Feds Fight to Plug Security Holes

President Obama’s recent order of an immediate two-month review of the federal government’s cybersecurity plans apparently can’t come fast enough. The federal government, dogged by computer security issues over the years, was hit by two more incidents this week.

One occurred at the Federal Aviation Administration (FAA), where data of 49,000 people were stolen during a data breach. The other occurred at the Los Alamos National Laboratory (LANL) in New Mexico, which is undergoing a security shakeup following the discovery that a total of 90 computers were reported missing or stolen over the past year.

Experts have been calling for an overhaul of federal computer security practices.

The latest incidents, which occurred at organizations which should have had a higher level of security, make it look as if things have not improved over the past four years. In 2005 and 2006, the Department of Homeland Security suffered 844 security breaches, leading a House subcommittee to accuse DHS CIO Scott Charbo of not doing his job during a hearing in 2007.

In the FAA breach, which could impact 49,000 people, data was stolen from
48 files on one server, FAA spokesperson Laura Brown told InternetNews.com. Two of the files combined had data on 49,000 employees.

One had names and social security numbers of 45,000 employees who joined the FAA on or after February 1, 2006. The other had names and encrypted medical information of 4,000 employees in the FAA’s safety organization but did not contain any social security numbers, Brown said.

The remaining files have data that is either in the public domain or non-private data, Brown said. The FAA has notified those affected, and will offer them free credit monitoring. It is working with the FBI and the Department of Transportation’s inspector general to investigate the breach.

Brown said the FAA was alerted February 1 by the Department of Transportation’s cybersecurity monitoring system about the breach, and it took about a week to determine what data had been taken. Employees were notified a week later, this past Monday. No FAA operational systems appear to have been breached, Brown said. Since the breach occurred, the FAA has begun tightening up its security, Brown said.

Next page: Do you know where your computers are?

Page 2 of 2

Do you know where your computers are?

The problems at Los Alamos National Laboratory are more troubling because the lab, which bills itself as the premier national security science laboratory, deals with highly classified projects including safeguarding the U.S. nuclear deterrent and offering mission-critical support for NASA.

In January, three computers were stolen from the home of a LANL scientist in Santa Fe, New Mexico, earning the lab a rebuke from its client, the Department of Energy’s National Nuclear Security Administration (NNSA), according to the Web site of the Project on Government Oversight (POGO). POGO is an independent nonprofit that says its mission is to investigate and expose corruption and other misconduct in the federal government.

The NNSA letter, signed by contracting officer Robert Poole, said that, although LANL has improved the robustness of its cybersecurity implementation, the theft revealed concerns in various areas. It also said that LANL later reported that 13 computers had been lost or stolen in the past 12 months and 67 others were missing. “The magnitude of exposure and risk to the laboratory is at best unclear as little data on these losses has been collected or pursued given their treatment as property management issues as well.”

Poole directed LANL to treat any loss of computer equipment as a cybersecurity concern and to tighten security measures.

LANL spokesperson Jeff Berger told InternetNews.com the computers stolen from the scientist’s home in New Mexico did not contain classified data. Neither did the computers reported missing or stolen last year.

Another 11 computers, which could have gone missing or been stolen before 2008, were recovered last year, Berger said. Pointing out that LANL has accounted for 99.5 percent or more of its computers and computer related equipment, exceeding the 98.7 percent bar set by NNSA, Berger said the laboratory has tightened up its security measures since the theft.

“We’ve just initiated an inventory process calling in all computers,” he said. “We’re also reviewing policies that govern the home use of our computers.”

News Around the Web