(No Ratings Yet. Rate It!)
Loading ...Apparantly, the NNSA had posted lots of its human resources data on an internet-exposed system and someone figured out how to access it. So its possible that the social security numbers and other personal data of about 1500 employees and contractors was stolen to be used in identity theft.
From the WaPo here:
WASHINGTON (Reuters) - A computer hacker got into the U.S. agency that guards the country’s nuclear weapons stockpile and stole the personal records of at least 1,500 employees and contractors, a senior U.S. lawmaker said on Friday.
The target of the hacker, the National Nuclear Safety Administration, is the latest agency to reveal that sensitive private information about government workers was stolen.
The incident happened last September but top Energy Department officials were not told about it until this week, prompting the chairman of the House of Representatives Energy and Commerce Committee to demand the resignation of the head of the NNSA.
Committee chairman Rep. Joe Barton said NNSA Administrator Linton Brooks should be “removed from your office as expeditiously as possible” because he did not quickly notify senior Energy Department officials of the breach.
“And I mean like 5 o’clock this afternoon if it’s possible,” Barton, a Texas Republican, said in a statement.
This is a failure across the board for CIAC. CIAC monitors all DOE network firewalls and intrusion detection systems. If they missed the attack, it could be due to lack of visibility into the attack, such as the access was encrypted, or they didnt have an IDS signature to detect the breach. If it was simply an exposure issue, this is also CIAC’s fault since they should be doing comprehensive vulnerability analysis on their own systems.
Also, by failing to report this properly, the NNSA is in clear violation of government directives for reporting security incidents.
People should be fired over this, both at the NNSA and at CIAC.
Related Articles
5 people responded in this post
The director of the NNSA has information here.
http://www.nnsa.doe.gov/lintonfbrooksbio.htm
I dont think that Brooks is responsible for this breach, and his removal would be a big mistake. This guy has years of experience in the intelligence community, specifically dealing with nuclear arms.
So who do you fire? How about the inept Linda Wilbanks, the CIO for the NNSA? Start with her. She is an idiot who decorates doors at Christmas time to motivate her employees. She would rather be teaching High School Math than securing the DOE networks. She has no idea how to do her job, so she networks with other people in the hopes that she can figure out what it takes to be a CIO of a federal agency.
She admits it all right here:
http://searchcio.techtarget.com/qna/0,289202,sid19_gci1074664,00.html
Fire her now.
[...] NNSA CIO Linda Wilbanks needs to be fired. She allowed personally identifiable information to be stolen from the NNSA, and she has no idea what it takes to secure a federal network. This dumpy ball of ineptitude is a school teacher, but because she has impressive degrees, she gets thrown into the role of protecting the nation’s nuclear secrets. [...]
[...] I have followed this story since the beginning. See here here and here. Linton Brooks, the head of the National Nuclear Security Administration was fired because of security breaches in his organization that took place on his watch. I don’t necessarily think it was Brooks’ lack of leadership that got him fired, but his poor management of his underlings and employees. He gave the CIO position to a high school teacher who bragged about decorating office doors with wrapping paper at Christmas time rather than making sure her internet servers and databases were hacker proof. So when social security numbers were leached off of the network and when a laptop turned up in a meth lab, someone’s head had to roll. [...]
[...] have followed this story since the beginning. See here here and here. Linton Brooks, the head of the National Nuclear Security Administration was fired [...]
[...] CIO Linda Wilbanks needs to be fired. She allowed personally identifiable information to be stolen from the NNSA, and she has no idea what it takes to secure a federal network. This dumpy ball of ineptitude is a [...]
Want to Say Something?
Your comments are appreciated. And don't forget to rate the post!