Blog article
See all stories »

Nuclear Weapons, CyberSecurity and an Unlocked Door

Robert Siciliano 

What happens when you have an unlocked door at the home of and employee at the top U.S. nuclear weapons laboratory? How about 3 stolen computers with yet to be disclosed data, that was said to be non-classified. We hope. Were the computers stolen to be resold for crack? Or for nuclear weapons secrets? We may never know. Or we may find out the hard way.

At the Los Alamos National Laboratory in Santa Fe New Mexico dozens more (67 total) systems are currently listed as missing. Officials are conducting a full review of the lab’s policies and procedures governing the use of official computers at employees’ homes.

Situations like this are common in every industry with every conceivable form of data. We just wish it wasn’t data from a nuclear weapons facility.

Its important to point out that the facility has as many as 40,000 computers including desktops, laptops, PDAs, printers and so on. Do the math, less than a .25 percent lost or stolen. The lab has been documented at a better than 99.5 accountability rate.

We know there is no such thing as 100% security whether protecting from hardware or data thieves. Security is an ongoing, never ending, consistent, on your toes, don’t let your guard down, vigilant process.

And its not just criminal hackers causing big problems, lowly burglars looking for their next bag of dope stole a laptop computer from the home of a government employee containing 26.5 million Social Security Numbers, a US primary identifier. This $500 laptop cost millions.

Can you say your organization has a 99.5% success rate?

What policies do you have in place to foster a security minded culture? Here are just a few bullets as examples for you to add too.

# Cover all organizational systems used for processing, storing or transmitting personal information.

# Security risks faced assessed in the development of the policy

# Cost-effective measures devised to reduce the risks to acceptable levels

# Monitored and periodically reviewed.

# Staff and management made aware of the protective security policies and how to implement them.

Robert Siciliano Identity Theft Expert discussing another hack Here

2725

Comments: (1)

A Finextra member
A Finextra member 23 February, 2009, 00:20Be the first to give this comment the thumbs up 0 likes

All well and good Robert, but most of that nuclear data, along with your personal data has in all probability been stolen more than once in the past.

As for locked doors at labs, most US defence technology was available to anyone with a web browser, antimatter bombs included. Scientific research is evolving so it still makes sense to try and prevent new discoveries being stolen, but last time I looked my birthdate was the same, my social security number was the same.....

Once the information is already out there it requires a new strategy to prevent harm.

That's what is missing, a strategy, along with all the anti-matter bomb plans and your personal info.

The statistics on fraud and exploits haven't improved (except from the fraudster's perspective) and neither have the efforts of those who claim their products protect us, and no amount of quoting statistics will change that.

Why bother trying to protect data which cannot be protected (going on past experience), and what is the point if it is already out there in the hands of criminals?

995 locked doors out of 1000 also equals an unlocked building. (99.5% protected or just plain unprotected?) One would have to assume that they are all open.

Strategy? No. I'd call that a prayer. A vain hope that no-one will try the unlocked door is not realistic.