FAS | Government Secrecy | News ||| Index | Search |


U.S. DEPARTMENT OF ENERGY
FOR IMMEDIATE RELEASE
March 30, 1999

Secretary Richardson Orders Additional Measures
to Strengthen Security at Department of Energy Sites

Security Report for 1997 and 1998 Sent to Congress

Secretary Richardson today sent to Congress the U.S. Department of Energy's (DOE) Annual Report on Safeguards and Security at its nuclear weapons facilities. Secretary Richardson also authorized the release of an unclassified version of the report and outlined a series of measures being taken to strengthen departmental security.

The report evaluates physical safeguards and security at 12 facilities for 1997 and 1998, using a three-tiered rating system. Nine of the 12 received the top rating of satisfactory. Three operations, Los Alamos National Laboratory, Lawrence Livermore National Laboratory and the department's Transportation Safeguards Division, received the rating of marginal. None received the lowest rating of unsatisfactory. The report concludes that no nuclear materials at the sites are at risk.

A marginal rating indicates that some aspect of the multi-faceted safeguards and security process requires improvement, but that overall security will adequately protect nuclear materials and sensitive information. The report also projects that all facilities will reach an overall satisfactory rating in 1999 if the present corrective actions -- already under way -- continue on their present course. The management at each of the operations with marginal ratings has committed to making the necessary improvements to meet the standards of the highest rating as quickly as possible.

"There has been progress in the past couple of years, and I'm committed to correcting the remaining problems," Secretary Richardson said. "The report projects that all facilities will reach an overall satisfactory rating in 1999 if the present corrective actions -- already under way -- continue on their present course, and I will hold them to it. I have told our security office and the sites that received marginal ratings that I expect to see improvements made on schedule. I have also asked for an additional assessment in July of the three operations that received marginal grades to make sure that security is being strengthened, in addition to taking other actions to strengthen security at all DOE sites."

Richardson has directed that several actions be taken to address vulnerabilities identified in the report, including:

Secretary Richardson is putting particular emphasis on strengthening the protection of computer systems. The additional $8 million in requested funding will be used to help further secure the department's classified and unclassified computer networks. The improvements will help strengthen fire walls, develop additional intrusion detection devices, and fund rapid response teams to work with the FBI to detect and track cyber intruders. The improvements will also allow for greater security in the department's unclassified e-mail systems and strengthen protection of the classified computer systems.

In 1997, the department augmented security at DOE sites by deploying new technologies to safeguard special nuclear materials and weapons; working with other agencies to train departmental protective forces; identifying and building more sophisticated detection and deterrent systems; hiring more new security personnel; bringing in additional security experts to independently assess departmental readiness; and developing a system to constantly re-evaluate and improve protection against hackers and other cyber-intrusions. The independent experts have also concluded that while there is a continuing need for improvements in safeguards and security, there is no present danger to nuclear materials at any DOE site.

The report covers safeguards and security aspects at the Department of Energy's 12 nuclear weapons related sites. These are: the Kansas City Plant, KS; the Los Alamos National Laboratory, NM; the Nevada Test Site, NV; the Tonopah Test Range, NV; the Pantex Plant, TX; the Sandia National Laboratory, NM and CA; the Transportation Safeguards Division based in Albuquerque, NM; the Lawrence Livermore National Laboratory, CA; the Y-12 plant in Oak Ridge, TN; the Rocky Flats Environmental Technology Site, CO; and the Savannah River Tritium Facility, SC. The report covers 1997 and 1998. The 1998 report is being delivered six months early to the Congress.

"I wanted the 1998 report completed early so we could have a current and complete picture of DOE safeguards and security. I'm committed to working with Congress to strengthen security at DOE sites and to keep the appropriate committees fully informed of our work," Richardson said.

Since coming to the department in the fall, Secretary Richardson has taken action to implement President Clinton's February 1998 Decision Directive (PDD-61) by putting in place a series of strong measures to strengthen the counterintelligence capability at DOE labs and facilities.


