While cultural, structural, and historical problems have all figured into the management and security and counterintelligence failures of DOE, they should not be construed as an excuse for the deplorable irresponsibility within the agency, the pattern of inaction from those charged with implementation of policies, or the inconsistency of those in leadership positions. The panel identified numerous instances in which individuals were presented with glaring problems yet responded with foot–dragging, finger–pointing, bland reassurances, obfuscations, and even misrepresentations.
The record of inattention and “false start" reforms goes back to the beginning of DOE. There have been several Presidents; National Security Advisors, Energy Secretaries, Deputy Secretaries, Assistant Secretaries, and Lab Directors; scores of DOE Office Directors and Lab managers; and a multitude of Energy Department bureaucrats and Lab scientists who all must shoulder the responsibility and accountability.
As noted above, severe lapses in the security of the nation’s most critical technology, data, and materials were manifest at the creation of the DOE more than 20 years ago. Many, if not most, of the problems were identified repeatedly. Still, reforms flagged amid a lack of discipline and accountability. The fact that virtually every one of those problems persisted—indeed, many of the problems still exist—indicates a lack of sufficient attention by every President, Energy Secretary, and Congress.
This determination is in no way a capitulation to the standard of “everyone is responsible, therefore no one is responsible." Quite the contrary. Even a casual reading of the open–source reports on the Department’s problems presents one with a compelling narrative of incompetency that should have merited the aggressive action of the nation’s leadership. Few transgressions could violate the national trust more than inattention to one’s direct responsibility for controlling the technology of weapons of mass destruction.
The PFIAB panel was not empowered, nor was it charged, to make determinations of whether specific acts of espionage or malfeasance occurred regarding alleged security lapses at the weapons labs. Nor was it tasked to issue performance appraisals of the various Presidents, Energy Secretaries, or members of the Congressional leadership during their respective terms in office. However, an inquiry into the extent to which the system of administrative accountability and responsibility broke down at various times in history has been necessary to fulfill our charter. In fairness, we have tried to examine the nature of the security problems at DOE’s weapons labs in many respects and at many levels, ranging from the circumstances of individuals and the dynamics of group behavior to the effectiveness of mid–level management, the clarity of the laws and regulations affecting the Department, and the effectiveness of leadership initiatives.
THE RECORD OF THE CLINTON TEAM
To its credit, in the past two years the Clinton Administration has proposed and begun to implement some of the most far–reaching reforms in DOE’s history. The 1998 Presidential Decision Directive on DOE counterintelligence (PDD-61) and Secretary Richardson’s initiatives are both substantial and positive steps. We offer an analysis of some of these initiatives, and their likelihood of success, elsewhere in this chapter and elsewhere in this report.
However, the speed and sweep of the Administration’s ongoing response does not absolve it of its responsibility in years past. At the outset of the Clinton Administration—in 1993, when it inherited responsibility for DOE and the glaring record of mismanagement of the weapons laboratories—the incoming leadership did not give the security and counterintelligence problems at the labs the priority and attention they warranted. It will be incumbent on the DOE transition team for the incoming administration in 2001 to pay particular heed to these issues.
While the track record of previous administrations’ responses to DOE’s problems is mixed (see box on previous administrations, on pp. 26-27), the panel members believe that the gravity of the security and counterintelligence mismanagement at the Department will, and should, overshadow post facto claims of due diligence by any administration—including the current one. Asserting that the degree of failure or success with DOE from one administration to the next is relative is, one might say, gilding a figleaf.
The fact is that each successive administration had more evidence of DOE’s systemic failures in hand: the Reagan Administration arrived to find several years’ worth of troubling evidence from the Carter, Ford, and Nixon years; the evidence had mounted higher by the time that the Bush Administration took over; and higher still when the Clinton Administration came in. The Clinton Administration has acted forcefully, but it took pressure from below and outside the Administration to get the attention of the leadership, and there is some evidence to raise questions about whether its actions came later than they should have, given the course of events that led the recent flurry of activity.
THE 1995 ‘WALK-IN’ DOCUMENT
In 1995, a U.S. intelligence agency obtained information that has come to be called the “walk-in" document. A copy of a classified PRC report, it contains a discussion of various U.S. nuclear warheads. The PFIAB has carefully reviewed this document, related information, and the circumstances surrounding its delivery. Serious questions remain as to when it was written, why it was written, and why it was provided to the U.S. We need not resolve these questions. The document unquestionably contains some information that is still highly sensitive, including descriptions, in varying degrees of specificity, of technical characteristics of seven U.S. thermonuclear warheads. This information had been widely available within the U.S. nuclear weapons community, including the weapons labs, other parts of DOE, the Department of Defense, and private contractors, for more than a decade. For example, key technical information concerning the W–88 warhead had been available to numerous U.S. government and military entities since at least 1983 and could well have come from many organizations other than the weapons labs.
