It is amazing, in a bubble, to think of Los Alamos National Laboratory as rife with security gaps.  This is, after all, where the nuclear bomb was invented all those years ago, and you can bet that’s not the last of the story.  Still, in this modern age of microscopic technology, anything is possible.  Take the case of these jump drives that turned up in the hands of some meth-addicted kid in California:

lamonitor.com: The Online News Source for Los Alamos

“I have no idea what’s on it because I didn’t get a chance to look,” Stone said. Stone refused to reveal the man’s name. He said he traded another local man some meth for a jump drive about a year ago. “I vaguely remember it contained information about nuclear waste sites around Los Alamos,” Stone said. “I erased it and used the drive for myself.” A second flash drive was lying on the kitchen counter, he said adding that the third drive was on Jessica Quintana’s key chain. Quintana is the woman who lived in the mobile home at 2025 East Jemez Road #250 where police discovered the drives on Oct. 17. Quintana has lived in the mobile home for a couple of months and was reportedly in the process of buying it.

Continue reading the story, it’s worth it just to see how good you are at following nonsense narratives.  The author of the article employs some curious phrasology such as “arrested from,” to add to the challenge.  Then again, it’s Sunday morning and no, I didn’t remember Daylight’s Savings, so the problem could be me.  In any event, who got the key fobs from whom matters little to me.

The intention of this post is to highlight that point at which the abstractions and extrapolations of the computer world meet the altogether-too-pragmatic world of crime, drugs and terrorism.  One simple mistake can change the world - or end it - for a lot of people these days.  The trouble is: computer security is not that complicated and it’s not that difficult, but it is time-consuming and expensive, which is one of the reasons most companies fail the test.  It’s a shame to see that happen at LANL; it’s a shame to see a great institution appear so utterly common, but not at all surprising for those of us in the business.

After earning my Security+ Certification, network and infrastructure security has ever been a frustration for me not unlike data integrity (meaning, the state of having all an organization’s information present, unduplicated and accurate).  As I stated above, a primary problem with security tends to be the cost: hiring enough tech people, purchasing secure hardware and enforcing strict password protections tends not to be a priority for a company until they get hit. 

But beyond that, there is the lackadaisical attitude with which most corporate policy deals with security.  It’s fine to expect that the plebeians need to stick to procedure, but CEO’s?  They can’t be expected to blend with the chattel.  And if not them, then certainly not their secretaries.  And what about the Western Marketing Manager?  Of course not.  And his staff has things that need to get done; they can’t be bothered with security concerns that get in the way.  Onward and outward until security is a farce, which it always is.

Meanwhile, new technology presents new challenges.  If a proper corporate policy was adhered to, only a limited number of highly-speciallized roles would be allowed the ability to install a key fob on their machine.  But of course, that doesn’t happen.  If proper policy was adhered to, in such a sensative environment, all documents would be sealed with Digital Certificates.  DC’s are free and the Federal Government is it’s own Root Certificate Authority, so that would offer a closed-loop security protection.  If indeed the LANL situation is as bad as they make it out to be, this clearly wasn’t the case.

It’s sad to think that the only people who can be relied upon to employ proper security are geeks such as myself who don’t have anything all that important to hide. . . .

Technorati Tags: Technology, Los Alamos, Security

powered by performancing firefox