Redacted Version

23RD ANNUAL REPORT TO THE PRESIDENT

ON THE STATUS OF

SAFEGUARDS AND SECURITY

AT DOMESTIC NUCLEAR WEAPON FACILITIES

Reporting Period:
January 1, 1997 through December 31, 1998

Prepared By: Field Operations Division
Office of Safeguards and Security
Office of Security Affairs

TABLE OF CONTENTS

EXECUTIVE SUMMARY

PART I

Nuclear Weapons and Materials Protection Posture

PART II

Facility Summary

PART III

Support for National Security Decision Directives


EXECUTIVE SUMMARY

This report, produced in response to National Security Decision Directive 309, provides an executive-level summary of the security climate and security-related issues influencing the protection status at the Department of Energy's (DOE) nuclear weapons facilities for calendar years (CY) 1997 and 1998. As such, the report is not intended as an all-inclusive description of individual facility security programs or the Departmental Safeguards and Security Program.

As of the date of publication, the overall protection posture at nine of the Department of Energy's twelve domestic nuclear weapons facilities was Satisfactory. The remaining three, Los Alamos National Laboratory, Transportation Safeguards Division and Lawrence Livermore National Laboratory have overall Facility Ratings of Marginal. Although the Department chose to rate the Transportation Safeguards Division as Marginal, we note the excellent operating record of the Division and our expectation that, with the improvement programs currently in place, the Division will achieve a fully Satisfactory overall Facility rating in the coming months.

While the Rocky Flats Environmental Technology Site is included in this report, it is no longer a nuclear weapons facility and is included in this report because of the remaining defense-related special nuclear material; since its primary mission is now one of facility cleanup and restoration, it will not be discussed in subsequent versions of this report.

Part I of this report identifies long-term safeguards and security challenges that continue to influence planning and operations for the nuclear weapons complex. These are: continual assessment of the ever-changing threat to DOE facilities and assets; aging physical security systems in need of updating or replacement; protection of information in various forms; cyber security; application of security technologies; and the need for the long-term storage of special nuclear materials. Within each of these topics is a discussion of DOE's involvement in major national security programs and initiatives as they apply to the protection of the nation's nuclear weapons complex infrastructure.

Part II, Facility Summary, presents both a tabular accounting of ratings assigned to the 12 facilities and a written summary of safeguards and security topical areas at those facilities having less-than-Satisfactory ratings in at least one topical area. The status of the safeguards and security programs and topical areas at the DOE's nuclear weapons facilities has been determined by evaluating the results of the Safeguards and Security Periodic Survey Program and facility self-assessments. Under the direction of senior DOE management, during 1997 and 1998, the Office of Security Evaluations, DOE's independent oversight organization, produced detailed "facility profiles" that, in large part, were consistent with the issues identified through the Department's Safeguards and Security Periodic Survey Program and facility self-assessments. Finally, senior security staff from DOE headquarters organizations also took part in the final facility security evaluation process.

Part III, Support for National Security Decision Directives, describes the Department's response to four Executive Branch decision directives that affect the nuclear weapons complex. To comply with NSDD 281, Nuclear Weapons Command and Control, DOE participated in numerous projects related to threat assessment and force preparedness. NSDD 298, Operations Security, requires agencies to develop and maintain OPSEC programs for the protection of sensitive activities and information, specifically related to military technology, military weapons and economic competitiveness. Finally, DOE continued to implement measures to comply with Presidential Decision Directive-39 (PDD-39), U.S. Policy on Counterterrorism, which requires the US counterterrorist program to address potential terrorist use of nuclear, chemical or biological weapons or materials of mass destruction.


