ad info




CNN.com
 MAIN PAGE
 WORLD
 ASIANOW
 U.S.
 LOCAL
 POLITICS
 WEATHER
 BUSINESS
 SPORTS
 TECHNOLOGY
   computing
   personal technology
   space
 NATURE
 ENTERTAINMENT
 BOOKS
 TRAVEL
 FOOD
 HEALTH
 STYLE
 IN-DEPTH

 custom news
 Headline News brief
 daily almanac
 CNN networks
 CNN programs
 on-air transcripts
 news quiz

  CNN WEB SITES:
CNN Websites
 TIME INC. SITES:
 MORE SERVICES:
 video on demand
 video archive
 audio on demand
 news email services
 free email accounts
 desktop headlines
 pointcast
 pagenet

 DISCUSSION:
 message boards
 chat
 feedback

 SITE GUIDES:
 help
 contents
 search

 FASTER ACCESS:
 europe
 japan

 WEB SERVICES:
COMPUTING

Cyber-security holes persist at DOE labs, study finds

June 18, 1999
Web posted at: 2:39 p.m. EDT (1839 GMT)

by Daniel Verton

From...
Federal Computer Week
DOE

(IDG) -- Despite what may be the worst spy case in U.S. history involving nuclear weapon design data, the computer networks at the nation's five weapons laboratories continue to be "riddled with vulnerabilities," according to a report by a special investigative panel of intelligence and security officials.

According to the report, "Science at its Best, Security at its Worst," issued this month by the President's Foreign Intelligence Advisory Board, midlevel managers throughout the Energy Department have responded to the recent Chinese spy scandal with a "business as usual" attitude, while foreign nationals residing in "sensitive countries" continue to have unmonitored remote dial-up access to lab networks.

The three-month study uncovered recurring problems with DOE's computer security program, including poor labeling and tracking of computer media, problems with lax password enforcement on laboratory computer workstations and a significant failure to control access to sensitive and classified networks.
MORE COMPUTING INTELLIGENCE
IDG.net   IDG.net home page
  Federal Computer Week home page
  Federal Computer Week's Y2K resource page
  Year 2000 World
 Reviews & in-depth info at IDG.net
  IDG.net's personal news page
  IDG.net's products pages
  Questions about computers? Let IDG.net's editors help you
  Subscribe to IDG.net's free daily newsletters
  Search IDG.net in 12 languages
 News Radio
 * Fusion audio primers
 * Computerworld Minute
   

Computer security methods throughout DOE over the last two decades have been "naive at best and dangerously irresponsible at worst," the report said. In fact, "computer systems at some DOE facilities were so easy to access that even department analysts likened them to 'automatic teller machines,' [allowing] unauthorized withdrawals at our nation's expense," the report said.

Security audits also uncovered what the report calls "remarkable" lapses in addressing security problems and procedural gaps at many DOE labs. According to the report, it took DOE 31 months to write and approve a network security plan, 24 months to order security labels for mislabeled software, 20 months to ensure that improperly stored classified computer media had been safeguarded and 51 months to properly safeguard cryptographic material used to secure telephones. It even took 11 months to remove a deceased employee from classified document access lists, according to the report.

The report also outlined instances of classified information being placed on unclassified networks well after the department had developed a corrective action plan in July 1998. "The predominant attitude toward security and counterintelligence among many DOE and lab managers has ranged from half-hearted, grudging accommodation to smug disregard," the report concluded.


RELATED STORIES:
Richardson orders stand down to review security at nuclear labs
June 16, 1999
Feds batten down the online hatches
June 9, 1999
Looking for security's suite spot
June 7, 1999
DOE plans to unveil robot to help repair crumbling Chernobyl reactor
May 28, 1999

RELATED IDG.net STORIES:
Spies like us: The intelligence war moves online
(Industry Standard)
Is your boss spying on you?
(PC World)
Chief Ethics Officers take guesswork out of doing the right thing
(CIO)
U.S., Russia form Y2K nuke center
(FCW)
Commercial chips put nukes, satellites at risk
(FCW)
NASA, Energy help Ukraine avoid nuclear disaster
(FCW)
Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.

RELATED SITES:
U.S. Department of Energy
Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.
 LATEST HEADLINES:
SEARCH CNN.com
Enter keyword(s)   go    help

Back to the top   © 2001 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.