Nuclear Security: Security Issues At DOE and Its Newly Created National
Nuclear Security Administration (Testimony, 03/14/2000,
GAO/T-RCED-00-123).
GAO provides information on the Department of Energy's and the National
Nuclear Security Administration's security programs to protect against
theft, sabotage, terrorism, and other risks to national security at its
facilities. GAO's testimony focuses on oversight of safeguards and
security programs at Energy and security issues with the Security
Administration
--------------------------- Indexing Terms -----------------------------
REPORTNUM: T-RCED-00-123
TITLE: Nuclear Security: Security Issues At DOE and Its Newly
Created National Nuclear Security Administration
DATE: 03/14/2000
SUBJECT: Security clearances
Nuclear facility security
Internal controls
Nuclear facility safety
Safety standards
Performance measures
Atomic energy defense activities
Laboratories
******************************************************************
** This file contains an ASCII representation of the text of a **
** GAO Testimony. **
** **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced. Tables are included, but **
** may not resemble those in the printed version. **
** **
** Please see the PDF (Portable Document Format) file, when **
** available, for a complete electronic file of the printed **
** document's contents. **
** **
******************************************************************
GAO/T-RCED-00-123
United States General Accounting Office
GAO
Testimony
Before the Subcommittee on Energy and Power and
the Subcommittee on Oversight and Investigations
Committee on Commerce
House of Representatives
For Release on Delivery
Expected at
10 a.m. EST
Tuesday
FILLIN \* MERGEFORMAT March 14, 2000
NUCLEAR SECURITY
FILLIN \o \* MERGEFORMAT Security Issues At DOE and Its Newly Created
National Nuclear Security Administration
Statement of FILLIN \o \* MERGEFORMAT Gary L. Jones,
Associate Director,
Energy, Resources, and Science Issues,
Resources, Community, and Economic
Development Division
EMBED Word.Picture.8 GAO/ FILLIN \* MERGEFORMAT T-RCED-00-123
Mr. Chairman and Members of the Subcommittees:
We are pleased to be here today to provide our observations on the
Department of Energy's (DOE) and the National Nuclear Security
Administration's (NNSA) security programs to protect against theft,
sabotage, espionage, terrorism, and other risks to national security at its
facilities. As you know, the Congress established NNSA on March 1, 2000, as
a semi-autonomous agency within DOE with responsibility for the nation's
nuclear weapons, nuclear nonproliferation activities, and naval reactors
programs. NNSA was established to correct long-standing management and
security problems at DOE's nuclear facilities. Our testimony today focuses
on (1) oversight of safeguards and security programs at DOE and (2) security
issues with NNSA. Our testimony is based on our numerous reviews of security
at DOE--in particular, our recently issued report to the full Committee
entitled "Improvements Needed in DOE's Safeguards and Security
Oversight"--and testimony presented earlier this month before the House
Armed Services Special Oversight Panel on Department of Energy
Reorganization.
In summary, Mr. Chairman, sound management and independent oversight of
security at DOE's nuclear facilities is critical to ensure that security
problems are identified, raised to the attention of the highest levels in
DOE, and corrected. DOE has recently made a number of improvements to its
security oversight. However, our February report to the Committee discussed
several areas where security oversight could be further strengthened. In
particular,
* DOE needs a comprehensive tracking system for safeguards and security
findings at its nuclear facilities,
* all security findings and/or problems identified need to be fully
analyzed and appropriately closed, and
* safeguards and security ratings should be consistent among the various
security organizations within DOE.
In addition, as security responsibilities shift, it is not clear how DOE's
oversight at nuclear facilities will relate to the newly created NNSA.
Specifically,
* while NNSA was to be distinct from DOE, the security office within NNSA
may have duplicative and overlapping functions with DOE's security
office, and
* significant questions remain about how the DOE security oversight
organization will oversee NNSA operations.