PART I

Nuclear Weapons and Materials Protection Posture

The Department of Energy's (DOE) Safeguards and Security Program manages one of the nation's most critical, geographically diverse, and demanding security environments. The dynamic nature of this environment and the attractiveness of the assets to be protected require the maintenance of a robust, flexible program. An example of this dynamic environment is the increase of the Department's special nuclear material inventory and nuclear weapons stockpile by approximately 10 percent during 1997. Additionally, approximately three million pages of information were declassified in the past year. In order to be responsive, DOE's program must be capable of deterring adversarial attacks, mitigating the consequences of malicious intrusions and insider actions, assuring the continued strength of the nation's nuclear deterrent, and protecting assets while permitting compliance with multilateral treaties and agreements.

During this period, there have been concerns raised by the news media, program auditors and Congress that questioned the adequacy of the Department's protection posture. These concerns were raised partially as a result of the Department's personnel and funding reductions and its change of mission following the Cold War period, and partially due to world terrorism events that have affected US interests abroad.

In responding to new security challenges that require innovative solutions, the Department has instituted measures to strengthen its safeguards and security programs. These measures have included: deployment of new technology, involvement of Department of Defense (DoD) Special Operations Units in training exercises for DOE protective force personnel, hiring of new security personnel, installation of security upgrades, and additional involvement and advice from external experts who serve on a Congressionally-mandated Security Management Board. Independent assessments to date indicate that although there is no immediate danger to nuclear material at any Departmental site, there is a continuing need for significant safeguards and security improvements.

In establishing the Security Management Board, the Department included three members selected by the Secretary of Defense, one by the Director of the Federal Bureau of Investigation (FBI) and one by the Director of Central Intelligence. Other Board members included senior managers from Departmental Programs. These Board members will serve until October 31, 2000, evaluating procedures for protecting nuclear weapons, special nuclear materials and other classified materials.

The following sections of Part I discuss issues that are expected to have long-term effects, requiring continued management emphasis and operational focus. As discussed below, DOE continues to confront these issues and assess their impacts on the national security process, particularly as they relate to the DOE nuclear weapons facilities.

Protection Against the Threat

In recent years, the worldwide proliferation of weapons of mass destruction has emerged as one of the most serious dangers confronting the United States. This is a continuing and evolving problem with far-reaching consequences for international and domestic security and stability. In response to this emerging threat to our security, the President directed the prioritization of a number of initiatives and programs throughout the US Government and the DOE.

The Department's protective forces continue to be our front-line defense against physical threats to DOE facilities. These personnel protect the Department's safeguards and security interests from material theft and diversion; information loss or compromise; industrial, radiological and toxicological sabotage; espionage; unauthorized access; and other hostile acts. Although the Department has increased protective force strength at several sites, including Los Alamos National Laboratory (LANL), Lawrence Livermore National Laboratory (LLNL) and Nevada Test Site, concerns in several areas of protective force preparedness and readiness continue, as cited in the 22nd Annual Report. These areas of concern include the increase in the average age of protective force personnel (age-creep), which directly corresponds to their ability to meet physical and medical requirements as well as a reduction in available security training hours.

The Department's Design Basis Threat is a DOE-developed assessment of threats to the complex based on a postulated threat produced in cooperation by DOE, DoD, FBI, the Intelligence Community and the Nuclear Regulatory Commission. This document sets the foundation for decisions on prioritization of DOE safeguards and security resource allocations and employment of graded security measures. Additionally, Presidential Decision Directive-39 (PDD-39), U.S. Policy on Counterterrorism, highlights a growing concern for safeguards and security: the threat of terrorist activity against Departmental facilities and security interests. Due to the unpredictable nature of the of information and leverage resources. DOE's Safeguards and Security Program is actively developing techniques that will help deter the potential use of weapons of mass destruction (WMD) against the weapons complex and other sensitive security interests. Following are some examples of DOE initiatives taken in the past year to develop policy and prepare facilities to meet current requirements.

