Skip to main content

Information Security: Actions Needed to Better Protect Los Alamos National Laboratory's Unclassified Computer Network

GAO-08-1001 Published: Sep 09, 2008. Publicly Released: Sep 26, 2008.
Jump To:
Skip to Highlights

Highlights

The Los Alamos National Laboratory (LANL), which is operated by the National Nuclear Security Administration (NNSA), has experienced security lapses protecting information on its unclassified computer network. The unclassified network contains sensitive information. GAO (1) assessed the effectiveness of the security controls LANL has in place to protect information transmitted over its unclassified computer network, (2) assessed whether LANL had implemented an information security program for its unclassified network, and (3) examined expenditures to protect LANL's unclassified network from fiscal years 2001 through 2007. To carry out its work, GAO examined security policies and procedures and reviewed the laboratory's access controls for protecting information on the unclassified network.

Recommendations

Recommendations for Executive Action

Agency Affected Recommendation Status
National Nuclear Security Administration To improve LANL's information security program for its unclassified network, the Secretary of Energy and the Administrator of NNSA should require the Director of Los Alamos National Laboratory to ensure that the risk assessment for the unclassified network evaluates all known vulnerabilities and is revised periodically.
Closed – Implemented
In his response to our report, the NNSA Administrator concurred with this recommendation. He stated that the Los Alamos National Laboratory (LANL) was in the process of developing comprehensive risk management tools and processes for ensuring the identification and assessment of all known vulnerabilities and their potential impacts to the unclassified network. The NNSA Administrator noted, that as part of the risk assessment process, the effectiveness of countermeasures would be identified and tracked. The Administrator also noted that this recommendation would be closed by Action 9 of the DOE Secretarial Compliance Order. The Los Alamos Site Office (LASO) validated the closure of this recommendation in December 2008 and NNSA validated the actions in January 2009.
Department of Energy To ensure that NNSA has a clear and consistent strategy to determine resource requirements for the laboratory's unclassified network, the Secretary of Energy and the Administrator of NNSA should establish and implement procedures to monitor critical program activities that are unfunded or underfunded in order to improve management accountability and transparency in determining how best to fund the most critical program requirements.
Closed – Implemented
In his response to our report, the NNSA Administrator concurred with the recommendation. He wrote that NNSA's (PPBE) process is designed to assure that critical program activities are supported within overall funding allocations made available by DOE and OMB, noting that the annual process is open and transparent to Headquarters and Federal field Staff. Once funding is appropriated for program activities, the PPBE budget execution and evaluation processes require monthly monitoring of both funding and performance metrics, and quarterly reporting of these to DOE. According to the NNSA Administrator, the evaluation process also provides the framework for the Chief Information Officer's program oversight of its program performers and required annual program reviews by the Administrator.
Department of Energy To improve LANL's information security program for its unclassified network, the Secretary of Energy and the Administrator of NNSA should require the Director of Los Alamos National Laboratory to ensure that the risk assessment for the unclassified network evaluates all known vulnerabilities and is revised periodically.
Closed – Implemented
In his response to our report, the NNSA Administrator concurred with this recommendation. He stated that the Los Alamos National Laboratory (LANL) was in the process of developing comprehensive risk management program tools and processes for ensuring the identification and assessment of all known cyber security vulnerabilities and their potential impacts. In addition, the Administrator noted that, as part of the risk assessment process, the effectiveness of countermeasures would be tracked and identified. As a part of the July 2007 Secretarial Compliance Order, the NNSA Administrator wrote that this recommendation would be closed by Action 9 of the Secretarial Compliance Order. The Los Alamos Site Office (LASO) validated the closure of this recommendation in December 2008 and NNSA validated the actions in January 2009.
National Nuclear Security Administration To improve LANL's information security program for its unclassified network, the Secretary of Energy and the Administrator of NNSA should require the Director of Los Alamos National Laboratory to strengthen policies with a view toward further reducing, as appropriate, foreign nationals'--particularly those from countries identified by DOE as sensitive--access to the unclassified network.
Closed – Implemented
