Two national laboratories that house the nation's top-secret nuclear and weapons programs remain vulnerable to security breaches, especially cyberattacks, according to a former FBI agent and the Government Accountability Office.
Infighting and budget cuts to cybersecurity programs could lead to "catastrophic consequences," a former chief of security for the Lawrence Livermore Nuclear Weapons Laboratory in California said in a letter to the House Energy and Commerce Committee. "The vulnerability of DOE personnel and facilities to hostile intelligence entities has increased exponentially," wrote Terry Turchie, a former deputy assistant director of the FBI's counterterrorism division.
The letter was released yesterday before an Oversight and Investigations Subcommittee hearing, where the director of GAO's information security issues said the Energy Department and Los Alamos National Laboratory in New Mexico also could not come to an agreement on sufficient funding for cybersecurity for the laboratories' unclassified systems, leaving it with inadequate security measures.
The system is vulnerable to attack in several areas, including identifying and authenticating users of the unclassified network, encrypting sensitive information, monitoring compliance and restricting access to computing resources, GAO's Gregory Wilshusen said.
The National Nuclear Security Administration said the laboratory did not give sufficient evidence or proper planning to support the requested funding, according to GAO's written statement.
Chairman Bart Stupak (D-Mich.) said the threat of cyberattack is a problem for all the laboratories, and he said he is not "real confident" the labs have the ability to respond and keep track of the more than 400 million cyber attacks a month. Stupak said he is particularly concerned about attacks or stolen information, with security personnel unaware that it is occuring.
Witnesses from the labs said they are working together to boost cybersecurity but admitted there was likely action they were not aware of.
Rep. John Dingell (D-Mich.), chairman of the full committee, noted this was hearing No. 14 for the committee on lab security in eight years but security at the labs, particularly Los Alamos, has made only small improvements. He said it is unclear that the improvements would be sustainable.
"While GAO found a number of ongoing concerns at Los Alamos National Laboratory in New Mexico that deserve our attention, they also found evidence of some improvement -- enough to make me cautiously optimistic that lab security is in some ways improving," Dingell said in a statement. "This improvement must be tempered by GAO's warning that security at DOE labs appears cyclical, and it is not clear how Los Alamos intends to ensure these problems will not reoccur."
On the other hand, Dingell said, GAO's evaluation of security at Lawrence Livermore was "shocking and so serious" that the problems had to be discussed in a private briefing.
Among the biggest issues at Lawrence Livermore is inadequate oversight and testing of security requirements by both the laboratory management and from the Energy Department, GAO said. The NNSA gave Lawrence Livermore the highest marks for security just six months before a follow up assessment by DOE's Office of Independent Oversight found significant security vulnerabilities.