Aging Security Systems

Physical security systems comprise an integral part of the DOE safeguards and security program, providing the assessment, detection, delay and denial functions necessary to meet potential threats. Numerous DOE systems, designed with ten-year life expectancies, were installed in the late 1970's and mid 1980's. Obviously, these systems are either nearing or significantly past those expectancies. As the systems age, repair becomes more costly due both to the increased frequency of necessary repair and the obsolescence of parts caused by rapid advances in technology. Compensatory measures, such as replacing components or entire systems and supplanting dysfunctional systems with protective forces, often in overtime mode, are extremely expensive. Despite this cost, however, without such compensatory measures, the systems in need of repair become potential or actual vulnerabilities to the facilities' security programs.

Information Protection

The most daunting security challenge of the next millennium is the need to protect information, from the most highly classified, such as nuclear weapons design information, to sensitive unclassified. The rapid, explosive proliferation of the Internet, extensive government-wide declassification activities, intra-organizational networks and a general increased reliance on automated information handling have created perhaps the most evasive threat to safeguards and security today. Information warfare, rooted in both economic and national competitiveness, is on a steep rise. There has been an escalation in the number of "hacking" incidents into DOE networks, as well as a significant increase in the number of incidents involving unauthorized disclosure of information, both in person and on publicly accessible networks. The latter increase evokes a concern that attitudes regarding the protection of critical information are moving toward a less-attentive state of awareness.

Technological capabilities within the DOE to deter and detect attempted intrusions into the Department's computer networks are rapidly falling behind sophisticated "hacker" or intruder capabilities, leaving DOE interests at increased risk. Ironically, just at the time when the virtues of "openness" are being widely extolled and DOE facilities are being opened to people from all over the globe, terrorism and other threats are becoming more difficult to describe, plan for and respond to. Thus, now more than ever before, the current situation requires a firm commitment to protection strategies, more effectively trained personnel, continual security awareness and increased diligence, and increased utilization of information protection technology.

Cyber Security

A tremendous increase in computer usage has resulted in increased information flow on an exponential scale. This dramatic shift in information manipulation warrants a separate evaluation process designed to ensure protection in an environment in which carelessness or inadvertence can compromise the equivalent of thousands of printed pages in seconds. As computerized systems cross-cut all operational elements in the Department, user awareness complemented by electronic safeguards must likewise cross-cut programmatic boundaries.

Cyber Security, a critical aspect of information security, can be defined as the protection of information during storage, transmission, or processing using automated information systems or networks of automated information systems. Based on the increasing presence of computerized systems and the ensuing level of operational reliance, the Department needs to understand the protection effectiveness of information in the cyber (virtual) form. Currently, no specified information security criteria exist to facilitate the assessment of a Departmental element's performance in the protection of virtual information. The development of a set of such criteria will focus an appropriate level of attention toward the responsibility of protecting information assets in the virtual form. Development of discrete inspection criteria targeted toward the specific purpose of evaluating cyber-security elements is underway. These criteria will be composed initially through the synthesis of inspection criteria previously established for assessing safeguards and security program elements.

The Department is implementing the following national policies and laws addressing Cyber Security:

Security Technology Application

For more than 30 years, DOE has initiated, advanced and applied state-of-the-art technologies to protect nuclear weapons materials, facilities and information. To prevent duplication of effort, preserve resources and expand the available safeguards and security technology database, DOE conducts extensive internal, interagency and international coordination to leverage the capabilities of other government organizations. The DOE's national laboratories support this critical function by providing unique expertise and cutting-edge systems development capabilities to ensure the accountability and security of the nation's weapons stockpile.

Long-Term Storage of Special Nuclear Material

DOE currently stores more than 400 metric tons of plutonium and highly enriched uranium, largely due to the retirement of US weapons systems, the return of spent fuel from foreign countries and transfers resulting from nonproliferation concerns. The storage of this material, a costly activity for the Department, is provided by numerous, aging facilities that were not designed or constructed for long-term storage. Retrofitting all these facilities to accommodate such a storage scenario will be cost-prohibitive. Furthermore, providing defense against a terrorist threat to the material in storage is significantly more difficult with many sites involved. Finally, most storage locations do not currently employ automatic inventory mechanisms. As nuclear material ages, the health risk to personnel conducting required inventories approaches an unacceptable level. Therefore, it is generally agreed that consolidation of the material into fewer sites is the most feasible method of providing long-term staging. In fact, this effort promises to offer significant savings to the Department's annual operating expenditures.

