Understanding Inspection, Measuring, and Test Equipment that is Not Just IM&TE Anymore
1769 Views
Feedback
0 Comments

Favorite
Image for Understanding Inspection, Measuring, and Test Equipment that is Not Just IM&TE Anymore

Type:  Lessons Learned

Publisher:  Los Alamos National Laboratory, Los Alamos, NM (LANL)

Published As:  Public

Date: 

Topics: 

The LANL Standards and Calibration Laboratory (S&CL)outsourced an oscilloscope for calibration by an approved subcontractor. Upon receipt and processing by the subcontractor, issues were identified with accessing the appropriate built-in logic/routines necessary to perform calibrations. S&CL was notified that the item was password protected; the S&CL was later notified that the guest-user account had administrative privileges, but there was data at risk of loss due to a necessary reinstall of the operating system. At this stage of communication, the subcontractor was asked to stop all work associated with the item and power it down.

Through discussions, a potential security incident was identified based on the discovery that an oscilloscope capable of data storage, with a Windows-7 operating system, had been released to an approved source for calibration due to internal capability/capacity limits for performing the calibration. It was further identified that:
- Data was stored on the oscilloscope that had not been derivatively classified;
- Guest accounts on the system allowed for administrative rights to the data stored on the unit; and
- Potential loss of data could have occurred.

Lessons Learned: Evaluate your inspection, measuring, and test equipment for other capabilities and risks more frequently. Due to advances in technology, items are capable of more functions and present additional risks to users in the area of safety, security, and software. Therefore, additional requirements may apply.

You must be logged in to open the attachment.

Download Article
Comments about this Article
You must be logged in to add or view comments.
Related Articles
Feedback Form
How did you apply this information?
You must be logged in to use this feature
Is this article applicable to your organization?