Energy officials grilled over missing computers

House lawmakers grilled Energy Department officials Tuesday about their handling of an investigation into two missing computer hard drives containing sensitive nuclear weapons information that disappeared in early May from the Los Alamos National Laboratory.

The officials were questioned during a House Commerce Subcommittee hearing on cybersecurity at the Energy Department one day after department officials acknowledged that the two hard drives were discovered missing May 7 as wild fires threatened to engulf the lab and other parts of New Mexico.

The hard drives contained information on how to disarm nuclear weapons. Even though they were found missing May 7, lab officials did not begin a full-scale search for the drives until May 24, while department officials were not told about the matter until June 1, according to retired Gen. Eugene Habiger, the department's director of security and emergency operations. Since then, the FBI has been called in to help investigate.

"It is alarming that despite the alleged focus on security over the last year, it appears the Department of Energy and its labs still have a long way to go before the American public can or should feel confident that our nuclear secrets are in their hands," said House Commerce Committee Chairman Tom Bliley, R-Va.

Subcommittee members questioned Habiger about why department officials were not notified for three weeks about the missing drives and why lab officials did not make any effort to question the more than 80 people with access to the secure vault where the two hard drives were kept. Habiger said lab officials were focused on the fire.

"The part that still puzzles me was why weren't (those with access) asked between May 8 and May 24," said Rep. Bart Stupak, D-Mich. "Why did it take almost two weeks until anyone started asking questions. These (people) weren't out fighting the fire. Certainly you had had access to them."

After being pressed on the issue several times by Stupak and others, Habiger said, "These questions are good questions" that are now being asked by investigators.

While much of the questioning focused on the missing hard drives, the department's Director of Independent Oversight and Performance Assurance, Glenn Podonsky, released a review of unclassified cybersecurity systems at the agency's headquarters.

The review found that while security has improved, "important deficiencies still need to be addressed," Podonsky said. He said several Web servers managed by individual program officers are open to hacking and that the department has not set minimum security requirements for each segment of the network.

Habiger acknowledged that improvements are needed but said part of the problem was due to a lack of resources. He noted that the department asked for $35 million to address cyber security in the fiscal 2000 supplemental spending bill but was only given $7 million.