- 10 Microsoft research projects
- 10 kitchen gadgets for the geek gourmet
- Verizon trounces competition
- Smartphone smackdown: Storm vs. iPhone
- FBI warns of holiday cyber scams
The U.S. Department of Energy has proposed levying a fine of $3 million on the University of California, Oakland, and a separate $300,000 fine on Los Alamos National Security (LANS), for their alleged failures to protect classified information in an October 2006 security breach.
In addition, Secretary of Energy Samuel Bodman Monday ordered LANS to undertake specific actions to bolster its physical and IT security. A failure to implement the required measures within the prescribed time frame could result in the imposition of additional civil penalties of up to $100,000 per day for each violation, Bodman said in a compliance order issued today.
The formal enforcement actions against both organizations follow months of investigation into the breach in which a contract worker at Los Alamos National Laboratories (LANL) illegally downloaded and removed classified data from the site via a thumb drive. The university managed and operated LANL from 1943 to May 2006. LANS, which is a limited liability corporation that comprises Bechtel National, the university and two other firms, took over management of LANL in June 2006.
The university and LANS have 30 days to submit a written response to the notice of violations. A failure to do so would end their right to appeal the proposed penalties.
"Investigations revealed that management deficiencies of both contractors were a central contributing factor" in the 2006 breach, a DOE statement said. The agency noted that the proposed civil penalty of $3 million is the largest it has ever assessed.
In a formal Preliminary Notice of Violation addressed to Robert Foley, vice president of laboratory management at the University of California, Oakland, the DOE listed five separate areas where the school failed to follow DOE requirements for protecting classified information. Those violations included a failure by the university to protect data ports, despite knowing about the vulnerability, and a failure to impose adequate escorting requirements to detect unauthorized access and removal of classified data. The school was also charged with violating the DOE's physical security requirements, as well as rules regarding roles and responsibilities and oversight of subcontractors. The notice of violation was sent by the DOE's National Nuclear Security Administration (NNSA).
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment