Taming the wild west

Energy poised to rein in data losses at its labs, but institutional demons remain

Energy Department officials have some familiar hurdles to clear before they can stop incidents of data mishandling at one of the agency's most prominent weapons research labs.

Recent security lapses at DOE's Los Alamos National Laboratory have caused officials to refocus their attention on security reforms that Energy Secretary Spencer Abraham proposed in May. Abraham called for replacing computers in all DOE labs with secure diskless workstations within five years.

His plan is similar to one that security experts proposed four years ago, but it was never carried out. Abraham said he wants to prevent insiders from leaving the laboratory carrying classified electronic data.

When two pieces of classified media were discovered missing at Los Alamos in July -- this following a similar security lapse in May -- some experts questioned whether DOE officials could afford to wait five years to install more secure workstations. Others wondered whether five years would be enough time for such a radical transformation.

Officials announced that the items of classified removable electronic media were missing July 9. They had recently reduced the lab's inventory of recordable media by 50,000 units, or 60 percent, from inventory levels last December, Los Alamos officials said. The reduction effort is a separate initiative at the lab.

With DOE's history of security problems, many observers are skeptical that Abraham's proposal can succeed. His plan faces profound cultural obstacles and technical uncertainties, said Peter Stockton, former special assistant to Abraham's predecessor, Bill Richardson. A former lead

investigator for the House Energy and Commerce Committee, Stockton is now senior investigator at the Project on Government Oversight, a watchdog group.

Converting to disk-free workstations would not solve all of the security problems at Los Alamos. Last month, lab officials confirmed that for several months some employees had been using unclassified computers to send e-mail messages that contained classified information. Stockton said disciplining individuals who e-mail sensitive information may be the only way to prevent such security breaches from continuing.

He also said that congressional oversight of the security of DOE's nuclear material and classified information is weak because lawmakers suffer from "intellectual insecurity." This perception empowers employees who resist reform, he said.

But other signs indicate that the department's leaders are ready to get tough. Last month, Los Alamos Director G. Peter Nanos sent a memo to lab employees threatening to fire them if they continue their "willful flouting of the rules."

The latest lapses could be just the incentive agency employees need, said Steven Aftergood, senior research analyst at the Federation of American Scientists. He said agency employees would probably work diligently to implement the reforms. "My impression is that by now, everyone is mortified by the current situation," he said.

Aftergood also predicted a "wholesale slaughter of the bureaucracy" if the lapses continue, adding that "everyone has run out of patience for the kinds of security failures that have happened yet again."

Stockton, however, is not optimistic about change. Depending on the outcome of the presidential election, Abraham may have either five more months or four more years in his post. This uncertainty is what many laboratory employees are banking on, according to Stockton.

Regardless of how a potential leadership shuffle would affect security reforms, moving to diskless workstations would dramatically change the way the lab's scientists do their work. Stockton and others said they fear a pushback from longtime employees, whom they characterize as foot-draggers.

"Believe me, [employees] would rather just do science than [do] security for the science," said Ronald Timm, president and chief executive officer of RETA Security Inc., a company that has performed security work for the Energy and Defense departments. Timm, who worked at DOE's Argonne National Laboratory for 15 years, said secretaries and top agency officials who are political appointees rarely strong-arm laboratory managers and employees.

But a Los Alamos spokesman said it's a whole new ballgame now. Jim Danneskiold, a Los Alamos spokesman, said DOE leaders are committed to securing the labs. As for employees hampering security efforts once again, he said that's not going to happen.

Danneskiold said some groups within the lab have already switched to workstations that only have a keyboard, video display and a mouse. Group members rely on secure servers to store all classified data.

Converting to a media-less computing environment laboratorywide and requiring biometric identifiers to gain access to lab facilities should be among department officials' top priorities, Timm said. Still, he and others have doubts that such changes can be made quickly.

Energy analysts must more thoroughly explain their security plan and collaborate with the research community so that engineers can envision what the concept would entail from an engineering standpoint, said David Daoud, a research manager at IDC. Ten years -- rather than five -- may be required to realize the information-safeguarding elements of Abraham's plan, Daoud said.

The amount of effort and time needed to implement reforms is widely debated. But everyone seems to agree that the results will be worthwhile.

"It's clearly the way to go," Aftergood said. "If this policy had been in place awhile ago, [Los Alamos] would not now be suffering through its latest convulsion over security."

The intelligence community went through a similar transformation in the 1990s, following the Aldrich Ames spy scandal, by eliminating removable media on classified networks and converting to disk-free workstations.

DOE labs could achieve the same transformation, Aftergood said. "I can understand that it would be expensive to either replace the systems or retrofit them, but it's not a five-year job," he said. "Under the current circumstances, what with the latest scandal, that may simply be too long.

Congress and others may insist that it be done more expeditiously."

Other DOE labs, however, have already moved toward disk-free computing. Scientists at those labs use specialized software that allows PCs to run as diskless workstations.

Researchers at Oak Ridge National Laboratory's Y-12 nuclear weapons plant, for example, use software called BXP/Secure from Venturcom Inc. One workstation license costs between $200 and $600, depending on the level of security required, said Brian Carter, a company spokesman.

The computer industry has made significant progress in disk-free computing and keyless security, which means that DOE officials have many choices, Daoud said. Still, converting to diskless computing will be challenging.

Many products are available that can limit end users' access to hard drives, but the setup can be time-consuming. "It is a process that takes time, but is feasible and well worth the benefits," said Katie Fitzgerald, a spokeswoman for Hewlett-Packard Co.

Computer companies still rely on traditional devices such as hard drives for storing information. "These central storage and processing units can be secured by their owners, but they do rely on the existing storage technology, which does not constitute a disk-free computer environment," IDC's Daoud said. In the new computing environment, he said, "end users will have access to applications and data remotely via a client that acts as an input device only."

Planning for disk-free computing goes back several years. In a 2000 memo, then-special assistant Stockton wrote to then-Secretary Richardson that officials at DOE's National Nuclear Security Administration (NNSA) shelved a security strategy, which included media-less systems, for fear the reforms would hurt morale.

The memo also states that NNSA officials offered a lockbox solution, that had more functionality for users, despite its security shortcomings. They then proposed an untested version of technology that was "again based on the wants of the scientists rather than the real security needs of the system," according to Stockton's memo.

Testifying last month before the committee's Energy and Air Quality Subcommittee, NNSA Administrator Linton Brooks said that "with virtually tens of thousands of [removable media], it's hard to enforce the kind of item-by-item control that you clearly need."

The labs will always have a need for some removable media, Brooks said. The goal is to reduce them to a manageable quantity.

***

Energy Department Secretary Spencer Abraham has introduced proposals to prevent security breaches. They resemble the DOE proposals made in 2000 and include:

Disk-free computing -- Eliminating disk drives from computer workstations would prevent insiders from copying and carrying classified data out of secure buildings.

Keyless security -- Possibly adding biometric identifiers to building access cards would ensure that lost or stolen key cards cannot be used for unauthorized entry.

Cybersecurity communication and awareness -- Setting up a system to communicate cyberthreats, enhance detection systems and improve cybersecurity training would increase awareness.

Cybersecurity policies -- Creating policies and procedures would protect DOE systems from Internet-based threats.

Vulnerability testing -- Expanding security tests to include unannounced scanning and penetration testing of some information systems and having special DOE teams pose as hackers to launch surprise attacks would identify weaknesses before others exploit them.

Source: Energy Department