Last year, 80 computers went unaccounted for -- 13 stolen and 67 missing. To date, 11 have been recovered, but 69 remain missing, lab spokesman Kevin Roark told SCMagazineUS.com Thursday.
None of the missing computers were labeled classified but still may have contained personal information on employees or other individuals, he said. Some of the machines contained encryption, and the lab now is considering implementing the technology across all computers.
“If we determine it's likely that someone's PII (personally identifiable information) has been compromised, we provide resources to those people to protect them from identity theft,” Roark said. “But the serious matter is whether there was classified info involved, which it was not.”
Los Alamos, part of the U.S. Department of Energy, does research and develops technology related to national security.
An internal memo concerning the number of missing or stolen laptops was obtained and released by the nonprofit Project on Government Oversight (POGO), a federal government watchdog.
The memo states that a laptop theft occurred on Jan. 16, where three computers were stolen from a lab employee's home in Santa Fe, N.M. That incident revealed cybersecurity, management and accountability concerns.
Initially, the incident was treated just as a property issue and the lab was "not engaged in a timely and proactive manner to assess and address potential loss of sensitive information,” the memo states. Only one of the three computers was authorized for home use, though, which since has raised security concerns that policies were not being followed, Roark said.
Adrian Lane, principal security strategist at security consultancy Securosis, told SCMagazineUS.com Thursday that this was likely a theme for all lost or stolen machines.
"You have to bring into question [that] each one has the possibility that there was actually sensitive information on it and if there's not protection [or encryption] and they're not being audited, I would be worried," he said.
As a result of the memo, LANS was given until last Friday to send a written report about the status of all the stolen or missing computers and address the potential cybersecurity ramifications of each. Los Alamos was directed to work with the National Nuclear Security Administration (NNSA), which manages the lab, to develop and execute a program to correct any system deficiencies or weaknesses in computer accountability.
An NNSA spokesman said LANS did provide that correspondence on Friday but could not elaborate on the content of the letter, as it is currently under review.