Titan Rain: Sandia Tried to Keep Probe of Breach Quiet
Jaikumar Vijayan writes on ComputerWorld:
Last month, a jury in New Mexico awarded Shawn Carpenter $4.3 million as part of a wrongful termination lawsuit against Sandia National Laboratories, where he had worked as a network intrusion- detection analyst.More here.
Carpenter was fired in early 2005 after he shared information about a network compromise with the FBI and the U.S. Army. Sandia, which is run by a subsidiary of Lockheed Martin Corp. under a contract with the U.S. Department of Energy, claimed that Carpenter had inappropriately disclosed confidential information. But Carpenter said he did so for national security reasons after using reverse-hacking techniques to find evidence that the perpetrators of the May 2004 breach at Sandia belonged to a Chinese hacking group called Titan Rain.
Carpenter worked at the U.S. Department of State’s Cyber Threat Analysis Division until Feb. 23, when he left to take a job as a principal research analyst at NetWitness Corp., a network security start-up in Herndon, Va. He discussed the incident at Sandia in an interview with Computerworld that was conducted via e-mail last month.
posted by Fergie @ 3/05/2007 11:59:00 AM
1 Comments:
URL: http://www.abqjournal.com/news/metro/413895metro12-06-05.htm
Tuesday, December 6, 2005
Senator Says Sandia Handed Out Bonuses After Disciplining Employees
By John Fleck
Journal Staff Writer
Sandia National Laboratories publicly disciplined employees over security problems two years ago while privately giving them bonuses, according to a U.S. senator whose staff has been investigating the issue.
In letters to Sandia's federal managers last year, Sen. Charles Grassley, R-Iowa, called for a federal investigation into allegations that the disciplinary action was "a smokescreen designed to protect everyone involved and to deceive the public."
The letters became public over the weekend.
At the time they were written, Sandia managers were scrambling to deal with a series of high-profile security problems, including stolen computers, a lost set of keys to a high-security lab area and guards caught sleeping on the job.
In one case, according to Grassley, an employee was given a five-day suspension because of the security problems, then given an $18,500 bonus three months later.
Sandia officials would not comment Monday on specific cases but acknowledged that some people disciplined did get raises.
"Some employees who had been disciplined ... were given compensation increases to their pay," Sandia spokesman Michael Padilla said in a written statement. "Annual increases are given for reasons consistent with Sandia's compensation system."
Grassley said the disciplinary issue "appears to be a top-level management failure," and he blamed then-Sandia president C. Paul Robinson.
Robinson could not be reached for comment Monday.
Grassley, chairman of the Senate Finance Committee, has been a vocal critic of security at U.S. nuclear weapons laboratories.
"The labs contain some of the most sensitive and sought after technology in the world today," Grassley said during a 2003 hearing on security at Sandia and the other labs. "This stuff should be locked up tight like at Fort Knox and guarded night and day by alert sentries. To criminals and spies, the labs must be like a candy store with the front door left wide open and nobody at the register."
The Grassley letters were published over the weekend at "LANL: The Real Story," an independent Internet site devoted to Los Alamos issues. Grassley's office confirmed the letters' authenticity.
In April, Robinson stepped down as head of Sandia to lead the Lockheed Martin Corp. team bidding for the contract to manage Los Alamos National Laboratory. Lockheed Martin also manages Sandia for the federal government.
The anonymous distributor of the Grassley letters wrote in an accompanying memo published on the Web site that Grassley's allegations were relevant to the current contract discussions because of Robinson's role in the Lockheed Martin bid.
Bruce Fetzer, director of public relations for the Lockheed Martin-led Los Alamos bid team, declined comment on the substance of Grassley's accusations. But he defended Robinson. "I've known Paul for many years and I can tell you personally he's a man of highest integrity," Fetzer said Monday.
According to an Oct. 5, 2004, memo from Grassley, nine of 14 employees disciplined in connection with the security problems also received immediate cash bonuses to "offset" their disciplinary penalties.
In one case, an employee received a $3,000 "recognition award" while on disciplinary leave.
Grassley also questioned Robinson's attempt to have the security clearance reinstated for a senior manager who had quit over the security problems. In the past, Sandia officials have defended the attempt, saying it was necessary to allow the manager to return to Sandia to give current program officials a briefing on the classified work he was doing before he quit.
Grassley's letter says an internal investigation, completed in September 2004, supported his allegations. The Department of Energy's Office of Inspector General, which did the investigation, last week refused to provide the Journal with a copy.
Grassley is not the only person to allege that the public discipline that followed the security incidents of 2003 was staged for political reasons.
In a lawsuit filed last year, Sandia employee Patricia Gingrich charged she and another employee were "scapegoats whose public punishment and humiliation were calculated to placate one or more members of Congress exercising substantial control over Sandia's budget and oversight, who had become outspoken and demanding regarding Sandia's supposed security lapses."
Gingrich, who had been head of intelligence at Sandia, was demoted, with the decision made public in a Sandia news release. She later left Sandia.
Post a Comment
<< Home