Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
ABSTRACT
In today’s cyber world, individuals, organizations and even entire governments are exposed to
security threats from not only internal attackers and resources but from unknown external sources. These
attackers may not even be located in the same country as their target. Threats and attacks may not even
come from a human entity at all; in fact the owner of resource performing direct activity may not even be
Security Aspects and Concerns of Sandia National Laboratory
aware it is part of the operation at all. This creates a complex environment of having to protect oneself
from various angles and to participate in elaborate methodologies of counter measures, detection schemes
This paper examines the Sandia National Laboratory (SNL) and its roles, constraints, and
challenges associated with many aspects of cyber security and cyber attacks. One of the aspects which
will be highlighted in this paper is policy issues related to “attribution” during and after cyber crime
attacks.
SNL, with two primary locations located in Albuquerque, New Mexico and Livermore,
California, has been providing science-based technologies in support of national security since 1949.
“Our highest goal is to become the laboratory that the United States turns to first for innovative, science-
based systems engineering solutions to our nation’s most challenging national security problems that
2
Security Aspects and Concerns of Sandia National Laboratory
threaten peace and freedom for our nation and the globe” (Sandia.gov, pp. (Sandia Corp., 2011)) Though
SNL supports numerous research and development projects, they focus on five key areas: Nuclear
Weapons, Energy and Infrastructure Assurance, Nonproliferation, Defense Systems and Assessments, and
SNL originally focused primarily on just ordnance by helping to turn nuclear physics developed
by Los Alamos and modify them into deployable weapons. This led to their first official role by
maintaining a safe and secure facility as the stewards of our nuclear stockpiles. Over the past decades
past, their nuclear mission grew into areas where they now support weapon and surveillance technologies,
new methods to safeguard nuclear production, evaluation of the nuclear arsenal for the safety and
reliability and how all of these technologies can better protect our nation’s defenses.
The next area that they started to grow into is nonproliferation, which serves to combat
proliferation and terrorism threats. Since the threat of nuclear and biological terrorism has increased the
need for newer techniques and technologies to find these growing threats and help to reduce the impact
and need for these weapons has become more relevant. So working with the nuclear program branch the
nonproliferation project works with the government to offer protection aspects as well as better ways of
As data accumulated in the overarching aspects of the previous programs, SNL utilized those
areas and became a leader in defense systems and assessments. These defensive systems, that they have
become known for, include synthetic aperture radars, space-based infrared sensors, and nuclear
detonation detection. Helping to protect the nation’s critical security also allowed them to not just
develop defense systems or nuclear programs but also to evolve various science and engineering
technologies. These contributions have helped to mold areas of bioscience, microsystems, and pulsed
The final piece that they contribute to the defense of the nation is in its Homeland Security.
Though this area has numerous parts, they primarily focus on the physical defense of installations and
how potential threats would perceive these defensive measures and attempt to counter attack us. This area
3
Security Aspects and Concerns of Sandia National Laboratory
of SNL is the most important, when considering cyber security and dealing with innumerable attacks
One of their major contributions is from the program referred to as Information Design Assurance
Red Team (IDART). Red Team operations can play a vital role in verifying security aspects of a
company’s physical and technological infrastructure. “IDART, part of the Information Systems Analysis
Center at SNL, continues to perform leading edge assessments to help its customers acquire an
independent, objective view of their weaknesses from a range of adversaries’ perspectives.” (Sandia
Corp., 2009) SNL is using a lifecycle methodology in order to generate specific advisory reports which
define aspects to thwart security measures that might be used by attackers, see Figure 1.
measurable capabilities, such as knowledge, access, and resources as well as intangibles such as risk
tolerance and motivation” (Sandia Corp., 2009). SNL Red Team has played a critical role in the
development of numerous other branches of teams located within civilian, government, and military
organizations. Because of this they have been able to develop and evolve that methodology and support
4
Security Aspects and Concerns of Sandia National Laboratory
all these various teams in order to create a more collaborative environment that leads to an overall more
Threats
The nature and sensitivity of the work performed at SNL makes the site a target for a myriad of
foreign and domestic threats. Among the many functions performed by SNL, none ranks higher than their
primary mission of “ensuring the U.S. nuclear arsenal is safe, secure, reliable, and can fully support our
Nation's deterrence policy” (Sandia Corp, 2011). Despite the relatively unique and highly sensitive
mission of SNL, many of the threats posed against the organization are common to most organizations.