We recognize that NNSA's creation, as outlined by DOE's Implementation Plan
for NNSA, is an evolving process. However, we believe the best time to
address past problems is when the organization and systems are being laid
out for the first time, before commitments to old ways harden. Timely
implementation of our prior recommendations for improving security at DOE
and clarifying the role of DOE security organizations, such as NNSA, will be
important. Changing the culture may be more difficult. NNSA will, at least
initially, be made up of DOE and contractor employees that have worked in a
DOE culture that has led to many security problems. For the newly created
NNSA to be more effective, it must break out of the culture and mindset that
permeates DOE. Otherwise, security problems inherent in DOE may continue in
NNSA.
Background
DOE has numerous contractor-operated facilities and laboratories that carry
out various DOE programs and missions. The laboratories conduct some of the
nation's most sensitive activities, including designing, producing, and
maintaining the nation's nuclear weapons; conducting efforts for other
military or national security applications; and performing research and
development in advanced technologies for potential defense and commercial
applications. Because of these sensitive activities, these
facilities--especially the laboratories--are targets of foreign espionage
efforts.
Security concerns and problems have existed at many of these facilities
since they were created, and recent years have been no different. In 1997,
DOE's Office of Security Affairs issued a report that rated safeguards and
security at some facilities and laboratories as marginal and identified
problem areas that included physical security and accountability for special
nuclear material., In April 1999, all computer networks (except for those
performing critical safety or security functions) at the laboratories were
shut down because of concerns about inadequate security. During that same
month, we testified before this Committee on numerous long-standing
safeguards and security problems, including ineffective controls over
foreign visitors, weaknesses in efforts to control and protect classified
and sensitive information, lax physical security controls, ineffective
management of personnel security clearance programs, and weaknesses in
tracking and controlling nuclear materials. In December 1999, a scientist at
the Los Alamos National Laboratory was indicted on 59 felony counts of
mishandling classified information. The scientist was accused of
transferring files from Los Alamos' secure computer system to computer
tapes, most of which cannot be accounted for. The Secretary of Energy has
taken several steps to improve security at DOE's facilities, including
restructuring the headquarters safeguards and security organization,
appointing a "Security Czar," elevating the security oversight organization
to report directly to the Secretary, upgrading computer security, and
instituting counterintelligence measures.
To a larger extent, to resolve organizational and managerial weaknesses that
have been identified by ourselves and others as the causes of these security
problems, several options for reorganizing DOE have been proposed and
studied. For example, in June 1999, the President's Foreign Intelligence
Advisory Board proposed a semi-autonomous nuclear agency within DOE with a
streamlined management structure and field operations. On October 5, 1999,
the President signed the National Nuclear Security Administration Act, which
was included in Public Law 106-65. This act created NNSA, a separately
organized agency within DOE. In January 2000, DOE issued its Implementation
Plan to create NNSA. As envisioned by the law, the Implementation Plan calls
for three program offices within NNSA-Defense Programs, Defense Nuclear
Nonproliferation, and Naval Reactors. The Plan also sets up a statutorily
required security support office--the Office of Defense Nuclear Security.
Overall, the Statute and Implementation Plan establish a structure quite
similar to DOE's.
DOE has overall responsibility for a security program that effectively
protects against theft, sabotage, espionage, terrorism, and other risks to
national security at its facilities. DOE has policies and procedures to
protect its facilities, classified documents, data stored in computers,
nuclear materials, nuclear weapons, and nuclear weapons components. The
operating contractors at DOE's facilities are responsible for implementing
these safeguards and security policies and procedures. To ensure that these
policies and procedures are followed and implemented, DOE's field operations
offices and the Office of Independent Oversight and Performance Assurance
(the Independent Oversight Office) provide oversight of the effectiveness of
safeguards and security policy and its implementation. These offices play a
critical role in the early detection of safeguards and security problems and
can play a major role in the timely resolution of those problems.
