Allison Bawden, a GAO director for nuclear security, said the insider risk is illustrated by the 1993 movie “Jurassic Park,” when a disgruntled computer programmer tries to steal from his employer to solve his personal financial troubles.
“Remember that fictional employee who stole dinosaur embryos from InGen?” wrote Bawden on Twitter on Thursday, while sharing a link to the office’s report and a photo of the fictional programmer.
“Insider threats aren’t just for dinosaur parks—they’re also a risk for federal agencies,” she added. “For example, what if insiders wanted to steal the nation’s nuclear weapons and information?
Report
According to the report, the DOE established the insider threat program in 2014 but has not yet implemented “all required measures.”“The DOE has not implemented seven required measures for its Insider Threat Program, even after independent reviewers made nearly 50 findings and recommendations to help DOE fully implement its program,” the report says.
The report warned that the DOE’s failure to fully implement all the measures could lead to “devastating consequences.”
“The theft of nuclear material and the compromise of information could have devastating consequences,” the report says. “Threats can come from external adversaries or from ‘insiders,’ including employees or visitors with trusted access.”
“Such threats could have significant consequences for national security and could include unauthorized release of classified information; workplace violence; or improper access to sensitive nuclear weapons, material, and components,” the report adds.
The report pointed out that DOE’s employees, as as well those employed by the agency’s contractors, could be compromised and become insiders.
Incidents
There were about 250 unclassified insider threat-related security incidents in 2017, the most recent data from DOE, according to the report. The incidents included sending classified information over unclassified systems, leaving security areas unattended, and not properly protecting classified information.“DOE considered about 100 of those incidents to be serious,” the report says.
The report pointed to a 2017 criminal case, when Grigory Trosman was sentenced to 18 months in prison for accepting at least $469,287 in bribes in exchange for official acts he performed while at the DOE.
“From approximately 2002 through March 2014, Trosman used his official position in various capacities to assist co-conspirators and various companies to obtain access to federal research funding and contract work in Lithuania, Russia, and Ukraine,” the Department of Justice said in a press release.
At least one researcher hired by China previously held Top Secret security clearance at the DOE, according to the report.