NNSA concurred with this recommendation and wrote that LANL had segregated foreign national user and their systems from the unclassified network, thereby reducing their access. NNSA also noted that LANL was codifying these access requirements into their policies and procedures to reduce foreign national access to LANL's unclassified network. Our review of this documentation shows that LANL has developed policies and procedures for managing foreign nationals' access to its unclassified network. For example, LANL's Cyber Security Program Plan (December 2009) outlines the roles and responsibilities of the Information Security System Site Manager as it relates to foreign nationals, including the implementation of an approval process for foreign national privileged user accounts and for maintaining a complete list of all non-U.S. citizen that have privileged user status. In addition, LANL's Cyber Security Program Plan explicitly identifies a documented approval process for foreign nationals to obtain authorization for their visit and access to information systems connected to LANL's unclassified network. LANL Procedure 222: Approval Process for Non-US Citizen Privileged User Accounts also outlines requirements and the annual approval process for non-U.S. citizen privileged user accounts on LANL's unclassified network, which are implemented through the Database for International Visits and Assignments and LANL's Open Collaborative Enclave, which serves as the segregated network for foreign nationals, is designed to limit foreign national access to sensitive unclassified information. Although foreign nationals continue to have remote access to LANL's unclassified network, this access must be specifically requested and approved through the Database for International Visits and Assignments and this access is only to the Open Collaborative Enclave.
Department of Energy To improve LANL's information security program for its unclassified network, the Secretary of Energy and the Administrator of NNSA should require the Director of Los Alamos National Laboratory to strengthen policies with a view toward further reducing, as appropriate, foreign nationals'--particularly those from countries identified by DOE as sensitive--access to the unclassified network.
Closed – Implemented
NNSA concurred with this recommendation and wrote that LANL had segregated foreign national users and their systems from the unclassified network, thereby reducing the risk of their access. NNSA also noted that LANL was codifying these requirements into their policies and procedures to reduce foreign national access. Our review of LANL documentation shows that LANL has developed policies and procedures for managing foreign nationals' access to its unclassified network. For example, LANL's Cyber Security Program Plan (December 2009) outlines the roles and responsibilities of the Information Security System Site Manager as it relates to foreign nationals, including the implementation of an approval process for foreign national privileged user accounts and for maintaining a complete list of all non-U.S. citizen that have privileged user status. In addition, LANL's Cyber Security Program Plan explicitly identifies a documented approval process for foreign nationals to obtain authorization for their visit and access to information systems connected to LANL's unclassified network. LANL Procedure 222: Approval Process for Non-US Citizen Privileged User Accounts also outlines requirements and the annual approval process for non-U.S. citizen privileged user accounts on LANL's unclassified network, which are purportedly implemented through the Database for International Visits and Assignments and LANL's Open Collaborative Enclave, which serves as the segregated network for foreign nationals, is designed to limit foreign national access to sensitive unclassified information. Although foreign nationals continue to have remote access to LANL?s unclassified network, this access must be specifically requested and approved through the Database for International Visits and Assignments. This access is only to the Open Collaborative Enclave.
National Nuclear Security Administration To improve LANL's information security program for its unclassified network, the Secretary of Energy and the Administrator of NNSA should require the Director of Los Alamos National Laboratory to ensure that the new set of cyber security policies and procedures applicable to the unclassified network are comprehensive, including centralized configuration management for all types of systems, and contain specific instructions on how to implement federal requirements and guidance.
Closed – Implemented
In his response to our report, the NNSA Administrator concurred with the recommendation and noted that the Los Alamos National Laboratory's (LANL) Information Architecture Procedures establish consistent configuration management standards and procedures and also specify that systems are to be configured and maintained by the Central Computing Services organization. The Administrator noted that both procedures are being implemented, but that the recommendation would be closed when full implementation has been completed.
National Nuclear Security Administration To improve LANL's information security program for its unclassified network, the Secretary of Energy and the Administrator of NNSA should require the Director of Los Alamos National Laboratory to ensure that the network security plan for the unclassified network is revised to document security controls using federal guidance and that this plan also includes or references key security activities, such as risk assessment development and the evaluation of security test results.
Closed – Implemented
In his response to our report, the NNSA Administrator concurred with the recommendation. He wrote that the information security program at the Los Alamos National Laboratory (LANL) uses methodologies specified in NNSA's cyber security policy letters, noting that risk assessments are conducted for all system security plans. The Administrator also stated that this recommendation would be closed by the accreditation of all information systems connected to LANL's unclassified network, which is Action 9 of the DOE Secretarial Compliance Order. The Los Alamos Site Office (LASO) validated the completion of the DOE Secretarial Compliance Order in December 2008 and NNSA validated these actions in January 2009.