DOE's field operations offices are the line organizations accountable for
evaluating the laboratories' safeguards and security activities. The
operations offices are required to conduct an annual survey of the adequacy
of the operating contractors' safeguards and security programs. The
Independent Oversight Office provides oversight of laboratory safeguards and
security activities from DOE's headquarters. The Independent Oversight
Office is an "independent" oversight organization that is separate from the
line management structure and conducts safeguards and security inspections
of DOE facilities and issues reports. The Independent Oversight Office
reports directly to the Secretary of Energy.
Improvements Needed in DOE's
Security Oversight
In February 2000, we reported to this Committee that DOE's oversight of
security at its national laboratories needs improvements. Specifically,
improvements are needed in DOE's security management information system,
corrective action process, and performance rating activities.
Security Management Information System
DOE's Office of Security and Emergency Operations--DOE's headquarters
safeguards and security policy organization--maintains a centralized
management information system to track and monitor safeguards and security
findings and the related corrective actions. However, findings developed
between 1995 and 1998 by DOE's Independent Oversight Office are not included
in this system nor are findings and recommendations developed by us and
other outside organizations, such as congressional committees and special
review teams. In addition, the system is not directly accessible by security
staff at DOE's area offices and the laboratories. Each laboratory has
developed its own information system containing data on findings that relate
to their laboratory. As a result, information about problems at one location
is not available to security staff at other locations. DOE's centralized
security management information system would be of more value if it
contained information on all security findings. Such information would help
them avoid similar problems and improve their safeguards and security.
Corrective Action Processes
DOE requires that the laboratories conduct a risk assessment, a root cause
analysis, and a cost-benefit analysis as part of their process to correct
safeguards and security problems found by DOE's oversight activities. These
analyses help to ensure that safeguards and security problems are corrected
in an economic and efficient manner. Despite their importance, these
assessments and analyses have not always been conducted. For example, at the
Los Alamos National Laboratory, we found that root cause analyses had been
performed for only about two-thirds of the security findings we reviewed.
Risk assessments and cost-benefit analyses had not been performed for any of
the Los Alamos National Laboratory findings we reviewed. The Los Alamos
National Laboratory began requiring root cause analyses in 1998, and,
according to laboratory officials, began requiring risk assessments since we
completed our review. Formal cost-benefit analyses are still not conducted.
As a result, Los Alamos National Laboratory cannot determine whether
correcting a security risk is worth the cost of the corrective action.
In addition, the Independent Oversight Office is not required to and, in the
past, has generally not worked with the laboratories to develop corrective
action plans for its safeguards and security findings. Also, this office is
not required to and has not been formally involved in validating the
corrective action, verifying that the problem was corrected, and certifying
that its findings were closed. During the past year, the Independent
Oversight Office has worked with the laboratories to develop corrective
action plans and has conducted follow-up reviews of its findings that are
being corrected, validated, verified, or closed by the operations offices.
However, the Independent Oversight Office still has not become involved in
validating and verifying corrective actions and certifying that findings are
closed. Therefore, the Independent Oversight Office has no assurance that
the problems were adequately corrected and closed.
DOE Performance Ratings Activities
From 1994 through 1999, DOE's nuclear laboratories have received many
different assessments of the effectiveness of their safeguards and security
programs. For example, in 1998 Los Alamos National Laboratory received
ratings ranging from marginal to excellent depending on the DOE organization
conducting the assessment. Likewise, in 1996 Lawrence Livermore National
Laboratory received ratings ranging from marginal to far exceeds
expectations. This inconsistency can send a mixed and/or erroneous message
to policy makers and managers. At least partially, this inconsistency
results from various organizations' use of different criteria and the timing
of the rating. DOE has changed the rating criteria for the year 2000
safeguards and security contract performance rating. These changes could
decrease rating inconsistency in future years.
