A critical security breach that may have exposed nuclear secrets at the Los Alamos National Laboratory (LANL) in January was the result of human error and not a breakdown in security processes.
The "unintentional security incident" resulted in the transmission of sensitive information through an unsecured e-mail system, Samuel Bodman, secretary of the U.S. Department of Energy (DOE), said in a letter to Congress last Friday.
He was responding to an earlier letter by Rep. John Dingell (D-Mich.), chairman of the House Committee on Energy and Commerce. Dingell had sought an explanation from Bodman on why a subcommittee investigating an October 2006 security breach at LANL was not told about the January breach. Dingell's letter expressed concern over the failure of the National Nuclear Security Administration (NNSA) to notify the subcommittee of the incident -- even though the breach received the highest possible DOE severity rating.
The NNSA is a semiautonomous body within the DOE that's responsible for supervising the country's nuclear facilities.
In his letter, Bodman offered no explanation for the NNSA's failure to notify Dingell's subcommittee about the breach. But he said he had directed appropriate officials at the department and at NNSA to meet with Dingell and his staff to provide further details about the incident.
"While I cannot go into great detail here about the specific circumstances of the incident referenced in your letter, I can affirm that an individual did in fact unintentionally transmit sensitive information through an unsecured e-mail system," Bodman said in his letter. "The incident was immediately recognized and reported, fully investigated and the responsible officials have reported that appropriate measures have been taken to address the situation."
Though measures have been implemented at the facility to minimize such risks, such errors can occasionally happen, he said. "Therefore we have a robust system in place to report and investigate potential violations. In my opinion, this is a circumstance where those systems worked well."
The January breach was the latest in a series of security incidents disclosed by the lab over the past few years. In October 2006, three USB thumb drives supposedly containing nuclear data was found in a trailer belonging to a former subcontractor at the lab. Police discovered the drives while they were searching the trailer for drugs after initially responding to a domestic disturbance call. In 2004, two computer disks that were thought to have contained classified data were reported missing by the laboratory. Similar losses were reported in 2003 and in 2000.