LANL has a little email problem

Inaugurating a new category for security mistakes, we have this story from Computerworld. Seems that the Los Alamos National Laboratory has had a little email security problem, on top of their other recent problems:

In the latest incident, lab spokesman Kevin Roark late yesterday confirmed a Los Angeles Times report that the lab recently discovered new incidents of classified information being sent through a nonclassified e-mail system.
“We have had occurrences recently, yes,” Roark said. “We have had them in the past. It’s anticipated we will have them in the future.”

I hate it when that happens. This particular set of incidents apparently happened because of something called aggregate classification: factoids A, B, and C may not be classified, but put them together and they are! For example, knowing the thermal output of an aircraft carrier’s nuclear reactor would let you estimate its maximum speed pretty well. The diameters of various inlet and outlet pipes aren’t themselves classified, but the specs for the reactor piping as a whole is. Make sense? Yeah, me neither. Anyway, it’s hard to purge the classified content from the mail system; that’s actually the topic of an upcoming UPDATE column, but in the meantime suffice it to say that you’ll probably need a third-party tool, since AFAIK none of the existing enterprise messaging systems on the market offer built-in keyword scanning across multiple mailboxes or stores.

Comments Off on LANL has a little email problem

Filed under FAIL, Oops!

Comments are closed.