W-88 INVESTIGATION
Despite the disclosure of information concerning seven warheads, despite the potential that the source or sources of these disclosures were other than the bomb designers at the national weapons labs, and despite the potential that the disclosures occurred as early as 1982, only one investigation was initiated. That investigation focused on only one warhead, the W–88, only one category of potential sources—bomb designers at the national labs—and on only a four-year window of opportunity. It should have been pursued in a more comprehensive manner. The allegations raised in the investigation should still be pursued vigorously. And the inquiry should be fully explored—regardless of the conclusions that may result.
The episode began as an administrative inquiry conducted by the DOE Office of Energy Intelligence, with limited assistance from the FBI. It developed into an FBI investigation, which is still under way today. Allegations concerning this case and related activities highlighted the need for improvements in the DOE’s counterintelligence program, led along the way to the issuance of a Presidential Decision Directive revamping the DOE’s counterintelligence program, formed a substantial part of the information underlying the Cox Committee’s conclusions on nuclear weapons information, and ultimately led, at least in part, to the President’s decision to ask this Board to evaluate security and counterintelligence at the DOE’s weapons labs.
It is not within the mandate of our review to solve the W–88 case or any other potential compromises of nuclear weapons information. Further, it is not within our mandate to conduct a comprehensive and conclusive evaluation of the handling of the W–88 investigation by the DOJ and FBI. In fact, as we understand it, that is the purpose of a task force recently appointed by the Attorney General. We trust that among the issues that the task force will resolve are:
Again, resolving these issues is not within our mandate. It is, however, explicitly within our mandate to identify additional steps that may need to be taken to address the security and counterintelligence threats to the weapons labs. Also, it is within our standing PFIAB obligation under Executive Order 12863 to assess the adequacy of counterintelligence activities beyond the labs. In this regard, what we have learned from our limited review of the W-88 case and other cases are significant lessons that extend well beyond these particular cases. These lessons relate directly to additional steps we believe must be taken to strengthen our safeguards against current security and foreign intelligence threats. Those steps are discussed further in the Classified Appendix to this report.
We have learned, for example, that under the current personnel security clearance system a person who is under FBI investigation for suspected counterintelligence activities may sometimes be granted a new or renewed clearance. We also have learned that although the written standards for granting a first clearance and for renewing an existing clearance may be identical, the actual practice that has developed—certainly within DOE and we strongly suspect elsewhere—is that clearance renewals will be granted on a lower standard. We find such inconsistency unacceptable. We think it appropriate for the National Security Council to review and resolve these issues.
We have also learned that the legal weapons designed to fight the counterintelligence battles of the 70s have not necessarily been rigorously adapted to fight the counterintelligence battles of the 90s (and beyond). For example, with the passage of more than twenty years since the enactment of the Foreign Intelligence Surveillance Act (FISA) of 1978, it may no longer be adequate to address the counterintelligence threats of the new millennium. We take no position on whether the statute itself needs to be changed. It may well still be sufficient. However, based on all of the information we have reviewed and the interviews we have conducted, and without expressing a view as to the appropriateness of the DOJ decision in the W–88 case, we do believe that the Department of Justice may be applying the FISA in a manner that is too restrictive, particularly in light of the evolution of a very sophisticated counterintelligence threat and the ongoing revolution in information systems. We also are concerned by the lack of uniform application across the government of various other investigative tools, such as employee waivers that grant officials appropriate authority to monitor sensitive government computer systems.
Moreover, there does not exist today a systematic process to ensure that the competing interests of law enforcement and national security are appropriately balanced. Law enforcement, rightly so, is committed to building prosecutable cases. This goal is often furthered by leaving an espionage suspect in place to facilitate the gathering of more evidence. The national security interest, in contrast, is often furthered by immediately removing a suspect from access to sensitive information to avoid additional compromises. Striking the proper balance is never easy. It is made all the more difficult when there is no regular process to ensure that balance is struck. We have learned in our review that this difficult decision often is made by officials who either are too focused on the investigative details or are too unaware of the details to make a balanced decision. This is another matter deserving National Security Council attention.
