an e-mail to colleagues at the Nevada nuclear test site. The scientist works in Los Alamos’s P Division, which does experimental physics related to weapons design, a lab source says. The material he e-mailed was “highly classified,” the same source says. But he sent his e-mail over the open Internet, rather than through the secure defense network.

How can one of the most important and sensitive military research facilities have no clue about data security? Reporting about Los Alamos security breaches, is almost not news anymore. I mean did we become the most powerful nation on Earth by accident? Are we really THIS stupid?

SIMPLE things could have stopped these breaches. Policies that once implemented would have required no thought by the participants.

1. ALL EMAIL SHOULD BE ENCRYPTED
   Why this has not been adopted at east as a defense industry standard is beyond me. There must be several COTS solutions that could be used if they don;t want to use OSS, which is also available. This is important because even if sensitive email, is sent over the internet, it can not be read except by the intended recipients.
2. DON’T TAKE WORK DATA HOME
   15 or maybe even 10 you might have had to have that data physically on you PC if it was large, and if you r deadline was tight enough that might require you to take it home for you take it home. (AFAIK there are laws , and rules about where you can store classified information. Even if the laptop was cleared for such use, his home and car must also be cleared for such use if he is going to leave it unattended for any length of time) But that is no longer necessary. High speed networks and encryption technology has made working from home easy and secure, without actually having the data on your local machine.