Report: DOE lax on spies

Featured eBooks
Health Tech
Read Now

Next-Generation Computing

Read Now

Space Tech

Read Now
Insights & Reports
Cyber-Informed Engineering for OT Security and AVEVA PI Users
Presented By Carahsoft
Download Now
Revolutionizing Workforce Management for Federal Employees
Presented By Ultimate Kronos Group
Download Now
By Dan Verton

By Dan Verton

|

The Energy Department's counterintelligence training and awareness program has 'failed dismally,' a study by an independent panel of security experts concluded, characterizing cyber-based counter-intelligence as DOE's biggest challenge.

The Energy Department's counterintelligence training and awareness program

has "failed dismally," a study by an independent panel of security experts

concluded, characterizing cyber-based counter- intelligence as DOE's biggest

challenge.

The "Report of the Redmond Panel," led by counterintelligence expert

Paul Redmond and delivered to Congress on June 21, studied DOE efforts to

weed out spies and security leaks at the nation's weapons laboratories.

The House Permanent Select Committee on Intelligence established the bipartisan

team of investigators to examine the progress of security reforms throughout

DOE in the wake of last year's Cox Committee report on Chinese nuclear espionage.

"There has been no discernible, effective effort from DOE headquarters

to establish and support an effective counterintelligence training and awareness

program," the report stated. It called DOE's annual security refresher programs

"perfunctory" and said that "sample training materials were bureaucratic,

boring, turgid and completely inefficient."

However, the most pressing challenge facing the labs is cyber counterintelligence,

according to the report. "The magnitude of the problem and the complexities

of the issues are daunting," it stated.

DOE has thousands of systems administrators who have "very wide access,"

and tens of thousands of e-mail messages are sent to external addresses

each day, the panel found.

DOE has taken measures to beef up its cybersecurity, such as keyword

searches on outgoing e-mail messages and a pilot program to enhance intrusion

detection, but some efforts are meeting resistance from employees, the report

stated. For example, DOE and lab personnel have complained about "excessive

reporting burdens" as part of a comprehensive intrusion-incident reporting

system.

DOE also recently hired a dozen retired FBI and CIA agents and military

intelligence officers to help inspect DOE's counterintelligence programs.

However, results won't be seen soon, the report concluded. "In spite of

progress in some areas, statements from DOE headquarters to the effect that

all is now well are nonsense," it stated. "Problems and deficiencies caused

by decades of nonfeasance and neglect cannot be fixed overnight."

NEXT STORY: Security limits Linux in government