TESTIMONY OF EDWARD J. MC Callum
Mr. Chairman, I am here today at your request to speak with the committee about my observations of the Department of Energys (DOE) Safeguards and Security Program. DOEs arrogant disregard for national security has already been clearly described in the June 1999, Report on Security at the Department of Energy by the Presidents Foreign Intelligence Advisory Board (PFIAB), The Best of Science- The Worst of Security, and Congressman Coxs committee report on espionage at our national laboratories. It is clear today that DOE has sacrificed nuclear security for other budget priorities and has jeopardized national security by failing to protect its Laboratories against widespread espionage or against possible terrorist attack.
I am currently detailed to the Department of Defense as the Acting Director of The Combating Terrorism / Technology Support Office under the Assistant Secretary for Special Operations and Low Intensity Conflict. Over the past nine years, I served as the Director of DOEs Office of Safeguards and Security. In this capacity, I was responsible for the policy that governs the protection of the DOEs national security assets, including nuclear weapons, nuclear materials, highly classified information and personnel clearances for these assets. My office was also charged with investigating security incidents involving the loss of nuclear materials and the unauthorized disclosure of classified information.
Prior to joining the Office of Safeguards and Security I held several high level positions within the Departments safeguards and security program areas. From 1988-1989 I served as Director, Office of Security Evaluations, the Departments independent inspector. In 1978 I joined the DOE at the Chicago Operations Office and in 1979 became the Director of the Safeguards and Security Division. Prior to joining DOE, I served as an officer in the U.S. Army. Active military service included a number of Military Intelligence and Special Forces assignments in Europe and Southeast Asia. I culminated my military duty as a reserve officer after over thirty years of active and reserve service.
As the Director, Office of Safeguards and Security, my team provided senior DOE management with sound, professional judgment regarding security of our nations most critical strategic nuclear assets. We provided specific action plans to correct shortcomings, even though much of what was recommended has not been considered politically correct, since the end of the Cold War. The steady decline in resources available to the DOE safeguards and security program as well as a lack of priority allowed the Departments security posture to deteriorate to a point where it is not effective. Numerous unclassified reports from the Office of Safeguards and Security, issued between 1994 and 1999, document the reduction in the Departments security readiness. These reports are supported by hundreds of classified incident and inspection reports that provide detailed analyses.
The information presented in the testimony I submit today is not new. The message has been repeated consistently over the last decade, in such reports prepared by my office as the Annual Reports to the Secretary in 1996 and 1997. In fact, these reports were frequently referenced and footnoted in the PFIAB Report. External reviews such as the Report to the Secretary, by General James Freeze, or the Nuclear Command and Control Staff Report on Oversight in the DOE in 1998, cite similar concerns. There have also been dozens of General Accounting Office Reports addressing these areas. We have frequently reorganized, restructured and studied these issues, however, the department has not chosen to resolve these serious and long-standing problems.
I would like to cover a few specifics to introduce the committee to the severity of the issues, however, I must point out that I have been off the DOE security scene for six months. It is clear that an infusion of technical expertise and continuous external oversight will be required to assure their continuing correction. Reorganization and reshuffling will not suffice.
One of the primary interests expressed in recent months, and widely covered by the media recently, is the loss of classified information from the computer systems at some of the National Laboratories. Indeed, I believe we are sitting at the center of the worst spy scandal in our Nations history. We knew our greatest secrets were being stolen and we did nothing about it.
The DOE Computer Security Program has suffered from a variety of problems. Of primary concern is the lack of protection for unclassified sensitive information and the ease with which it can be transferred to and from classified systems. Until recently, little guidance had been issued on how to protect sensitive but unclassified information. Attempts to issue comprehensive guidance by my office and the Chief Information Officer as early as 1995 met with significant Laboratory resistance and failed. Several Laboratories and their Program Assistant Secretaries in Washington believed that providing protection, such as firewalls and passwords, was unnecessarily expensive and a hindrance to science. Implementation of the proposed Computer Security Regulations in 1996 would have prevented many of the losses reported today.
A variety of computer security tools and techniques, such as encryption devices, firewalls, and disconnect features, are required by policy; however, these policies were frequently ignored. Something as simple as using different size floppy discs between classified and unclassified systems was rejected as unnecessary.
