Cybersecurity holes exposed in Los Alamos nuke lab

Back to the article

Anonymous Coward

LANL's U-571 re-write #

Posted Monday 29th September 2008 20:20 GMT

'The United States knew little about the German atomic program, but the specter of a nuclear-equipped Hitler could not be ignored. As American soldiers trudged through the deserts of North Africa, braved the Normandy beaches [and bled for every yard of distant Iwo Jima and Okinawa], American scientists raced to unlock the power of the atom.'

The UK, French, Danish and umpteen other countires spies/scientists/soldiers obviously played peepo/just made the coffee/marched for the fun of it. [ ..] excepted.

Anonymous Coward

Um .... #

Posted Monday 29th September 2008 20:20 GMT

"The Los Alamos National Laboratory - easily the world's most sensitive and sophisticated research institution"

Uh ... ever heard of CERN? You know, out there in the world outside the Americas?

Rich

Surely ground zero was some distance away #

Posted Monday 29th September 2008 20:56 GMT

At Trinity Site, Alamogordo.

When you've built an atom bomb you think might work, firing it off in the middle of your lab could be considered a mistake.

Frumious Bandersnatch

cyber-this and cyber-that #

Posted Monday 29th September 2008 20:56 GMT

Why can't those numpties just use proper words? Pffft!

Low pay scales to blame? #

Posted Monday 29th September 2008 23:52 GMT

If it's so important that LANL networks be as secure as humanly possible, let me ask: are they paying top dollar and making sure (in part thereby) that they've got the best admins on staff that money can buy?

Or are the admins responsible for IT security being paid per usual GS scales: not a great deal, certainly not what the market will pay, if they're like they used to be.

Today's boring platitude: "you get what you pay for."

Chris G

Security in Government #

Posted Tuesday 30th September 2008 09:21 GMT

It seems that physical security in gov' departments is either nazis strutting around loaded down with ordinance or lardy arsed desk pilots who are there just for the job security( excuse the pun). In the case of `Cyber´security it is more likely to be the case that managers in many gov' departments have little knowledge or interest in the subject and so have no idea whether the IT security guy they are hiring is competent and doing his job or not. This is further complicated by poor remuneration in gov' IT . It's the same old thing time and again, lack of money and/or lack of professional HR managers and a lot of people who are in security jobs don't really know what they are doing.

Francis Vaughan

@Um... #

Posted Tuesday 30th September 2008 09:26 GMT

Actually I think I would agree that LANL deserves the adjectives. It has an annual budget of about $2G, and its primary job is the maintenance of the US nuclear arsenal. CERN and the LHC is pretty impressive, but the sad reality is that military and black projects are often an order of magnitude bigger than even the most advanced civilian entities. With the completion of the LHC CERN's annual budget will be about 250M Euros for LHC related work and an additional 60M for the rest. About 450M USD. So less than one quarter that of LANL. Since about 75% of LANL's budget is for the arsenal, we reach the conclusion that LANL's "other activities" budget is much the same as CERN's entire budget.

As to sensitivity, on a world scale it is hard to imagine a place more filled with information that could cause catastrophic issues on a world scale. When it comes to building weapons of mass destruction these guys wrote the book. Sadly the current changing on the world political scale seem to point in a direction where these capabilities might regain some of the importance they once held. (It has been observed that a big problem at LANL has been a perception that they were becoming irrelevant, a world stage in which the arsenal they maintain was becoming unimportant.)

Anonymous Coward

Err, no its not #

Posted Tuesday 30th September 2008 09:26 GMT

Clearly its not the most sensitive and sophisticated research institution. Everybody knows about it and what they do, and as for sophistication ... well the story highlights it is not, especially if they can not even get a simple firewall or simple HTML correct. You have to wonder about these 'boffins' intelligence in all honesty. I think the atom should be taken away from their control until they all pass a basic security test.

TeeCee

Re: Err, no its (sic) not #

Posted Tuesday 30th September 2008 10:58 GMT

The true boffinry will be off doing clever stuff with things designed to make the word "Bang" seem pathetically inedequate. Their understanding of the term "simple firewall" is probably something along the lines of 20 feet of reinforced concrete with a lead/osmium lining. This is the sensistive and sophisticated bit.

Network security will most likely be the province of some management brown-nose who reckons that if he makes sure that everyone has the same screen saver and can't use their USB ports, it'll all be fine.