The element of impact is what sets the organization apart from most, in that a successful security incident,
cyber attack or cyber crime against SNL by an adversary could prove catastrophic not only to the
company, but to public safety and morale. In order to properly secure the potential targets of an attack,
the organization must identify the threats posed against those targets (Rich, et. al., 2005). In terms of
physical and cyber security, there is a significant amount of information and best practices openly
available which, when coupled with regulatory guidelines and legislation, provide a framework that an
organization can use to secure an operating environment. The degree to which an environment can be
secured will vary depending on available resources and the level of importance given to security among
the organizations other priorities. Despite an organization's best intentions and adequate planning, there
are threats that will remain wildcards. The threat posed by the trusted insider, or the Insider Threat, is
essentially an unknown variable which, according to Brenner, inflicts more damage to an organization
The importance of, and emphasis for physical security at SNL and other nuclear facilities, can be
appreciated by those with even a basic understanding of nuclear power and weapons. The physical
security needs for a nuclear facility such as SNL are based on the analysis of threat assessments and a
design for physical safeguards based on the attributes and characteristics of adversaries and other
potential threats (IAEA, 2010). Unfortunately, the intertwining realms of cyber security and cyber crime
5
Security Aspects and Concerns of Sandia National Laboratory
are still subjects whose full understanding can elude even the devout security conscious due in part to the
relative ambiguity of the threats (Shaw, Ruby, Post, 1998). The typical security strategy relies on a
defense-in-depth methodology in which layers of security safeguards, including physical, work in concert
such that a failure or compromise at one layer does not constitute a catastrophic lapse in security for the
environment (as cited in Vacca, 2009, p. 233). A defense-in-depth strategy is predicated upon an
assumption that something or someone is attempting to make their way into some physical or logical
space that they are not authorized to be in. For a majority of the cyber security threats, this assumption is
sound, and therefore the strategies for defending against those threats although not infallible, are well
documented. The insider threats, however, present additional challenges as the level of research into
vulnerable insiders is disproportionate to that of technological threats (Shaw, Ruby, Post, 1998, p.2). The
insider threats to SNL could include employee theft, violence in the workplace, and theft of intellectual
property (UMUC, 2010, p. 3), and present great potential risk to the organization. As a revenue-based
corporation, and trusted agent of the federal government, an incident of violence or theft from an internal
threat could prove catastrophic to the company through loss of trust and customers, and could create a
level of concern or panic in the general public depending on the severity of the incident.
In a society that depends on technology and cyber space for much of our functionality, the
operations of an organization like SNL must account for the same dependency. From the development
and integration of updates to classified weapons systems to the corporate office automation systems, SNL
systems are an integral part of their operations (Sandia Corp., 2011). This same dependency, however,
presents additional challenges to detecting and protecting against cyber crimes such as theft or destruction
of intellectual and otherwise sensitive data. According to SNL's own research, the nature of the insider
threat is such that they will be more discrete than an external threat as they have more to lose, and will
therefore be more wary of being caught, than an anonymous outsider (Duran, Conrad, Conrad, Duggan &
Held, 2009). Aside from a blatant act of violence by an employee that might be more easily attributable,
a crime of theft of intellectual property can elude detection and monitoring capabilities, and especially
when executed under the guise of routine business. The insider seeking to steal data from SNL is not
6
Security Aspects and Concerns of Sandia National Laboratory
likely to attempt the removal of large amounts of hardcopy documents in a single instance by carting
them out the back door. What is more likely, studies have shown, is that an insider will print small
quantities of documents during regular working hours and remove them from the facility over long
periods of time (Giani, Berk, Cybenko, 2006). With the prevalence of technology in the workplace, the
likelihood that threats of theft and other cyber crimes has increased as an insider is able to remove large
amounts of data via thumb drives or other media storage devices such as mp3 players with relative ease.