Conclusion

The DOE Safeguards and Security Program continues to evolve in response not only to the traditional challenges, but to the enhanced, more technologically capable threat. Resolution of the above issues is, in a sense, more difficult than in the past as they are more diverse and less well defined. The increasing worldwide impact on domestic safeguards and security, in the forms of both increased access to US facilities and requirements levied by multilateral agreements is a testament to this change. In addressing the above issues, DOE will continue to aggressively pursue new initiatives and technology, maximize resource use where possible through appropriate prioritization and standardization, and partner with other Governmental agencies. Nothing less than an understanding of the true threat to our nuclear assets, in concert with well-founded policy, effective implementation of procedures, appropriate allocation of resources and application of technology will allow us to succeed.


PART II

Facility Summary

During 1997 and 1998, the Department's weapons complex consisted of 12 facilities located across the nation, as depicted in Figure 1 [figure not included here]. These are the same facilities that comprised the weapons complex during 1996. Although primarily having a cleanup and restoration mission, RFETS is included in this report because of the large quantities of special nuclear materials stored at the facility. Part II consists of descriptions of facilities currently having less-than-Satisfactory topical area and/or facility ratings, represented in chart form on Page II-3 [chart not included here].

Evaluation and Rating

The status of safeguards and security at the Department's 12 domestic nuclear weapons facilities was determined through a variety of methods to include: results from the Department's Safeguards and Security Periodic Survey Program; findings identified from facility self-assessment activities; review of 1997 Office of Security Evaluations (OSE) facility profiles; and direct contact with Program Offices, Field Offices, and facilities. Information derived from these sources are applied to a rating system consisting of:

Satisfactory - The evaluated protection element meets identified protection needs or provides plausible assurance that those protection needs will be met.

Marginal - The evaluated protection element only partially meets identified protection needs or provides questionable assurance that those protection needs will be met.

Unsatisfactory - The evaluated protection element does not meet identified protection needs nor provides assurance that those protection needs will be met.

Six facilities are detailed in narrative form due to Marginal ratings each received in Safeguards and Security Program topical areas. Table 1 on the following page illustrates current ratings and projected status.

Program ratings are applied to five principal safeguards and security components that encompass and evaluate the full extent of the Department's formal protection program and operational activities.

Program Management (PM) - Program Planning, Administration, Personnel Staffing, Training and Qualification, Facility Registration, Resolution of Security Deficiencies.

Protection Program Operations (PPO) - Physical Security, Protective Forces, Security Systems.

Information Security (IS) - Classified Matter Protection and Control, Operations Security, Technical Security, Classification Guidance.

Nuclear Materials Control and Accountability (NMC&A) - Nuclear Materials Accounting Systems, Measurement Systems, Material Control Systems and Detection/Assessment Mechanisms.

Personnel Security (PS) - Access Authorization, Personnel Assurance Program, Visitor Control.

Los Alamos National Laboratory, Albuquerque, NM

Overall Facility Rating: Marginal

Less-than-Satisfactory Topical Areas: Program Management (Marginal), Protection Program Operations (Marginal), Information Security (Marginal), Nuclear Materials Control and Accountability (Marginal)

This facility conducts research and development of nuclear weapons, design and testing of advanced technology concepts, environmental research, and energy-related projects. LANL is a Category I special nuclear material (SNM) facility that possesses more than five metric tons of plutonium, highly enriched uranium, and various classified weapons components. The facility also manages: documents, material, and work classified up to and including Top Secret Restricted Data, a Sensitive Compartmented Information Facility, and Special Access Programs. The protective force consists of approximately 360 uniformed security officers, of whom 60 are Special Response Team (SRT) qualified personnel.

