Kurchatov scientists discovered a fatal flaw in the Microsoft software donated to them by the Los Alamos
National Laboratory. This same software has been the backbone of America's nuclear materials control
system for years. The Russians found that over time, as the computer program is used, some files become
invisible and inaccessible to the nuclear accountants using the system, even though the data still exist in
netherworld of the database. Any insider who understood the software could exploit this flaw by tracking the
"disappeared" files and then physically diverting, for a profit, the materials themselves.
After investigating the problem for many months, the Russians came to believe that it posed a grave danger
and suspended further use of the software in Russia's accounting system. By their calculations, an enormous
amount of Russia's nuclear material - the equivalent of many thousands of nuclear bombs - would disappear
from their accounting records if Russia were to use the flawed U.S. software program for 10 years.
Then, in early 2000, they did something they didn't have to do: They warned the United States, believing that
an analogous risk must exist in the U.S. system. Although neither Los Alamos nor the U.S. Department of
Energy has publicly acknowledged the possibility that innumerable files on American nuclear materials might
have disappeared, the Russian warning caused shock waves at the highest levels of the Energy Department.
Unlike the Russians, who did not throw away their manual records of their nuclear stockpile - the infamous
shoe box and hand-receipt system that U.S. assistance was intended to supersede - the United States has
long since discarded its old written records. To reconstruct a reliably accurate accounting record, the Energy
Department may need to inspect all of America's nuclear materials - a huge task that could cost more than
$1 billion and still might not detect the diversion of some material, should it have occurred.
The importance of the goodwill and trust that had grown up between American and Russian nuclear experts
over years of working together in this area is clear. When the Russian scientists first discovered the
computer flaw, the initial reaction in some high-level Moscow circles was to suspect an American Trojan
horse, a bug planted deliberately to undermine Russian security. After complaints by their Russian
counterparts, scientists at Los Alamos suggested that the Russian scientists instead use a later version of
the same program. Kurchatov then discovered the upgraded program not only contained the same bug (though
much less virulent) but also had a critical security flaw that would allow easy access to the sensitive nuclear
database by hackers or unauthorized personnel.
But trust overrode suspicion. The Russians concluded that the glitches were innocent errors, not devious
traps. Thus, they feared the U.S. database, unbeknown to Americans, was not only prone to lose track of
nuclear materials but was also accessible to unauthorized users. Russia reported both problems to Los
Alamos, which subsequently verified the defects, as did Microsoft. Though a fix remains elusive, Kurchatov
scientists also have shared a partial repair they developed.
This Russian feedback may be causing American embarrassment - U.S. officials apparently have tried to
muzzle the Russians and censor their scientific papers on the fiasco - but it surely represents a high return
on the American investment in Russian nuclear security. The lesson is that nuclear cooperation is a two-way
street, is paying off and deserves continuing support.