PFIAB EVALUATION OF THE INTELLIGENCE
COMMUNITY DAMAGE ASSESSMENT
Following receipt of the “walk-in” document, CIA, DOE, Congress, and others conducted numerous analyses in an effort to determine the extent of the classified nuclear weapons information the PRC has acquired and the resultant threat to U.S. national security. Opinions expressed in the media and elsewhere have ranged from one extreme to the other. On one end of the spectrum is the view that the Chinese have acquired very little classified information and can do little with it. On the other end is the view that the Chinese have nearly duplicated the W–88 warhead.
After reviewing the available intelligence and interviewing the major participants in many of these studies, we conclude that none of these extreme views holds water. For us, the most accurate assessment of China’s acquisition of classified U.S. nuclear weapons information and the resultant threat to U.S. national security is presented in the April 1999 Intelligence Community Damage Assessment. Written by a team of experts, this assessment was reviewed and endorsed by an independent panel of national security and nuclear weapons specialists, chaired by Admiral David Jeremiah. We substantially agree with the assessment’s analysis and endorse its key findings. The full text of the assessment’s unclassified summary appears in the unclassified appendix.
PRESIDENTIAL DECISION DIRECTIVE 61: BIRTH AND INTENT
In mid–1997, it became clear to an increasingly broader range of senior administration officials that DOE’s counterintelligence program was in serious trouble.1 In late July, DOE officials briefed the President’s National Security Advisor, who concluded that, while the real magnitude and national security implications of the suspected espionage needed closer scrutiny, there was nonetheless a solid basis for taking steps to strengthen counterintelli-gence measures at the labs. He requested an independent CIA assessment of China’s nuclear program and the impact of U.S. nuclear information, and he directed that the National Counterintelligence Policy Board (NACIPB)2 review the DOE counterintelligence program. That September, the National Security Advisor received the CIA assessment, and the NACIPB reported back that it had found “systemic and serious CI and security problems at DOE [had] been well documented over at least a ten year period" and “few of the recommendations in the past studies [had] been implemented." The NACIPB made 25 recommendations to significantly restructure the DOE CI program; it also proposed that a Presidential Decision Directive or Executive Order be handed down to effect these changes.
At an October 15 meeting, the Director of Central Intelligence and the FBI Director discussed with Secretary Pena and his Deputy Secretary the need to reform the DOE CI program. The DCI and FBI Director sought to make clear there was an urgent need to act immediately, and “despite all the studies conducted, experience over time [had] shown that DOE’s structure and culture make reform difficult, if not impossible, from within." All agreed to develop an action plan that would serve as the basis for a Presidential Decision Directive. Several senior officials involved felt that the necessary reforms would—without the mandate of a Presidential directive—have little hope of overcoming the anticipated bureaucratic resistance, both at DOE headquarters and at the labs. There was a clear fear that, “if the Secretary spoke, the bureaucracy wouldn’t listen; if the President spoke, the bureaucracy might at least listen."
That winter, the NSC coordinated a draft PDD between and among the many agencies and departments involved. Serious disagreements arose over several issues, particularly the creation of independent reporting lines to the Secretary for the Intelligence and Counterintelligence Offices. Also at issue was the subordination of the CI officers at the labs. Much of the resistance stemmed simply from individuals interested in preserving their turf won in previous DOE bureaucratic battles. After much bureaucratic maneuvering and even vicious in–fighting, these issues were finally resolved, or so it seemed; and on February 11, 1998, the President signed and issued the directive as PDD-61.
The full PDD remains classified. An unclassified summary, which contains all significant provisions, is set forth in the unclassified annex. In our view, among the most significant of the 13 initiatives directed by PDD-61 are:
TIMELINESS OF PDD–61
Criticism has been raised that the PDD took too long to be issued and has taken too long to implement. Although the current National Security Advisor was briefed on counterintelligence concerns by DOE officials in April of 1996, we are not convinced that the briefing provided a sufficient basis to require initiation of a broad Presidential directive at that time. We are convinced, however, that the July 1997 briefing, which we are persuaded was much more comprehensive, was sufficient to warrant aggressive White House action. We believe that while the resulting PDD was developed and issued within a customary amount of time, these issues had such national security gravity that it should have been handled with more dispatch. That there were disagreements over various issues is not surprising; that the DOE bureaucracy dug in its heels so deeply in resisting clearly needed reform is very disturbing. In fact, we believe that the NACIPB, created by PDD in 1994, was a critical factor in ram–rodding the PDD through to signature. Before 1994, there was no real structure or effective process for handling these kinds of issues in a methodical way. Had the new structure not been in place and working, we doubt if the PDD would have made it.