LANL received a Marginal overall Facility rating during the 1997 Periodic Survey. Additionally, the topical areas of PM, PPO and NMC&A were rated Marginal. The Site Safeguards and Security Plan (SSSP), physical security systems, protective force and physical inventory of SNM were identified as major areas of concern.

During 1998, LANL made substantial improvements in the safeguards and security posture. Security enhancements included increased staffing of protective forces, procurement of additional protective force equipment, and the addition of hardened fighting positions. Additionally, vulnerability assessments were completed and validated by extensive Joint Tactical Simulation (JTS) modeling. Significant progress was made in completion of verification measurements of nuclear material previously unmeasured or done at indefensible measurement values. Material surveillance issues at the TA-55 Material Access Area (MAA) were resolved by tabletop vulnerability assessments and diversion path analysis. Funding of Phase I of the security line-item upgrade project was approved and engineering design should begin in 1999.

The DOE office charged with independent oversight of security, OSE, completed a comprehensive inspection of LANL in October 1998. OSE recognized measures taken over the past six months to identify shortcomings, determine cost-effective solutions, and initiate protection system upgrades. OSE also recognized the positive change in Laboratory Management focus and its attention to safeguards and security. However, OSE stated that management commitment to the program must continue. Additionally, the inspection rated three areas as "Needs Improvement" and cited a number of serious protection issues that needed to be addressed. Therefore, LANL's overall Facility rating continues to be Marginal. The PM, PPO, IS and NMC&A topical areas continue to be rated Marginal. Issues of concern include: protection of classified parts, security systems, protective force recapture capabilities, AISS and Accountability Program.

Program Management (Marginal)

 

Issue

 

Corrective Action

 

LANL program and line management failed to ensure that members of their organization implement, support, and follow safeguards and security policies and procedures.

 

LANL will emphasize and remind managers of their responsibility and accountability to ensure the dissemination or enforcement of required security policies and guidelines.

 

[REDACTED]

 

Nuclear Materials Control and Accountability (Marginal)

 

 

Issue

 

Corrective Action

 

Improve the Physical Inventory Program to provide the requisite assurance that nuclear materials are in authorized locations and at stated quantities.

 

A comprehensive, integrated materials control and accountability program has been developed but is not fully implemented.

Sandia National Laboratories, Albuquerque, NM

Overall Facility Rating: Satisfactory

Less-than-Satisfactory Topical Areas: Protection Program Operations (Marginal)

Sandia National Laboratories (SNL-NM) is a multi-program national laboratory responsible for engineering development of US nuclear weapons and for systems integration of the nuclear weapons with their delivery vehicles. The mission embraces a broad range of design, safety, security reliability and use control issues. Security interests include SNM, classified and sensitive information and government property. The protective force consists of 143 uniformed security officers, of whom 50 are SRT-qualified personnel.

During a special survey conducted by the Albuquerque Operations Office (AL) in July 1998, this facility was rated Unsatisfactory due to the degradation of two key areas of the safeguards and security program. PM and PPO had degraded to Unsatisfactory levels. Specifically, the performance of the protective force was evaluated as Unsatisfactory due to a number of issues, most prominently their inability to protect against a DOE Design Basis Threat (DBT) scenario during a force-on-force exercise. The underlying reasons for the unsatisfactory performance were linked to a lack of Laboratory management support and involvement. As a result, the PM topical area was also rated Unsatisfactory. The Unsatisfactory ratings for PM and PPO led to the assignment of an overall Facility rating of Unsatisfactory for SNL-NM by AL.

A follow-on Special Security Survey was conducted in early November 1998. In this survey, only the protective force was re-evaluated; the demonstrated improvement resulted in a Marginal rating in PPO. This rating, in turn, by AL, led to the assessment of a Marginal rating in the PM topical area, and overall Facility rating of Marginal.

