The Los Alamos National Laboratory - easily the world's most sensitive and sophisticated research institution - is marred by cybersecurity weaknesses that compromise the way information on its unclassified network is protected. According to an audit by the US Government Accountability Office (GAO), the New Mexico-based LANL …
LANL's U-571 re-write
'The United States knew little about the German atomic program, but the specter of a nuclear-equipped Hitler could not be ignored. As American soldiers trudged through the deserts of North Africa, braved the Normandy beaches [and bled for every yard of distant Iwo Jima and Okinawa], American scientists raced to unlock the power of the atom.'
The UK, French, Danish and umpteen other countires spies/scientists/soldiers obviously played peepo/just made the coffee/marched for the fun of it. [ ..] excepted.
"The Los Alamos National Laboratory - easily the world's most sensitive and sophisticated research institution"
Uh ... ever heard of CERN? You know, out there in the world outside the Americas?
Surely ground zero was some distance away
At Trinity Site, Alamogordo.
When you've built an atom bomb you think might work, firing it off in the middle of your lab could be considered a mistake.
cyber-this and cyber-that
Why can't those numpties just use proper words? Pffft!
Low pay scales to blame?
If it's so important that LANL networks be as secure as humanly possible, let me ask: are they paying top dollar and making sure (in part thereby) that they've got the best admins on staff that money can buy?
Or are the admins responsible for IT security being paid per usual GS scales: not a great deal, certainly not what the market will pay, if they're like they used to be.
Today's boring platitude: "you get what you pay for."
Security in Government
It seems that physical security in gov' departments is either nazis strutting around loaded down with ordinance or lardy arsed desk pilots who are there just for the job security( excuse the pun). In the case of `Cyber´security it is more likely to be the case that managers in many gov' departments have little knowledge or interest in the subject and so have no idea whether the IT security guy they are hiring is competent and doing his job or not. This is further complicated by poor remuneration in gov' IT . It's the same old thing time and again, lack of money and/or lack of professional HR managers and a lot of people who are in security jobs don't really know what they are doing.
Actually I think I would agree that LANL deserves the adjectives. It has an annual budget of about $2G, and its primary job is the maintenance of the US nuclear arsenal. CERN and the LHC is pretty impressive, but the sad reality is that military and black projects are often an order of magnitude bigger than even the most advanced civilian entities. With the completion of the LHC CERN's annual budget will be about 250M Euros for LHC related work and an additional 60M for the rest. About 450M USD. So less than one quarter that of LANL. Since about 75% of LANL's budget is for the arsenal, we reach the conclusion that LANL's "other activities" budget is much the same as CERN's entire budget.
As to sensitivity, on a world scale it is hard to imagine a place more filled with information that could cause catastrophic issues on a world scale. When it comes to building weapons of mass destruction these guys wrote the book. Sadly the current changing on the world political scale seem to point in a direction where these capabilities might regain some of the importance they once held. (It has been observed that a big problem at LANL has been a perception that they were becoming irrelevant, a world stage in which the arsenal they maintain was becoming unimportant.)
Err, no its not
Clearly its not the most sensitive and sophisticated research institution. Everybody knows about it and what they do, and as for sophistication ... well the story highlights it is not, especially if they can not even get a simple firewall or simple HTML correct. You have to wonder about these 'boffins' intelligence in all honesty. I think the atom should be taken away from their control until they all pass a basic security test.
Re: Err, no its (sic) not
The true boffinry will be off doing clever stuff with things designed to make the word "Bang" seem pathetically inedequate. Their understanding of the term "simple firewall" is probably something along the lines of 20 feet of reinforced concrete with a lead/osmium lining. This is the sensistive and sophisticated bit.
Network security will most likely be the province of some management brown-nose who reckons that if he makes sure that everyone has the same screen saver and can't use their USB ports, it'll all be fine.