Department of Energy To improve LANL's information security program for its unclassified network, the Secretary of Energy and the Administrator of NNSA should require the Director of Los Alamos National Laboratory to ensure that the new set of cyber security policies and procedures applicable to the unclassified network are comprehensive, including centralized configuration management for all types of systems, and contain specific instructions on how to implement federal requirements and guidance.
Closed – Implemented
In his response to our report, the NNSA Administrator concurred with the recommendation and noted that the Los Alamos National Laboratory's (LANL) Information Architecture Procedures establish consistent configuration management standards and procedures and also specify that systems are to be configured and maintained by the Central Computing Services organization. The Administrator noted that both procedures are being implemented, but that the recommendation would be closed when full implementation has been completed.
Department of Energy To improve LANL's information security program for its unclassified network, the Secretary of Energy and the Administrator of NNSA should require the Director of Los Alamos National Laboratory to strengthen the security test and evaluation process for the unclassified network by expanding technical testing to cover new areas that might be vulnerable, such as those disclosed in our report, and ensure that testing adequately considers federal guidance for evaluating security controls and determining their effectiveness.
Closed – Implemented
In his response to our report, the NNSA Administrator concurred with the recommendation. He wrote that the approach to information security program at Los Alamos National Laboratory (LANL) is institutionalized in the unclassified certification and accreditation process. In addition, he noted that the security and configuration service plans for systems connected to LANL's unclassified network must meet approved standards that are tested through vulnerability scanning and that penetration testing against LANL's unclassified network is conducted by the Red Team. Actions for this recommendation were completed through the activities of the DOE Secretarial Compliance Order, Action 9 and were validated by the Los Alamos Site Office (LASO) in December 2008 and NNSA in January 2009.
National Nuclear Security Administration To improve LANL's information security program for its unclassified network, the Secretary of Energy and the Administrator of NNSA should require the Director of Los Alamos National Laboratory to ensure that milestones in corrective action plans are met or that new milestones are established to remediate security weaknesses for the unclassified network in a timely manner.
Closed – Implemented
In his response to our report, the NNSA Administrator concurred with this recommendation. He noted that, beginning in September 2007, the Los Alamos National Laboratory (LANL) had developed a more thorough process to ensure the time completion of corrective action milestones, including comprehensive tracking tools and the establishment of a Management Review Board to approve corrective action plans. As of 1/16/2009, the NNSA Administrator stated of the numerous milestones that were previously identified as not met in a timely manner by GAO, 64% of the corrective actions have been closed or completed. He added that of those remaining recommendations, none are behind schedule or past due.
Department of Energy To improve LANL's information security program for its unclassified network, the Secretary of Energy and the Administrator of NNSA should require the Director of Los Alamos National Laboratory to ensure that the network security plan for the unclassified network is revised to document security controls using federal guidance and that this plan also includes or references key security activities, such as risk assessment development and the evaluation of security test results.
Closed – Implemented
In his response to our report, the NNSA Administrator concurred with the recommendation. He wrote that the information security program at the Los Alamos National Laboratory (LANL) uses methodologies specified in NNSA's cyber security policy letters, noting that risk assessments are conducted for all system security plans. The Administrator also stated that this recommendation would be closed by the accreditation of all information systems connected to LANL's unclassified network, which is Action 9 of the DOE Secretarial Compliance Order. The Los Alamos Site Office (LASO) validated the completion of the DOE Secretarial Compliance Order in December 2008 and NNSA validated these actions in January 2009.
Department of Energy To improve LANL's information security program for its unclassified network, the Secretary of Energy and the Administrator of NNSA should require the Director of Los Alamos National Laboratory to ensure that the related plan of action and milestones used for Federal Information Security Management Act (FISMA) reporting includes all LANL security weaknesses and required information so that it is an effective management tool for tracking security weaknesses and identifying budgetary resources needed to protect the unclassified network.
Closed – Implemented
In fiscal year 2011, we verified that LANL ensured the related plan of action and milestones used for FISMA reporting included all LANL security weaknesses and required information so that it is an effective management tool for tracking security weaknesses and identifying budgetary resources needed to protect the unclassified network.
