August 2, 2012 / by emptywheel

 

Nuke Site Breached Just Days After SSCI Moved to Eliminate Reporting on Nuke Site Security

I have been dawdling about writing this post, in which I explain that two of the reporting requirements the Senate Intelligence Committee rather stupidly, IMO, moved to eliminate last week pertain to the security of our nuclear labs.

Back when I criticized the plan to eliminate these reports in June, I wrote,

The bill would eliminate two reporting requirements imposed in the wake of the Wen Ho Lee scandal: that the President report on how the government is defending against Chinese spying and that the Secretary of Energy report on the security of the nation’s nuclear labs. Just last year, the Oak Ridge National Laboratory had to separate from the Internet because some entity–China would be a good candidate–had hacked the lab and was downloading data from their servers. Now seems a really stupid time to stop reporting on efforts to avoid such breaches.

In spite of these very obvious reasons, the Senate did indeed eliminate two reporting requirements pertaining to national labs (though they kept the one pertaining to Chinese spying).

(7) REPEAL OF REPORTING REQUIREMENT REGARDING COUNTERINTELLIGENCE AND SECURITY PRACTICES AT THE NATIONAL LABORATORIES.—Section 4507 of the Atomic Energy Defense Act (50 U.S.C. 2658) is repealed.

(8) REPEAL OF REPORTING REQUIREMENT REGARDING SECURITY VULNERABILITIES OF NATIONAL LABORATORY COMPUTERS.—Section 4508 of the Atomic Energy Defense Act (50 U.S.C. 2659) is repealed.

I’m glad I waited. Now I can use this story to demonstrate how vulnerable our nuclear labs remain.

The U.S. government’s only facility for handling, processing and storing weapons-grade uranium [Oak Ridge National Lab] was temporarily shut this week after anti-nuclear activists, including an 82-year-old nun, breached security fences, government officials said on Thursday.

[snip]

The activists painted slogans and threw what they said was human blood on the wall of the facility, one of numerous buildings in the facility known by the code name Y-12 that it was given during World War II, officials said.

While moving between the perimeter fences, the activists triggered sensors which alerted security personnel. However, officials conceded that the intruders still were able to reach the building’s walls before security personnel got to them.

When James Clapper’s office asked to throw these reports out, they justified it by saying they could just brief the information rather than report it regularly.

This reporting requirement should be repealed because it is over a decade old and the Secretary of Energy and the National Counterintelligence Executive can provide the information requested through briefings, as requested, if congressional interest persists.

Oak Ridge Lab has been breached twice in two years, once via its computer systems and now physically. I’m sure Congress will be getting a slew of briefings about the lab, but it really does seem like a little reporting requirement might help DOE to take this seriously.

Copyright © 2012 emptywheel. All rights reserved.
Originally Posted @ https://www.emptywheel.net/2012/08/02/nuke-site-breached-just-days-after-ssci-moved-to-eliminate-reporting-on-nuke-site-security/