Congressman Edward Markey - December 6, 2006 - MARKEY CALLS ON DOE CHIEF TO PREVENT FUTURE NUCLEAR DATA BREACHES, ADDRESS CHRONIC SECURITY PROBLEMS AT LOS ALAMOS NUCLEAR LAB

December 6, 2006 - MARKEY CALLS ON DOE CHIEF TO PREVENT FUTURE NUCLEAR DATA BREACHES, ADDRESS CHRONIC SECURITY PROBLEMS AT LOS ALAMOS NUCLEAR LAB

WASHINGTON D.C. – Today, Rep. Edward J. Markey (D-MA), a senior member of the House Energy and Commerce Committee, sent a letter to Department of Energy Secretary Samuel Bodman asking him critical questions about a significant breach in the security of classified data at the Los Alamos National Laboratory (LANL) in New Mexico. Rep. Markey is seeking a full explanation for an incident that occurred in October in which a former LANL subcontractor’s home was involved in a drug raid that turned up highly sensitive nuclear data on removable electronic media.

Rep. Markey, a longtime critic of lax security at the Department of Energy’s (DOE) nuclear laboratories, highlighted the chronic security problems that have plagued the nation’s most sensitive nuclear research facilities including the repeated and broken promises by DOE officials to establish better security procedures at LANL and other U.S. nuclear labs.

