Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Energy Department hits university with fine over Los Alamos breach

The U.S. Department of Energy has imposed a $3.3 million fine against the current and former operators of the Los Alamos National Laboratory following an incident last year in which a subcontractor's employee stole classified documents by storing them on a USB stick.

The enforcement action penalizes the University of California (UC), which managed the nuclear weapons lab until May 2006, $3 million and fined the new manager, Los Alamos National Security, $300,000. The new operation and management contractor, which took over June 1, consists of UC, Bechtel National, BWX Technologies and the Washington Group International.

The October 2006 theft occurred months after the lab was supposed to include tighter security controls, the Energy Department contends.

Jessica Lynn Quintana, 22, pleaded guilty in May in U.S. District Court in Albuquerque, N.M. Hired to archive classified information, Quintana admitted that when she was working at the lab on July 27, 2006, she printed pages of classified documents and downloaded other classified data onto a USB device, then carried the data home in a backpack.

It is unknown why she took the documents, which were later discovered in an unrelated drug raid at a mobile home park. Quintana faces up to one year in prison, five years of probation and a $100,000 fine.

University spokesman Chris Harrington said the college was reviewing the Energy Department’s enforcement action, but noted that the incident occurred in October 2006, five months after its management contract of the laboratory expired. In addition, the culprit was not a university employee, he added.

Still, "the university remains outraged at the actions taken by the individual involved in this incident," he said. "We believe the type of behavior involved — a failure to follow clearly defined security protocols and a violation of the law — is completely unacceptable."

A lab spokeswoman has told SCMagazine.com that the lab has since reduced removable media in use, disabled USB ports and encrypted laptop hard drives. She said the lab also has enhanced training measures and policies.

This is not the first breach the lab has dealt with this year. In April, it warned employees that their identity may be at risk after the names and Social Security numbers of 550 lab workers was posted on a website operated by a subcontractor working on a security system.

 

Click here to email reporter Dan Kaplan.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.