BelchSpeak

I can't believe that came from your mouth!

CyberYou're Fired!

National Nuclear Security Administration Screws Its Employees

Apparantly, the NNSA had posted lots of its human resources data on an internet-exposed system and someone figured out how to access it. So its possible that the social security numbers and other personal data of about 1500 employees and contractors was stolen to be used in identity theft.

From the WaPo here:

WASHINGTON (Reuters) – A computer hacker got into the U.S. agency that guards the country’s nuclear weapons stockpile and stole the personal records of at least 1,500 employees and contractors, a senior U.S. lawmaker said on Friday.

The target of the hacker, the National Nuclear Safety Administration, is the latest agency to reveal that sensitive private information about government workers was stolen.

The incident happened last September but top Energy Department officials were not told about it until this week, prompting the chairman of the House of Representatives Energy and Commerce Committee to demand the resignation of the head of the NNSA.

Committee chairman Rep. Joe Barton said NNSA Administrator Linton Brooks should be “removed from your office as expeditiously as possible” because he did not quickly notify senior Energy Department officials of the breach.

“And I mean like 5 o’clock this afternoon if it’s possible,” Barton, a Texas Republican, said in a statement.

This is a failure across the board for CIAC. CIAC monitors all DOE network firewalls and intrusion detection systems. If they missed the attack, it could be due to lack of visibility into the attack, such as the access was encrypted, or they didnt have an IDS signature to detect the breach. If it was simply an exposure issue, this is also CIAC’s fault since they should be doing comprehensive vulnerability analysis on their own systems.

Also, by failing to report this properly, the NNSA is in clear violation of government directives for reporting security incidents.

People should be fired over this, both at the NNSA and at CIAC.

Dr. Jones

Do not talk about fight club. Oops.

5 thoughts on “National Nuclear Security Administration Screws Its Employees

  • The director of the NNSA has information here.
    http://www.nnsa.doe.gov/lintonfbrooksbio.htm

    I dont think that Brooks is responsible for this breach, and his removal would be a big mistake. This guy has years of experience in the intelligence community, specifically dealing with nuclear arms.

    So who do you fire? How about the inept Linda Wilbanks, the CIO for the NNSA? Start with her. She is an idiot who decorates doors at Christmas time to motivate her employees. She would rather be teaching High School Math than securing the DOE networks. She has no idea how to do her job, so she networks with other people in the hopes that she can figure out what it takes to be a CIO of a federal agency.

    She admits it all right here:
    http://searchcio.techtarget.com/qna/0,289202,sid19_gci1074664,00.html

    Fire her now.

Leave a Reply

Your email address will not be published. Required fields are marked *