With the efficiencies brought about by the Internet, and technology made possible through
computer software and hardware, has come risk. There are now risks of unwanted and illegal access to or
use of information. These risks have created liability issues for companies. Companies and customers
alike can view liability from the same perspective - by determining what assets of theirs are at risk due to
transmitting and receiving information via the Internet, how they are at risk, and what could happen if
As is known, “SNL's mission is to meet national needs in five key areas: nuclear weapons, non-
proliferation and assessments, military technologies and applications, energy and infrastructure assurance,
and homeland security. As a government contractor for the U.S. Department of Energy's National
Nuclear Security Administration, Lockheed Martin operates SNL (Sandia Corp., 1997-2011). Therefore,
Lockheed Martin company data, secrets of the industries that they have/use in their operations, internal
operating procedures, and employee names and personal information could all be considered assets from
a cybersecurity standpoint. At SNL, there is liability for private industry (government contractor as well
In 2003, SNL was a victim of a cyber attack, which has been dubbed “Titan Rain”, in which
sensitive software programming data was stolen, allegedly from China. This information could be
potentially damaging to the U.S. as it could have pertained to nuclear weaponry in some way, which
would make SNL seriously liable for damages if any were caused due to enemy knowledge and use of the
information. As an example of such a situation, after the World Trade Center bombing, the New York
7
Security Aspects and Concerns of Sandia National Laboratory
Supreme Court upheld a court decision that found the Port Authority of New York and New Jersey liable
for the bombing. “The court’s reasoning: The Port Authority was aware of the threat and did not take
reasonable steps to mitigate it” (Heritage Foundation, 2009). Such lawsuits have now caused many
companies to be very hesitant to “research, develop, and market anti-terrorism technologies” because of
risk of liability and “potentially devastating jury verdicts” (Heritage Foundation, 2009).
Fortunately, to help the nation’s businesses continue to fight terrorism, Congress passed the “Anti-
Terrorism by Fostering Effective Technologies (SAFETY) Act”, also known as ‘Subtitle G’ of The
Homeland Security Act of 2002. The SAFETY Act is a program provided by the Department of
Homeland Security, and it gives companies legal liability protection for their “Qualified Anti-Terrorism
Technologies”, which can be either products or services (DHS, n.d.). Lockheed Martin has designed
many systems and had them certified. Two of the systems that would be applicable to SNL’s work are
the “Risk Assessment Platform (RAP)” and the “Systems Engineering and Integration Services (SEIS) for
the Fixed and Mobile Defender™ Systems”. RAP “includes hardware, software and services for
implementing a system that captures and manages information for identifying potential terrorist threats.
Its analytical processes assess the terrorist risk relating to processes, events, people, or other entities in
near real-time. The Defender™ systems are designed to detect the presence of chemical, biological,
radiological/nuclear, and explosive (CBRNE) threats and warn appropriate personnel” (DHS, n.d.).
Since SNL manages different departments and trades, it must comply with Federal and State
There are also laws to help protect SNL and others against cybercrime. The Federal Computer
Fraud and Abuse Statute, 18 U.S.C. 1030, protects computers connected to the Internet from hackers
(Congressional Research Service, 2010). Penalties stipulated in 18 U.S.C. 1030 range from
“imprisonment for not more than a year for simple cyberspace trespassing to a maximum of life
imprisonment when death results from intentional computer damage” (Congressional Research Service,
2010).
8
Security Aspects and Concerns of Sandia National Laboratory
In the continuously evolving digital era, the security of information systems (cyber security) is a
topic that is increasingly demanding the time, fiscal resources, and collaborative intelligence of nations
across the globe. Largely, malicious hackers honing their ability to exploit vulnerabilities associated with
the hardware, software, and human components of these systems can be credited for cyber security’s
enhanced notoriety. The logic behind the widespread participation in the hacking community is that this is
one of very few crimes that can be blatantly committed without the guarantee of consequences.
Attribution, which Hunker et al. (2008) define as the act or process of “determining the identity or
location of an [cyber] attacker or an attacker’s intermediary”, can be an extremely difficult and time
consuming task that often yields little result because of spoofed IP addresses and botnets. In addition to
the technical difficulty associated with cyber attribution, and the inherent evasiveness of malicious
hackers, there are also legal or policy aspects that pose further complexity. One of the more dominating
aspects is privacy. Hunker et al. (2008) note that privacy (or inherent anonymity) is not only expected by
web users, but, along with many political and social freedoms, it is protected by rights in various free
countries; making it necessary to find an acceptable balance between privacy and attribution. Certain
bodies of law already contain statutes that either directly address or can be applied to a small portion of
cyber matters. However, some of these policies can be hindering to the full capability of attribution
technologies and practices. For example, the Intelligence Reform and Terrorism Act of 2004 (IRTPA)
states the duties of the Civil Liberties Protection Officer are as follows:
“ensure that the protection of civil liberties and privacy is appropriately incorporated in the policies
and procedures developed for and implemented by the Office of the Director of National Intelligence
and the elements of the intelligence community within the National Intelligence Program” (IRTPA,
2004).
