Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

6/3/2009
10:55 AM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Government Accidently Posts Sensitive Nuclear Documents Online

The 267-page document contains addresses and descriptions of civilian nuclear sites around the country.

A highly sensitive document that details some of the nation's nuclear secrets mistakenly showed up on a government Web site.

On May 5, President Obama sent a draft list of nuclear sites that the United States intended to declare to the International Atomic Energy Agency to Congress, noting in his transmittal letter that the document was "Sensitive" and that the document was exempt from disclosure. A little more than two weeks later, that very document appeared online.

The 267-page document, a draft of "The List of Sites, Locations, Facilities, and Activities Declared to the International Atomic Energy Agency," contains addresses and descriptions of civilian nuclear sites around the country, such as a Westinghouse site in Pittsburgh used for the enrichment of nuclear material and details on some programs at places like Oak Ridge National Laboratory. It also contains maps of some of the more sprawling nuclear locations, and the square footage of many.

Though it is unclassified and doesn't detail weapons programs, the document contains information the IAEA labels "Highly Confidential Safeguards Sensitive," words that show up on every page -- except maps -- of the disclosure document itself. In a speech about cybersecurity last week, President Obama noted that the United States was "renewing American leadership to confront unconventional challenges" that include "nuclear proliferation."

The disclosure, first noted by the Federation of American Scientists' Secrecy News newsletter, appears to have been put into motion on May 6, but it's unclear just how. A House of Representatives transmittal letter said that the president's letter and the attached documents were "referred to the Committee on Foreign Affairs and ordered to be printed." The communications director for the House Committee on Foreign Affairs wasn't immediately available for comment but told The New York Times that the committee hadn't published or controlled the publication of the document.

A GPO spokesman noted that the GPO publishes about 160 House documents each session, adding that this document had been received "in the normal process and produced under routine operating procedures." The document has since been permanently removed from the Government Printing Office Web site, where it had been published, upon consultation with the White House and Congress.

"Somebody screwed up," Federation of American Scientists' Steven Aftergood, an advocate of open government who described the document's disclosure as a "net plus" from a public policy standpoint, said in an e-mail. "When the president declares a document to be sensitive on May 5, it is not supposed to show up on a government Web site on May 22. But that's what happened."

This isn't anywhere near the first time the government has incautiously published sensitive documents and represents a classic example of why insider threats are just as dangerous as those from outsiders. Several Web sites, including Cryptome, FAS Secrecy News, and Wikileaks, are dedicated to finding and publishing such documents.


InformationWeek Analytics has published an independent analysis on what executives really think about security. Download the report here (registration required).

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
A Startup With NSA Roots Wants Silently Disarming Cyberattacks on the Wire to Become the Norm
Kelly Jackson Higgins, Executive Editor at Dark Reading,  5/11/2021
Edge-DRsplash-10-edge-articles
Cybersecurity: What Is Truly Essential?
Joshua Goldfarb, Director of Product Management at F5,  5/12/2021
Commentary
3 Cybersecurity Myths to Bust
Etay Maor, Sr. Director Security Strategy at Cato Networks,  5/11/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-3200
PUBLISHED: 2021-05-18
Buffer overflow vulnerability in libsolv 2020-12-13 via the Solver * testcase_read(Pool *pool, FILE *fp, const char *testcase, Queue *job, char **resultp, int *resultflagsp function at src/testcase.c: line 2334, which could cause a denial of service
CVE-2021-32305
PUBLISHED: 2021-05-18
WebSVN before 2.6.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the search parameter.
CVE-2020-20951
PUBLISHED: 2021-05-18
In Pluck-4.7.10-dev2 admin background, a remote command execution vulnerability exists when uploading files.
CVE-2020-23861
PUBLISHED: 2021-05-18
A heap-based buffer overflow vulnerability exists in LibreDWG 0.10.1 via the read_system_page function at libredwg-0.10.1/src/decode_r2007.c:666:5, which causes a denial of service by submitting a dwg file.
CVE-2020-24740
PUBLISHED: 2021-05-18
An issue was discovered in Pluck 4.7.10-dev2. There is a CSRF vulnerability that can editpage via a /admin.php?action=editpage