Losing It in Los Alamos
Imagine a group of passengers armed with box cutters and knives slipping past security at a U.S. airport and onto commercial aircraft, getting away with it as often as they like.
Now imagine that the the government ignores those security lapses, with no one taking responsibility for them, and that airport security officials maintain the dangerous status quo. Official responses would come in the form of vaguely-worded press releases calling the incidents unfortunate, but deny that national security was compromised.
Would anyone in America stand for this?
Keep this hypothetical in mind when considering the repeated security lapses at New Mexico's Los Alamos National Laboratory, the birthplace of the atomic bomb. Los Alamos has been managed by the University of California (UC) for the past 60 years, and for decades federal officials have had a peculiarly high tolerance for UC's negligence. With Los Alamos' track record, you have to wonder why.
Just this month, Los Alamos officials admitted they could not account for Classified Removable Electronic Media (CREM). In this case, that meant two lost zip drives. But what UC officials didn't cop to was that they'd known about the breach days before reporting it, and they'd also lost track of two classified hard drives during the same time frame. Using inside baseball terms like CREM can confuse the issue sometimes, so here it is in plain English: Los Alamos officials lost track of classified material relating to nuclear weapons. And they've been doing it for years.
As the Project on Government Oversight noted in our 2001 report "U.S. Nuclear Weapons Complex: Security at Risk," Los Alamos is rife with vulnerabilities. The lapses range from holes in the management's cyber-security efforts to flaws in the site's physical safeguards.
Here is an abridged rap sheet:
* Most recently, we've learned that Los Alamos employees sent classified information over an un-classified email system 17 times over a two month period - which is strictly prohibited.
* Since January of this year, the University of California has lost track of classified material on three occasions.
* In June 2003, lab officials lost two vials of plutonium.
* In the fall of 2002, Los Alamos officials denied that more than 200 missing computers, some from "black" programs at the lab, contained classified data. The Energy Department's inspector general subsequently disputed UC's claim, saying that lab officials did not know if the missing computers contained classified material.
You don't have to be a national security expert to imagine the bloodshed and chaos a nuclear attack on American soil would entail. And there's nothing that terrorists would like more, you easily could argue, than to pull off such a strike. One way would be to attack a lab that houses highly enriched uranium or plutonium (Los Alamos has both) and create an improvised nuclear device, which could create a one kiloton nuclear explosion if done correctly. Or terrorists could steal nuclear design information, along with plutonium and highly enriched uranium, and detonate a crude atomic device in an American city.
Either way, the outcome could be very ugly. We know that terrorist groups are targeting our nuclear facilities, just as we knew before 9/11 that groups like al Qaeda habitually targeted airplanes. So what are we going to do about it?
Secretary of Energy Spencer Abraham recently outlined his vision for tightened security throughout the nuclear weapons complex. Among his plans is a five-year long strategy to strengthen cyber security by employing a "media-less" computing system. This is a smart idea – a media-less system means no computer disks (removable hard-drives, floppy or compact disks) – since it means that a person can't just walk away with data from the lab, something that has happened on a number of occasions in the past.
But the secretary's plan will take too long. In fact going media-less could be accomplished in a number of months. Given UC's pathetic handling of security, Los Alamos's cyber protection system needs to be the marquee issue on the Energy Department's to-do list. If terrorists gain access to our nuclear secrets and are able to use them against us, that's it for this country.
So ask yourself, do we give the University of California even more time to get its act together – or do we get serious about nuclear security, show them the door, and establish the best safeguards we can to keep America's atomic secrets secret?