Words like “appropriately” and the lack of overall clarity in this statute make it difficult to
determine the full requirements of the policy as well as difficult to enforce. The same act goes on to state
9
Security Aspects and Concerns of Sandia National Laboratory
“ensure that the civil rights and civil liberties of persons are not diminished by efforts, activities, and
While the protection of rights and liberties such as privacy is certainly important, the full
As policies continue to develop to address the issue of cyber security, liability will also have to be
considered. For instance, will the vendors that make exploitable software or owners of zombie computers
used in an attack be free of all liability in an attack? Moreover, because attribution can involve forensic
analysis, evidence preservation can also influence the development of policies (Hunker et al, 2008).
Determining the identity or location of an attack may surface the need to tamper with evidence. Policies
will therefore need to dictate which contexts or sought end results are acceptable reasons for attribution,
as well as the extent of allowable tampering in those instances (Hunker et al, 2008).
Perhaps the most difficult aspect of all policy matters pertaining to attribution involves the lack of
international coalescence. Because cyber attacks often cross various jurisdictional boundaries, some of
which may involve warring or competing countries, the necessary cooperation to overcome differences in
policy can be very difficult to overcome. Even when attacks only involve a single nation like the U.S.,
differences between policies that govern the public and private sector can nonetheless pose difficulty in
that there will be discrepancies in obligation, roles, and incentives for cooperation (Hunker et al., 2008).
SNL, whose business solutions tie into national security and critical infrastructure, is an agency
that cannot afford to be compromised; much less compromised without being able to trace a given attack
back to the culprit(s). With nuclear weapons being part of SNL’s output, and malware as sophisticated as
Stuxnet (which was used to target an Iranian nuclear plant) heightening the level of known threats, SNL
certainly needs to be able to impose every available attribution technique and technology in the event of a
compromise. The 6th title of The Intelligence Reform and Terrorism Act of 2004 states that DHS’s
mission is to “reduce terrorist attacks within the United States” and “reduce the vulnerability of the
United States to terrorism”. SNL’s involvement in Homeland security makes it equally responsible for
prevention of terrorism. In short, compliance to policies that protect privacy and other rights is certainly
10
Security Aspects and Concerns of Sandia National Laboratory
important; but as policies are further composed and developed to address continuously evolving threats,
some thought should be given to the exceptions that will be necessary to maintain national security and
critical infrastructure.
Conclusion
In conclusion we find that SNL has a long history providing services of a sensitive and critical
nature which contributes to the security and well being for our nation. Their mission critical objectives
depend on careful and methodical processes used in the collection and analysis of data used in
formulating many key infrastructure and defense mechanisms used by our nation. The protection of the
data itself is paramount in both allowing SNL to achieve its mission and ensure the security of vital and
classified intelligence information. Threats to SNL are far reaching however, primarily concerned with
11
Security Aspects and Concerns of Sandia National Laboratory
potential exposure from inside sources. This creates a great deal of need for the organization to expend
resources and energy on qualifying staff in order to reduce threats from the inside which could remove
information and provide it to anyone outside the confines of SNL with use of physical or electronic
means. Policies are therefore necessary to create an environment which makes resources accountable for
both productivity and specific security minded processes in handling SNL’s sensitive data.