“Security breaches at Los Alamos have always been met with shock, outrage and promises by Los Alamos and the Department of Energy to switch to technologies and processes that would prevent another loss of nuclear secrets. But the promises are never kept, and sensitive nuclear information is never secured. I’m looking forward to complete answers and serious action from Secretary Bodman regarding this latest nuclear data breach, including an assessment of the security damages and new measures to re-establish security for what should be our most closely-kept nuclear secrets,” Rep. Markey said.
Rep. Markey’s letter to Sec. Bodman is below:
December 5, 2006
The Honorable Samuel Bodman
Secretary, Department of Energy
1000 Independence Avenue S.W.
Washington, D.C., 20585
Dear Mr. Secretary:
            I am writing regarding the recent discovery of highly classified removable electronic media (CREM) in a former Los Alamos National Laboratory (LANL) contractor’s home during a drug bust. As you are well aware, the security of these materials has been highly problematic for many years. In response to press reports on this discovery, you recently stated that “unfortunately we cannot correct the errors of the past. But we will learn from this incident and we will do better.”   Unfortunately, despite your best personal intentions, I am concerned that the Department of Energy (DOE) has had many years and many opportunities to ‘correct the errors of the past,’ and has persistently failed to do so. As a result, I have serious reservations that the Department will take the necessary steps to do remedy persistent nuclear security problems at this facility.
            As you know, on October 17, CREM containing highly sensitive nuclear information was found during a drug bust at the home of Jessica Quintana, a former employee of a LANL subcontractor. The FBI and the DOE are reportedly continuing to investigate this matter. The DOE’s Inspector General (IG) concluded in a report released last week that “In a number of key areas, security policy was non-existent, applied inconsistently or not followed.” From my long experience as a Member of the Energy and Commerce Committee, which has oversight over the management of DOE, the IG’s conclusion represents only the latest instance of the Department’s failure to properly address security concerns associated with how classified material is treated.
After the Wen Ho Lee incident (in which Dr. Lee had reportedly taken classified materials home and had been accused of improperly copying them onto portable storage media), LANL announced new security measures for safeguarding them. In fact, on May 5, 1999, then-Los Alamos lab Director John Browne testified at a hearing of the Senate Energy and Natural Resources Committee (see http://www.lanl.gov/orgs/pa/News/BrowneTestimony050599.html). In his testimony, he stated that the lab was “modifying classified computer systems and procedures to prevent unauthorized or inadvertent transfer of information from classified computers to unclassified computers by the transfer of information by removable media (tapes, disks, etc).” On May 26, 1999, a DOE press release also announced that orders would be put into place to “prohibit individuals from downloading classified files to any removable media or printed matter without specific authorization.”
Subsequent events make it clear that these promised reform measures were never properly implemented:
·          In May 2000, when LANL was shut down due to the Cerro Grande fire, two hard drives containing classified material went missing from the lab. More than a month later, the lab finally reported the fact that they were missing to DOE, and in July, they were found behind a photocopier.
·          In January 2002, another hard drive containing sensitive information went missing within the lab, and was found later in the possession of an employee.
·          In April, 2003, the DOE IG issued a report that concluded that “We do not believe that Los Alamos can provide adequate assurance that classified, sensitive, or proprietary information is appropriately protected.”
·          On July 7, 2004, Los Alamos admitted that it had misplaced two classified computer drives. This and other computer-related security breaches led then-DOE Secretary Spencer Abraham to call for a complex-wide stand-down in the use of CREM in July. The resultant investigation concluded that the drives never actually existed.
Your predecessors appear to have been unsuccessful in correcting these types of security problems. In May, 2004, then-DOE Secretary Spencer Abraham announced a series of security improvements for the DOE complex. One of these included a plan to transition to a “disk-free computing environment” in order to ensure that it would no longer be possible to remove classified computer data from DOE facilities. Based on late-2004 conversations my staff had with officials at DOE who were responsible for implementing this directive, as well as with knowledgeable individuals outside the Department, DOE launched a complex-wide initiative during the spring or summer of 2004. According to these conversations, DOE first identified the types of technologies that would be needed to move to a diskless environment, verified that the technologies were commercially available, developed criteria for vendors that had such technologies, and planned to announce large procurements. In February 2005, LANL even announced that it was allocating $20 million for the procurement of such technologies. However, it is my understanding that at around the same time that then-Deputy Secretary Kyle McSlarrow (who had been charged with leading this and other security initiatives) left the Department in early 2005, these efforts essentially stopped.
It is clear that despite almost a decade of repeated warnings and problems regarding the security associated with classified materials, the Department has failed time and time again to actually do anything about it.   While I appreciate your stated commitment to addressing these problems, it appears that there are significant institutional barriers within the Department and at the Laboratories that have prevented real reforms from moving forward. In order to better understand what management measures the Department plans to put in place to address security problems at the national laboratories, I ask for your prompt responses to the following questions:
1)      According to press reports on this most recent incident, LANL Director Michael Anastasio has announced that one of the security steps taken in response is to bar portable electronic storage devices in classified computing areas. Yet in 1999, then-LANL director John Browne announced that technology and systems at LANL were in the process of being modified so that it would be impossible to place classified information on portable storage devices, and several DOE announcements have said essentially the same thing.
a.       Was the 1999 announcement simply never implemented, and if not, why not?
b.       If the 1999 announcement was implemented, than how exactly did classified material get placed on removable media in this instance?
c.       Who at DOE and LANL was personally responsible for ensuring that technology and systems at LANL and other DOE-funded national laboratories were modified so that it would be impossible to place classified information on portable storage devices?    What performance evaluations did these individuals receive during the periods when they had responsibility for implementing this reform?
d.       How will you prevent whatever went wrong in this instance from going wrong in the future?
2)      Why did the Department stop its efforts to move to a diskless media environment after announcing it would do so in 2004? Please provide copies of all memos, emails, phone logs or other correspondence related to the decision not to proceed with its complex-wide procurement initiative.
3)      In light of the latest incident at LANL, does DOE plan to revive its plans to move to a diskless media environment? If not, why not? If so, please provide a detailed timeline that includes all projected milestones and costs associated with the initiative.
4)      I have several questions related to the latest security incident at LANL:
a)      At the time the classified materials were discovered during the drug bust, were there still active USB ports on computers used to store classified materials at a) LANL and b) other DOE sites? If so, why, given the long history of security problems and announcements claiming the problems would be solved? If not, then how did the materials end up on portable storage devices?
b)      Are there still active USB ports on computers used to store classified materials at a) LANL and b) other DOE sites now? If so, why?
c)       Are all employees leaving LANL required to be subjected to security checks to ensure that they are not leaving with classified materials? If not, why not? If so, then how did Ms Quintana manage to leave the facility with classified materials?
d)      It is my understanding that Ms Quintana was always supposed to be supervised as she worked as an archivist at LANL. Was she always supervised? If not, why not? If so, then how did she manage to copy and/or remove the classified materials from the lab?
5)      Has the Department fined the operators of LANL for its apparent security failures in this instance? If so, how much was the fine? If not, why not?
Thank you very much for your attention to this important matter. Please provide your response no later than Friday January 5, 2007, and please ensure that the response consists of unclassified, publicly releasable information (with a classified annex if necessary).

For more on Rep. Markey’s homeland security work, please go to: http://markey.house.gov.

###

FOR IMMEDIATE RELEASE
December 6, 2006

CONTACT: Israel Klein
202.225.2836