Last year, despite the most severe and candid briefings to the Secretary on compromises of nuclear weapons data at our National Laboratories, we were still unable to move essential policy changes forward. Although we were well aware of ongoing espionage, it was not until parts of Congressman Coxs report were made public that DOE began to react.
While much attention of late has been directed toward foreign access, espionage and the protection of classified information, equally serious cause for concern exists in other areas as well. For instance, since 1992, the number of protective forces at DOE sites nationwide has decreased by almost 40% (from 5,640 to the current number of approximately 3,500). These are the men and women who protect our nuclear weapons and nuclear materials from theft or sabotage under authority of the Atomic Energy Act. In 1996, the numbers were far worse, but continuous pressure from my office resulted in an increase of several hundred Security Police Officers over that low. In the same time frame the inventory of nuclear material has increased by more than 30%. The number of Security Police Officers had declined to the point where it is questionable at some facilities whether the DOE Security Force could defeat an adversary. By 1996 several facilities were no longer capable of recapturing a nuclear asset or facility if it were lost to an adversary. Indeed, a number of sites even stopped training for this mission because resources were reduced below the minimum level necessary to expect success. In order to rationalize these severe reductions, several of these sites began using unrealistic performance tests to verify that their Protective Force could recognize, contain and neutralize an adversary. For instance, artificial "safety constraints" are imposed on exercise adversary/red teams that effectively neutralize their ability to operate. A review by a DOD Special Operations team at one of our sites last year reported that needlessly restrictive exercise rules for the intruders were unnecessary and resulted in a false sense of security.
PHYSICAL SECURITY SYSTEMS
Another area of concern involves aging and deteriorating security systems throughout the DOE complex, including at such sites as Los Alamos and Rocky Flats. Physical security systems such as sensors, alarms, access control and video systems are critical to ensure the adequate protection of Special Nuclear Material (SNM) and classified material and weapons parts. Many facilities have systems ranging in age from 14 to 21 years, and are based on technology developed in the mid-70's. Because of the obsolescence of these systems they fail too frequently and replacement parts and services are increasingly expensive and hard to obtain. Expensive and sometimes unreliable compensatory measures (i.e., security force response) are required as a stopgap measure to provide minimum protection. Older systems are also vulnerable to defeat by advanced technologies that are now readily available to potential adversaries. Continual reductions, delays and cancellations in line item construction funding increase the risk to nuclear weapons, nuclear materials and nuclear weapons design information. Further, DOE is not realizing significant savings available through advancements in technology that have increased detection, assessment, and delay capabilities.
I fear that a recent decision by the Department to have HQ Program Assistant Secretaries fund the cost of clearances for field contractor personnel will have severe repercussions. Since implementing this new approach at the beginning of FY 1999, we have already seen a dramatic increase in the backlog of background investigations. As with other security areas, program offices must decide between competing interests when determining which areas fund. Unfortunately, security activities are relegated to a lower tier in terms of importance by most program Assistant Secretaries and field sites. This appears to be the case with the funding of security background investigations. As the first and best line of defense against both "insider" and espionage threat, adequate funding and timely conduct of reinvestigations is critical for DOE to maintain a security posture that ensures only trustworthy individuals are given access to critical national security assets.
A PATH FORWARD
Operating beneath the surface of these major shortfalls are some fundamental issues that, if properly addressed, could provide the impetus to effect real change. These challenges are not new, nor are their solutions.
SAFEGUARDS AND SECURITY PROGRAM FUNDING
This is the central and root-cause issue for failed security in the DOE. As previously stated, when HQ Program Assistant Secretaries face funding shortfalls, there is a tendency to cut security programs in greater proportion than other program elements. In recent years, these cuts have been made routinely without the benefit of assessing the impact these cuts have on the security of the site or safety of site personnel and surrounding communities. The implementation of virtually every security program, from the Information Security Program to Protective Forces, has suffered significantly. Many of these cuts are ill advised and, as we have seen, they have led to serious security lapses. Nevertheless, my office had no authority to ensure implementation of departmental security policies and requirements. Similarly, my office had few resources to provide program offices or field elements to help pay for appropriate security measures.
The new DOE Security Czar does not have a budget for implementation of anything. Safeguards and Security budgets for DOE should be provided through one or more line items to the Security Czar, not various program Assistant Secretaries. Fragmentation of security funding has been in place for 20 years, and it has not worked. Without an adequate budget there is simply no authority.