National Nuclear Security Administration To improve LANL's information security program for its unclassified network, the Secretary of Energy and the Administrator of NNSA should require the Director of Los Alamos National Laboratory to develop and maintain a comprehensive continuity of operations plan that addresses the current unclassified network environment and periodically test the plan for restoring operations.
Closed – Implemented
In his response to our report, the NNSA Administrator concurred with the recommendation. He wrote that a continuity of operations plan will be developed for the current unclassified network environment and will identify a test schedule by the end of FY2009. In June 2010, the Los Alamos Site Office (LASO) verified that this action has been implemented.
Department of Energy To improve LANL's information security program for its unclassified network, the Secretary of Energy and the Administrator of NNSA should require the Director of Los Alamos National Laboratory to develop and maintain a comprehensive continuity of operations plan that addresses the current unclassified network environment and periodically test the plan for restoring operations.
Closed – Implemented
In his response to our report, the NNSA Administrator concurred with the recommendation. He wrote that a continuity of operations plan will be developed for the current unclassified network environment and will identify a test schedule by the end of FY2009. In June 2010, the Los Alamos Site Office (LASO) verified that this action has been implemented.
National Nuclear Security Administration To improve LANL's information security program for its unclassified network, the Secretary of Energy and the Administrator of NNSA should require the Director of Los Alamos National Laboratory to strengthen the security test and evaluation process for the unclassified network by expanding technical testing to cover new areas that might be vulnerable, such as those disclosed in our report, and ensure that testing adequately considers federal guidance for evaluating security controls and determining their effectiveness.
Closed – Implemented
In his response to our report, the NNSA Administrator concurred with the recommendation. He wrote that the approach to information security program at Los Alamos National Laboratory (LANL) is institutionalized in the unclassified certification and accreditation process. In addition, he noted that the security and configuration service plans for systems connected to LANL's unclassified network must meet approved standards that are tested through vulnerability scanning and that penetration testing against LANL?s unclassified network is conducted by the Red Team. Actions for this recommendation were completed through the activities of the DOE Secretarial Compliance Order, Action 9 and were validated by the Los Alamos Site Office (LASO) in December 2008 and NNSA in January 2009.
Department of Energy To ensure that NNSA has a clear and consistent strategy to determine resource requirements for the laboratory's unclassified network, the Secretary of Energy and the Administrator of NNSA should develop, document, and implement a process that clearly links resource requirements and funding decisions to risk assessments for the unclassified network.
Closed – Implemented
In his response to our report, the NNSA Administrator concurred with the recommendation. He wrote that NNSA's multi-year Planning, Programming, Budgeting, and Evaluation (PPBE) process is the framework within which NNSA's Chief Information Officer has developed internal processes to link resource requirements, risk assessments, and funding decisions for all-program activities, noting that risk assessments are one consideration in setting program priorities to support funding decisions.
Department of Energy To ensure that NNSA has a clear and consistent strategy to determine resource requirements for the laboratory's unclassified network, the Secretary of Energy and the Administrator of NNSA should implement a process that provides a rationale for approving or denying resource requests for the unclassified network.
Closed – Implemented
In his response to our report, the NNSA Administrator concurred with the recommendation. He wrote that the Planning, Programming, Budgeting, and Evaluation (PPBE) process provides the framework for setting criteria and priorities for making program resource allocation decisions because requirements always exceed funding available. The programmatic rational is developed by the Chief Information Officer and advocated along with their priorities and recommendations to the NNSA leadership. Once NNSA leadership evaluates, integrates, and prioritizes the updated program baselines and makes decisions on unfunded priorities, these program and funding recommendations are documented in the Administrator's Final Recommendations document and becomes the basis for interaction with the Department of Energy (DOE) and the Office of Management and Budget (OMB) for formulating the President's Budget Request. He added that interactions with DOE and OMB are internal to the Administration until the President's Budget is released and, as such, feedback on the decisions to the management and operations contractor must be limited until that time.
National Nuclear Security Administration To ensure that NNSA has a clear and consistent strategy to determine resource requirements for the laboratory's unclassified network, the Secretary of Energy and the Administrator of NNSA should implement a process that provides a rationale for approving or denying resource requests for the unclassified network.
Closed – Implemented