Security Issues With NNSA
Now I would like to discuss security issues related to NNSA. NNSA was
established as a semi-autonomous agency that was to be distinct from DOE. To
clearly show the separation of NNSA management from DOE's organization, the
Act laid out chains of command in both DOE and NNSA that would insulate NNSA
from DOE management and decisionmaking, except at the level of the NNSA
Administrator. This is because the Administrator is under the immediate
authority of the Secretary. We have two concerns. First, the Implementation
Plan fills numerous key positions within NNSA with DOE officials--thus,
these officials have DOE and NNSA responsibilities and have been dubbed
"dual-hatted." Second, the relationship of the existing DOE organization
that provides safeguards and security oversight to NNSA is unclear.
Dual-hatted Positions
The Implementation Plan calls for dual-hatting of virtually every
significant statutory position, including the Deputy Administrators for
Defense Programs and Nuclear Nonproliferation. In addition, the Director of
NNSA's Office of Defense Nuclear Security will also be a dual-hatted
position. The Implementation Plan explains that the "dual-hatted" positions
were established to ensure consistent policy implementation and to ensure
seamless DOE and NNSA responses to emergencies. However, in our view,
officials holding similar positions concurrently in DOE and NNSA is contrary
to the legislative intent behind the creation of NNSA as a separate entity
within DOE. Moreover, to reinforce the two separate channels of management,
the Act states that no NNSA officer or employee shall be responsible to, or
subject to the authority, direction, or control of any DOE officers or
employees other than the Secretary and the Administrator.
Whether DOE and NNSA have dual-hatted managers or not, the Implementation
Plan does not clearly define how officials that are responsible for both
NNSA and DOE activities will operate. Furthermore, whether NNSA security
officials will establish their own set of policies and procedures or use
existing DOE security policies and procedures is not clear. A Congressional
Research Service memo commented that, in some areas, such as
counterintelligence, both DOE and NNSA have authority to develop policy and
procedures. This raises the prospect of two different sets of security
policy and procedures, DOE's and NNSA's, being implemented at DOE's
facilities that perform both DOE and NNSA missions.
Security Oversight of NNSA
Significant questions remain in the Implementation Plan's discussion of the
role of the Independent Oversight Office. The Implementation Plan states
that this oversight organization will remain in DOE. According to the
Implementation Plan, the Independent Oversight Office will review all DOE
and NNSA sites and activities and will report its findings and
recommendations to the Secretary. How the recommendations are to be handled
by NNSA, however, is not discussed. The Independent Oversight Office has
raised concerns that, unless specifically directed by the Secretary, NNSA is
not required to act on oversight findings and recommendations and thus might
take no action. The Independent Oversight Office is attempting to change DOE
Order 470.2, "Safeguards and Security Independent Oversight Program," to
require NNSA to correct safeguards and security problems identified during
its inspections. However, depending on how the order is changed, this could
set up a relationship which would be inconsistent with the provisions in the
Act that prohibit NNSA personnel from being subject to the authority,
direction, or control of any DOE staff other than the Secretary and the
Administrator. In addition, while amending the order may require NNSA to act
on findings and recommendations from the Independent Oversight Office, it
will not fix the same problem for other oversight offices, such as the
office that oversees environment, safety, and health.
The day-to-day working relationship between the Independent Oversight Office
and NNSA is also unclear. For example, the Independent Oversight Office
inspects DOE facilities and when safeguards and security problems are found,
works with the operating contractor at the facility in developing a
corrective action plan. DOE's Implementation Plan provides no guidance on
whether such relationships between oversight organizations and NNSA should
continue to exist.
In summary, DOE's Implementation Plan establishes a framework for the
creation of NNSA and its security program, but it is not really a detailed
roadmap and significant questions remain about the relationship between NNSA
and DOE's security organizations.
- - - - -
Our work on DOE's oversight of safeguards and security was performed from
June through December 1999, and our work on the establishment of NNSA was
performed during February 2000 in accordance with generally accepted
government auditing standards. Mr. Chairman, this concludes my testimony. We
would be happy to respond to any questions that you or Members of the
Subcommittees may have.
(141425)
*** End of document. ***