Welcome to another installment of Government Computer Security Sucks!

Today’s lucky government bureaucracy is the National Nuclear Security Agency. The NNSA, part of the Department of Energy, has control of all the nuclear weapons. And 1,500 of its employees may find themselves victims of identity theft after a security incident dating to last September which was only disclosed Friday.

A hacker broke in and stole names, birthdates, Social Security numbers and security clearance information for some 1,500 NNSA employees nine months ago, and the bureaucrats simply failed to tell anyone, even Secretary of Energy Samuel Bodman. He apparently learned of it along with Congress at Friday’s House Energy and Commerce Oversight and Investigations Subcommittee hearing on computer security at the Department of Energy.

“Mr. Brooks, I’m going to recommend you be removed from office, and I think you would do the country a service if you resigned,” Energy Committee chairman Joe Barton (R-Texas) told NNSA administrator Linton Brooks.

“And I mean like 5 o’clock this afternoon, if it’s possible,” Mr. Barton said. “I don’t see how you could meet with the secretary every day the last seven or eight months and not inform him.”

Mr. Brooks appeared at a loss to explain why Mr. Bodman had not been informed.

When Representative Bart Stupak, Democrat of Michigan, asked Mr. Brooks who should have been responsible for notifying the secretary, Mr. Brooks replied, “That sounds like such an obvious, clear question, and I believe that one of the things we’re learning from this is the answer isn’t as clear as it should have been.”

Mr. Brooks said he had assumed that other senior officials notified Mr. Bodman. — New York Times

What’s more, this wasn’t the only incident in which outsiders gained access to NNSA computers, and countermeasures the agency took had only limited success. For those of you not schooled in bureaucrat-ese, that means they didn’t work very well.

Energy Chief Information Officer Thomas Pyke said he was aware of various hacking incidents but only learned of the personnel data involved two days ago.

Pyke said the department faces hundreds of thousands of attacks each day. In the event where the records were exposed, he said the attack penetrated both a firewall and a detection system.

Glenn Podonsky, director of the office of security and safety performance assessment, told lawmakers that in November, his team successfully accessed Energy’s unclassified computer system. He said they gained access to financial and personal data, and could have impersonated or monitored department executives. — National Journal’s Technology Daily

Being able to impersonate or monitor someone who has a security clearance high enough to work with nuclear secrets? And these bureaucrats waited months to tell anybody about the security breach.

Subcommittee chairman Ed Whitfield (R-Ky.) asked why 50 percent of computer attacks on the department’s computers go unreported. The bureaucrat’s response? Uh…