In his response to our report, the NNSA Administrator concurred with the recommendation. He wrote that the Planning, Programming, Budgeting, and Evaluation (PPBE) process provides the framework for setting criteria and priorities for making program resource allocation decisions because requirements always exceed funding available. The programmatic rational is developed by the Chief Information Officer and advocated along with their priorities and recommendations to the NNSA leadership. Once NNSA leadership evaluates, integrates, and prioritizes the updated program baselines and makes decisions on unfunded priorities, these program and funding recommendations are documented in the Administrator's Final Recommendations document and becomes the basis for interaction with the Department of Energy (DOE) and the Office of Management and Budget (OMB) for formulating the President's Budget Request. He added that interactions with DOE and OMB are internal to the Administration until the President's Budget is released and, as such, feedback on the decisions to the management and operations contractor must be limited until that time.
Department of Energy To improve LANL's information security program for its unclassified network, the Secretary of Energy and the Administrator of NNSA should require the Director of Los Alamos National Laboratory to ensure that milestones in corrective action plans are met or that new milestones are established to remediate security weaknesses for the unclassified network in a timely manner.
Closed – Implemented
In his response to our report, the NNSA Administrator concurred with this recommendation. He noted that, beginning in September 2007, the Los Alamos National Laboratory (LANL) had developed a more thorough process to ensure the time completion of corrective action milestones, including comprehensive tracking tools and the establishment of a Management Review Board to approve corrective action plans. As of 1/16/2009, the NNSA Administrator stated of the numerous milestones that were previously identified as not met in a timely manner by GAO, 64% of the corrective actions have been closed or completed. He added that of those remaining recommendations, none are behind schedule or past due.
National Nuclear Security Administration To ensure that NNSA has a clear and consistent strategy to determine resource requirements for the laboratory's unclassified network, the Secretary of Energy and the Administrator of NNSA should establish and implement procedures to monitor critical program activities that are unfunded or underfunded in order to improve management accountability and transparency in determining how best to fund the most critical program requirements.
Closed – Implemented
In his response to our report, the NNSA Administrator concurred with the recommendation. He wrote that NNSA's (PPBE) process is designed to assure that critical program activities are supported within overall funding allocations made available by DOE and OMB, noting that the annual process is open and transparent to Headquarters and Federal field Staff. Once funding is appropriated for program activities, the PPBE budget executioin and evaluation processes require monthly monitoring of both funding and performance metrics, and quarterly reporting of these to DOE. According to the NNSA Administrator, the evaluation process also provides the framework for the Chief Information Officer's program oversight of its program performers and required annual program reivews by the Admininstrator.
National Nuclear Security Administration To improve LANL's information security program for its unclassified network, the Secretary of Energy and the Administrator of NNSA should require the Director of Los Alamos National Laboratory to ensure that the related plan of action and milestones used for Federal Information Security Management Act (FISMA) reporting includes all LANL security weaknesses and required information so that it is an effective management tool for tracking security weaknesses and identifying budgetary resources needed to protect the unclassified network.
Closed – Implemented
In fiscal year 2011, we verified that Los Alamos National Laboratory (LANL) ensured the related plan of action and milestones used for Federal Information Security Management Act (FISMA) reporting included all LANL security weaknesses and required information so that it is an effective management tool for tracking security weaknesses and identifying budgetary resources needed to protect the unclassified network.
National Nuclear Security Administration To ensure that NNSA has a clear and consistent strategy to determine resource requirements for the laboratory's unclassified network, the Secretary of Energy and the Administrator of NNSA should develop, document, and implement a process that clearly links resource requirements and funding decisions to risk assessments for the unclassified network.
Closed – Implemented
In his response to our report, the National Nuclear Security Administration (NNSA) Administrator concurred with the recommendation. He wrote that NNSA's multi-year Planning, Programming, Budgeting, and Evaluation (PPBE) process is the framework within which NNSA's Chief Information Officer has developed internal processes to link resource requirements, risk assessments, and funding decisions for all-program activities, noting that risk assessments are one consideration in setting program priorities to support funding decisions.

Full Report

Office of Public Affairs

Topics

Access controlAccess control listComputer networksComputer securityComputer security policiesConfidential communicationsCyber securityInformation managementInformation securityInformation security regulationsInformation systemsInformation technologyInternal controlsLaboratoriesProgram evaluationRisk assessmentRisk managementSecurity assessmentsSecurity policiesSecurity regulationsStrategic planningSystem vulnerabilitiesSystems evaluationProgram implementation