With regard to timeliness of implementation, we have far greater concern. It is not unreasonable to expect that senior DOE officials would require some time to evaluate the new OCI Director’s 90–day study, and we are aware that Secretary Richardson did not assume his DOE duties until mid–August. However, we find unacceptable the more than four months that elapsed before DOE advised the National Security Advisor on the actions taken and specific remedies developed to implement the Presidential directive, particularly one so crucial.
More critically, we are disturbed by bureaucratic foot–dragging and even recalcitrance that ensued after issuance of the Presidential Decision Directive. Severe disagreements erupted over several issues, including whether the CI program would apply to all of the labs, not just the weapons labs, and the extent to which polygraph examinations would be used in the personnel security program. We understand that some DOE officials declined to assist in the implementation simply by declaring that, “It won’t work." The polygraph program was finally accepted into the DOE’s security reforms only after the National Security Advisor and the DCI personally interceded. The fact that the Secretary’s implementation plan was not issued to the labs until more than a year after the PDD was issued tells us DOE is still unconvinced of Presidential authority. We find worrisome the reports of repeated and recent resistance by Office of Management and Budget officials to requests for funding to implement the counterintelligence reforms mandated by PDD-61. We find vexing the reports we heard of OMB budgeteers lecturing other government officials on the “unimportance" of counterintelligence at DOE.
SECRETARY RICHARDSON’S INITIATIVES
Since November of 1998 and especially since April of this year, Secretary Richardson has taken commendable steps to address DOE’s security and counterintelligence deficiencies. In November of last year, in the action plan required by PDD-61, Secretary Richardson detailed 31 actions to be taken to reform DOE’s counterintelligence program. These actions addressed the structure of the counterintelligence program, selection and training of field counterintelligence personnel, counterintelligence analysis, counterintelligence and security awareness, protections against potential “insider threats," computer security, and relationships with the FBI, the Central Intelligence Agency, and the National Security Agency.
Though many matters addressed in the action plan would require further evaluation before specific actions would be taken, immediate steps included granting to the Office of Counterintelligence (OCI) direct responsibility for programming and funding counterintelligence activities of all DOE field offices and laboratories; granting the Director, OCI the sole authority to propose candidates to serve as the counterintelligence officers at the weapons labs; and instituting a policy for a polygraph program for employees with access to sensitive information.
In April of 1999, in an effort to eliminate multiple reporting channels and improve lines of communications, direction and accountability, Secretary Richardson ordered changes in the department’s management structure. In short, each of the 11 field offices reports to a Lead Program Secretarial Office (LPSO). The LPSO has “overall line accountability for site-wide environment, safety and health, for safeguards and security and for the implementation of policy promulgated by headquarters staff and support functions." A newly established Field Management Council is to be charged with program integration.
In May of 1999, Secretary Richardson announced substantial restructuring of the security apparatus at DOE. Among these is the new Office of Security and Emergency Operations, responsible for all safeguards and security policy, cyber–security, and emergency functions throughout DOE. It will report directly to the Secretary and consist of the Office of the Chief Information Officer, and Office of Emergency Management and Response, and an Office of Security Affairs, which will include the Office of Safeguards and Security, the Office of Nuclear and National Security Information, the Office of Foreign Visits and Assignments, and the Office of Plutonium, Uranium, and Special Material Inventory.
Also announced was the creation of the Office of Independent Oversight and Performance Assurance. It also will report directly to the Secretary to provide independent oversight for safeguards and security, special nuclear materials accountability, and other related areas.
To support additional cyber-security improvements, DOE will be asking Congress for an additional $50 million over the next two years. Improvements are to include continual monitoring of DOE computers for unauthorized and improper use. New controls will also be placed on computers and workstations, removable media, removable drives, and other devices that could be used to download files. In addition, warning “banners" are now mandatory on all computer systems to alert users that these systems are subject to search and review at the government’s discretion. Cyber–security training is also to be improved.
Secretary Richardson further announced additional measures designed to strengthen DOE’s counterintelligence program. They include: a requirement that DOE officials responsible for maintaining personnel security clearances be notified of any information that might affect the issuance or maintenance of such a clearance, even when the information does not rise to the level of a criminal charge; and mandatory reporting by all DOE employees of any substantive contact with foreign nationals from sensitive countries. DOE also plans to strengthen its Security Management Board; accelerate actions necessary to correct deficiencies in security identified in the 1997/1998 Annual Report to the President on Safeguards and Security; expedite improvements in the physical security of DOE nuclear weapons sites; and delay the automatic declassification of documents more than 25 years old.