A centrally funded and well-integrated National-level security exercise program is critical to meet the safeguards and protection needs of DOE and the nation. Regulations require exercises that annually assess site response and management of security crisis at critical DOE facilities. However, many of these exercises are conducted without the participation of state and local law enforcement, regional offices of the Federal Bureau of Investigation (FBI) and other Federal agencies. Their lack of participation makes these exercises meaningless.
Under Presidential Decision Directive 39, U.S. Policy on Counterterrorism, and Decision Directive 62, Protection Against Unconventional Threats to the Homeland and Americans Overseas, the Secretary of Energy is directed to conduct exercises to ensure the safety and security of its nuclear facilities from terrorism. With the cooperation and support of the FBI, several regional exercises were conducted at DOE sites in the last year. However, funding and commitment are far short of the required goals. My staff estimated that DOE is meeting only about 25% of site requirements.
Significantly, the majority of the funding for exercises resides at the site level where expenditures must vie with other immediate program needs each fiscal year, usually to their detriment. Exercise funding should be centrally managed from a line item budget to assure the moneys are available and are spent on exercises.
It must be obvious by now that attempts to implement internal oversight of the DOE safeguards and security program have failed over the last decade. While there have been brief periods when oversight has been effective, organizational and budget pressures have played too central a theme for this function to remain within DOE. When the student develops and grades their own test, and writes their own report card, there is no independent oversight. Currently internal oversight should be consolidated under the Security Czar, or abolished. Additionally, an organization like the Commission on Safeguards, Security and Counterintelligence for Department of Energy Facilities, proposed by the Senate in Section 3152 of the National Defense Authorization Act for Fiscal Year 2000, should be established to independently review Security at DOE and the Laboratories. This would fulfill long-standing recommendations of both GAO and the Congress. Further, a direct information mechanism needs to be established to one or more of the Congressional Committees.
ORGANIZATIONAL STRUCTURE AND ACCOUNTABILITY
In all of the reviews of the safeguards and security program conducted during the last decade, there is a recurring theme. Namely, the organizational structure of the Departments Safeguards and Security Program does not align programmatic authority and responsibility and is too open to manipulation by contractors. Severe fragmentation of the Safeguards and Security Program staffs guarantees a lack of accountability.
For example, the current structure of Safeguards and Security Program has one organization developing policy, training and providing technical field assistance (OSS), another organization providing funding and "implementing guidance" (Headquarters Program Offices), a third tier of organizations (Field Sites) is responsible for implementation of policy, while a fourth (EH) is responsible for oversight. A fundamental change in both the organizational structure and funding of the Safeguards and Security Program is absolutely necessary before the Department can begin to systematically address the major challenges previously addressed. These organizations must be consolidated with policy, guidance and implementation in one location, and with an appropriate budget to participate in Department decision making.
Secretary Richardson recently announced the selection of a new "Security Czar" for the Department. According to the Secretarys pronouncements many of these concerns are being addressed. However, the Secretarys statements and the actual actions occurring within the DOE seem startlingly different. Program Assistant Secretaries continue to maintain separate security staffs. These staffs are largely ineffective because they lack knowledge, experience, and favor parochial interests over national security. A disturbing document entitled, "Safeguards and Security Roles and Responsibilities has been circulated by Sandia National Laboratory would give the Security Czar less authority than I had in DOE. Specifically, in the proposed security structure, critical approvals would be delegated from Headquarters to the very Laboratories that have allowed critical losses. Important security plans as well as approval of exceptions to national and departmental regulations would be delegated to the field. And finally, oversight inspections would be conducted "for cause" only, based on initial reviews and self-inspections by the Labs themselves. Worse still, this internal oversight program would not even report to the Czar.
Ladies and gentlemen, this devolution of the few authorities reserved to the DOE is in direct conflict with the serious negligence identified in both Congressman Coxs Report and that of the PFIAB. It is the organizational equivalent of sending the fox in to count the hens.
In closing, I would like to mention the most positive aspect of the Departments safeguards and security program. The program is staffed by hard working dedicated men and women, both Federal and contractor, who are firmly committed to protecting the critical national security assets entrusted to their care. Despite the dwindling resources available to them, these individuals continue to perform in an outstanding fashion. Where this Department has failed is in providing these professionals the necessary resources to allow them to perform their responsibilities safely and appropriately. The Department has also failed to provide management support and protection so that individuals will bring forward problems and deficiencies without fear of retaliation