IE 11 is not supported. For an optimal experience visit our site on another browser.

Security lab may face $3.3m fine for data leak

The Energy Department proposed $3.3 million in fines Friday against managers of the Los Alamos nuclear weapons lab because of a security breakdown in which classified documents were found in a trailer-park drug raid.
/ Source: The Associated Press

The Energy Department proposed $3.3 million in fines Friday against managers of the Los Alamos nuclear weapons lab because of a security breakdown in which classified documents were found in a trailer-park drug raid.

The civil penalties, the bulk of them levied against the University of California, the longtime former manager of the lab, were the largest such fines the department has ever imposed.

The enforcement action stems from an incident in October 2006, when police found more than 1,000 pages of classified documents and several computer storage devices in a trailer occupied by a former worker at the lab.

The discovery was found during a police drug raid that focused on another person living in the trailer.

The department said it was proposing a $3 million civil penalty against the University of California, although the university was no longer the lab's primary manager when the incident was discovered, and $300,000 against Los Alamos National Security LLC, the consortium that succeeded the university in June 2006.

The university was assessed the much larger fine because investigators determined the security deficiencies that led to the October 2006 incident were established during the university's tenure as prime contractor. It also said the new management team did nothing to correct the vulnerabilities.

The university and Los Alamos National Security have 30 days to respond to the findings, but in all likelihood the penalty will stand. The contractors then could challenge the fines in court.

The Los Alamos National Laboratory said in a statement that it was "committed ... to make security improvements consistent with those outlined in the compliance order and has, in fact, already taken steps to address many of the findings."

Chris Harrington, a spokesman for the University of California, said UC officials would outline their concerns and objections in a formal response to the department. He said among the points the university likely will make are that the incident took place five months after the university's sole-management contract expired.

The investigation into the security breach found that "management deficiencies by both contractors were a central contributing factor" in the employees' unauthorized removal of the classified material from the highly restricted nuclear weapons complex at the laboratory.

The Los Alamos laboratory, one of the government's most prestigious research facilities where the first nuclear bomb was developed in the 1940s, has been plagued by security problems in recent years from lost data disks to allegations — never proven — of espionage.

Last month it was learned that a consultant to the board of the new management consortium had sent an e-mail containing highly classified, non-encrypted nuclear weapons information to several board members, who forwarded it to other board members over unsecured computer systems.

Energy Secretary Samuel Bodman called that incident a human error and not evidence of widespread security failure.

But the incident uncovered during the drug raid last October was another matter. It involved security breakdowns similar to ones that had occurred in the past and had been considered corrected, investigators concluded.

Investigators found that an employee of a subcontractor, Jessica Quintana, a 22-year-old archivist, had taken 1,219 pages of documents, and a dozen computer data devices from the lab to her home where the material was discovered during the police raid. The material included 1,001 pages and four of the computer data devices classified as "secret" according to the enforcement document made public Friday.

"The significance or gravity of the security breach is a central factor in proposing" such a high penalty, said the notice of violation, issued by the National Nuclear Security Administration. The agency overseas the DOE's nuclear weapons activities.

Among the security violations cited were that the University of California "failed to correct a known vulnerability" when it did not adequately oversee the archiving of classified material by Quintana and did not have the needed physical checks to keep material from being taken out of the "vault-type room" where the scanning was being done.

Los Alamos National Security, which took over after the Los Alamos management contract was opened for bids for the fist time in more than 60 years because of past security problems, did not act to correct the problems, the investigation found. The violations cited against the new group mirrored many of those cited against the University of California.

Los Alamos National Security is made up of Bechtel National Inc., BWX Technologies Inc., and the Washington Group International Inc. as well as the University of California, which had managed the lab on its own since its inception in 1943.