In sum, as of mid-June of 1999, progress has been made in addressing counterintelligence and security. Of note, all of the PDD–61 requirements are reported to have been substantially implemented. Other important steps also reportedly have been completed. Among these are the assignment of experienced counterintelligence officers to the weapons labs.
PROSPECTS FOR REFORMS
Although we applaud Secretary Richardson’s initiative, we seriously doubt that his initiatives will achieve lasting success. Though certainly significant steps in the right direction, Secretary Richardson’s initiatives have not yet solved the many problems. Significant objectives, all of which were identified in the DOE OCI study completed nearly a year ago, have not yet been fully achieved. Among these unmet objectives are revising the DOE policy on foreign visits and establishing an effective polygraph examination program for selected, high–risk programs. Moreover, the Richardson initiatives simply do not go far enough.
These moves have not yet accomplished some of the smallest fixes—despite huge levels of attention and Secretarial priority. Consider the following example: with all the emphasis of late on computer security, including a weeks–long stand–down of the weapons labs computer systems directed by the Secretary, the stark fact remains that, as of the date of this report, a nefarious employee can still download secret nuclear weapons information to a tape, put it in his or her pocket, and walk out the door. Money cannot really be the issue. The annual DOE budget is already $18 billion. There must be some other reason.
Under the Richardson plan, even if the new “Security Czar" is given complete authority over the more than $800 million ostensibly allocated each year to security of nuclear weapons-related functions in DOE, he will still have to cross borders into other people’s fiefdoms, causing certain turmoil and infighting. If he gets no direct budget authority, he will be left with little more than policy guidance. Even then, as the head of a staff office, under the most recent Secretary Richardson reorganization he has to get the approval of yet another fiefdom, the newly created Field Management Council, before he can issue policy guidance. Moreover, he is unlikely to have much success in obtaining approval from that body when he is not even a member—and the majority of those who are members are the very program managers that his policy guidance would affect.
TROUBLE AHEAD
Perhaps the most troubling aspect of the PFIAB’s inquiry is the evidence that the lab bureaucracies— after months at the epicenter of an espionage scandal with serious implications for U.S. foreign policy—are still resisting reforms. Equally disconcerting, other agencies have joined the security skeptics list. In the past few weeks, officials from DOE and other agencies have reported to us:
BACK TO THE FUTURE
In 1976, federal officials conducted a study of the nation’s nuclear weapons laboratories and plants. In trying to devise a coherent and viable way of managing the labs, they settled on three possible solutions: place the weapons labs under the Department of Defense, make them a free–standing agency, or leave them within the Energy Research and Development Administration. Congress chose to leave the weapons labs within ERDA, the successor agency of the Atomic Energy Commission.
Nearly a decade later, the oversight of the weapons labs was still of great concern. Senators Sam Nunn and John Warner led a push to place the weapons labs under the auspices of the Department of Defense. However, the Reagan Administration staved off their effort by agreeing to put together a blue–ribbon panel to study the issue. The panel studied the problem for six months and issued a report in July, 1985. Again, Congress and federal officials weighed whether the weapons labs should be transferred to the Department of Defense or restructured to be given more autonomy.
The status quo prevailed. The weapons labs stayed within the Department of Energy.
As this report has detailed, problems in the managerial relationship between DOE and the weapons labs have persisted, perhaps even increased, over the past 14 years. Indeed, the discussion today sounds hauntingly familiar to the discussions in the 1980s and 1970s.
Today, however, there is a difference. The record of mismanagement of the weapons labs in matters of security and counterintelligence has become so long and so compelling as to demand a rejection of the status quo. There can be no doubt that the current structure of the Department of Energy has failed to give the nation’s weapons laboratories the level of care and attention they warrant. Thus, our panel is recommending deep and lasting structural change that will give the weapons laboratories the accountability, clear lines of authority, and priority they deserve.
2. The National Counterintelligence Policy Board (NACIPB) was created by a 1994 Presidential Decision Directive to serve as the National Security Council’s primary mechanism to develop an effective national counterintelligence program. Current core NACIPB members include senior representatives from the Director of Central Intelligence /Central Intelligence Agency, the Federal Bureau of Investigation, the Department of Defense, the Department of State, the Department of Justice, the military departments’ CI organizations, the National Security Council, and, as of 1997, the Department of Energy and NSA.