National Nuclear Lab IT Systems at Risk

Confidential Information about the nation’s nuclear
stockpile could be at risk according to an audit of Lawrence
Livermore National Laboratory issued by the Department of Energy (DOE) earlier
this week.

The audit (.PDF) found the government-funded Bay Area-lab failed to effectively implement its security system. Three of four security plans reviewed were
incomplete and some system changes made within the lab were done without the consent of federal officials.

Confidential Information about the nation’s nuclear
stockpile could be at risk according to an audit of Lawrence
Livermore National Laboratory issued by the Department of Energy (DOE) earlier
this week.

The audit (.PDF) found the government-funded Bay Area-lab failed to effectively implement its security system. Three of four security plans reviewed were
incomplete and some system changes made within the lab were done without the consent of federal officials.

The audit, by the DOE’s deputy inspector general
for audits and inspections, found that the National Nuclear Security Administration’s (NNSA)
policies hadn’t been updated since 2008, leaving them outside of current
federal and DOE guidelines. The NNSA, which is charged with maintaining and securing the nation’s
nuclear stockpile, also failed to incorporate rules from the Committee on National Security Systems into its existing policy, complicating things further, according to Deputy Inspector General Rickey Hass.

If the weaknesses continue, Hass assessed
they could limit the lab’s ability to make risk-based decisions regarding its
national security systems.

In a response, officials with Livermore agreed with the audit’s findings
and reported they’re in the midst of reforming the lab’s policies to better
align with the NNSA’s. While agreeing with the findings, Livermore disagreed with
some of the audit’s recommendations, insisting they didn’t echo the lab’s overall risk management program.

The DOE’s findings at Livermore fall in line
with a recent report from the Center of Strategic and International Studies that claims securing critical
infrastructure has become an increasingly fickle process – especially in the face of new cyber war vectors like Stuxnet and Aurora.

Suggested articles

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.