Million-dollar fine for IT security vulnerabilities in nuclear weapons research centre
The US Department of Energy (DOE) has ordered the University of California Berkeley to pay a fine of three million dollars due to inadequate security precautions in Los Alamos National Laboratory (LANL). In October of last year, a contract worker succeeded in taking confidential material from the intranet of the research institution and saving it on a USB stick. After this fact leaked to the public, the DOE ordered an in-depth investigation of the IT and other security precautions of the research centre located in a military no-go area in New Mexico.
The LANL is, among other things, active in the field of nuclear weapons development and manages the "Stockpile Stewardship and Management" program which is responsible for managing the infrastructure of the USA's existing arsenal of atomic weapons. For a long time, the LANL was solely run by the University of California. In June 2006, the management of the research institution, with its 6,000 or so employees, changed hands. Management was transferred to the Los Alamos National Security (LANS), a limited liability company, in which the University of California, the construction company Bechtel and two other companies hold shares.
The results of the investigation show that faulty management contributed significantly to the breach in security in October 2006, according to a statement made by the DOE. It established that a multitude of serious violations against the DOE regulations for the protection of confidential data had been made. The fine in the amount of three million US dollars is the highest penalty ever to have been imposed by the Department of Energy. Los Alamos National Security was sentenced to pay an additional 300,000 US dollars. If the security vulnerabilities are not immediately eliminated, further punitive damages to the tune of 100,000 US dollars per day and offence are due.