As part of SNL’s security policy they have adopted processes to perform counter intelligence
schemes and methods which will aid in ensuring data and intellectual property protection. The U.S. legal
system had some deficiencies in the past which made it extremely challenging for organizations to take
this type of approach for fear of potential liabilities resulting from terrorist attacks. In the event the
organization was found to be incompetent or unauthorized to formulate such processes, they could be held
accountable for far reaching damages after an incident. New laws and U.S. policy have now softened
those liabilities somewhat and actually encouraged organizations like SNL to promote collaborative
Finally, attribution for cyber criminal activity becomes extremely difficult particularly when the
sources of attacks are located in far remote locations. Furthermore, insider help is a greater concern for
SNL in that masking the identity of an attacker is much more probable if physical changes can be made to
mask the identity of the source of the attack. Attribution challenges go further when it comes to arrest
and prosecution. Because international policy on cyber crime is still in its infancy many incidents must be
handled on a case-by-case basis and may not have uniform rules between countries to allow for efficient
law enforcement. Secondly, the basic legal systems of countries vary in how they deal with crimes in
general and with cyber crime being relatively new these laws are quickly evolving. The evolution is
evident and will happen as countries find it important to protect their own information and resources as
their need for electronic communications and processing grows. However, until that time when the laws
are more balanced between countries, cyber criminals will find ways to use specific weak cyber laws in
certain countries to reduce to the possibility or even thwart prosecution from attacks all together.
12
Security Aspects and Concerns of Sandia National Laboratory
Because of the current state of the security technology and subsequent legal structure it is
important for organizations like SNL to continuously monitor and improve their security policies and
process to conform to applicable Government standards. They also must work hard to drive position in
global standardization of data protection and litigation measures in order to mitigate risks associated with
References
Bidgoli, H. (Ed.). (2006). Handbook of information security: Volume 2. Hoboken, NJ: John Wiley &
Sons, Inc.
Congressional Research Service. (2010). Cybercrime: An Overview of the Federal Computer Fraud and
Abuse Statute and Related Federal Criminal Laws. Retrieved from https://www-hsdl-
org.ezproxy.umuc.edu/?view&doc=136098&coll=limited
DHS. n.d. SAFETY ACT: Approved Product List. Retrieved from https://www.safetyact.gov/
Duran, F.A., Conrad, S.H., Conrad, G.N., Duggan, D.P., Held, E.B. (2009). Insider threats: building a
system for insider security. IEEE Security & Privacy. November/December. Retrieved from:
http://people.eecs.ku.edu/~saiedian/Teaching/Sp10/711/Readings/sys-insider-security.pdf
Giani, A., Berk, V.H., Cybenko, G. V. (2006). Data Exfltration and Covert Channels. Proc. SPIE Sensors,
and Command, Control, Communications, and Intelligence (C3I) Technologies for Homeland
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.89.5290&rep=rep1&type=pdf
13
Security Aspects and Concerns of Sandia National Laboratory
Heritage Foundation, The. (2009). The SAFETY Act: Obama cyber plans and the private sector.
WebMemo
Hunker, J., Hutchinson, B., Marguilies, J. (2008). Role and challenges for sufficient cyber-attack
publications/whitepaper-attribution.pdf
Rich, E., Martinez-Moyano, I. J., Conrad, S., Cappelli, D. M., Moore, A. P., Shimeall, T. J. & Wiik, J.
(2005). Simulating insider cyber-threat risks: a model-based case and a case-based model.
https://www-hsdl-org.ezproxy.umuc.edu/?view&doc=94152&coll=i3p
http://www.idart.sandia.gov/methodology/IDART.html
http://www.idart.sandia.gov/methodology/index.html
Sandia Corp. (2009). The Information Design Assurance Red Team (IDART). Retrieved from
http://www.idart.sandia.gov/
14
Security Aspects and Concerns of Sandia National Laboratory
http://www.sandia.gov/mission/nuclear/index.html
Sandia Corp. (2011). Vision: Helping our nation secure a peaceful and free world through technology.
Wheeler, D.A., Larsen, G.N. (2003) Techniques for cyber attack attribution. Retrieved from
http://www.dtic.mil/cgi-bin/GetTRDoc?AD=ADA468859&
Shaw, E., Ruby, K. G., Post, J. M. (1998). The insider threat to information systems: the psychology of
the dangerous insider. Security Awareness Bulletin, No. 2-98. Retrieved from: http://www.pol-
psych.com/sab.pdf
UMUC. (2010). Module 4: human aspects. CSEC620 Online Classroom. Retrieved from:
http://tychousa11.umuc.edu/cgi-
bin/id/FlashSubmit/fs_link.pl?class=1106:CSEC620:9047&fs_project_id=346&xload&tmpl=CS
ECfixed&moduleSelected=csec620_04
Vacca, J. R. (2009). Computer and Information Security Handbook. Burlington, MA: Morgan
Kaufmann.
15