Considerable effort has been expended by SNL-NM and AL to evaluate and improve the protective force status following the July 1998 Special Security Survey. SNL-NM has reconfigured the protective force positions to include additional personnel. The November 1998 survey indicated that the new security posture was able to provide protection against the worst case postulated in the DBT.

Revised security upgrades are also now in place, i.e., installation of additional sensors at strategic site locations, redeployment of current hardened vehicles, removal of trigger locks on weapons and additions to the protective force training staff. In addition to improvement in performance during the November 1998 exercise, one million dollars was allocated to safeguards and security in FY 1998 to supplement the existing budget. Additional funding is scheduled for FY 1999, to be used to purchase two armored vehicles, and for additional physical security enhancements. When fully in place, these enhancements will strengthen the site's security posture.

Notwithstanding all the progress, made in late 1998 and early 1999, six of the original nine findings in PM from the July 1998 Security Survey remain open as of February 3, 1999. At the time of the November 1998 Special Survey all nine findings were still open. Two of the closed findings are in the area of FOCI and one was in the area of self-assessments. The following findings are still open. Clearly, management emphasis and the positive momentum must continue to resolve these open findings.

[REDACTED]

98JUL17-AL-501-SPEC-PM.5-003
Not all Sandia Corporation OODEP held the appropriate access authorizations.

98JUL17-AL-501-SPEC-PM.5-005
Not all SNL-NM contracts included the appropriate security clauses.

[REDACTED]

98JUL17-AL-501-SPEC-PM.505-007
There was no process to assure change to the default settings for the ASSESS model were accurately documented.

[REDACTED]

Transportation Safeguards Division, Albuquerque, NM

Overall Facility Rating: Marginal

Less-than-Satisfactory Topical Areas: Program Management (Marginal)

TSD operates throughout the contiguous U.S., utilizing a fleet of specially-designed highway transport vehicles. TSD's primary mission is to provide for the safe, secure movement of nuclear weapons, strategic quantities of SNM, nuclear test devices, selected non-nuclear weapon components and limited life components to and from military locations and between DOE sites. In addition, TSD's 216 Federal Special Agents contribute personnel to staff protective service missions for the Secretary of Energy. TSD is a primarily federal activity under the direction of AL.

[REDACTED]

Lawrence Livermore National Laboratory, Livermore, CA

Overall Facility Rating: Marginal

Less-than-Satisfactory Topical Areas: Nuclear Materials Control and Accountability (Unsatisfactory)

This national laboratory performs research, development, and testing of nuclear design involved in all phases of nuclear weapons production. The Laboratory also provides critical support for other national security activities. The facility possesses Category I quantities of special nuclear materials and critical components. The facility also manages documents, material, and work classified up to and including Top Secret Restricted Data. The facility, its sensitive assets, and unique capabilities are protected by an integrated security system working in concert with a force of approximately 145 uniformed security officers, 34 of whom are SRT-qualified.

During FY 1997, LLNL had a number of problems in its PM, PPO and NMC&A Programs. A set of compensatory measures were deployed and projects initiated to resolve these concerns, including implementation of an SRT and physical security systems upgrades, to include perimeter intrusion detection and assessment improvements.

By the end of 1998, LLNL had corrected most of its PPO deficiencies by implementing the SRT and upgrading the security systems. The LLNL conducted protective force exercises in October 1998. These exercises validated extensive JTS modeling of the current protection posture in the draft revision of the Site Safeguards and Security Plan. Overall, the JTS modeling, limited scope performance testing and have indicated a highly effective protection posture. The newly-formed SRT provides the additional capabilities of recapture and recovery should action be required. LLNL transitioned to the new SRT protection strategy on November 15, 1998.

[REDACTED]

Since the NMC&A Program had such severe deficiencies, the overall protection posture is impacted enough to warrant an overall Facility rating of Marginal. As depicted above, significant progress has been made in the near term. It is expected that all topical ratings for LLNL will be Satisfactory in 1999.

[REDACTED]

LLNL was given a Satisfactory rating in the 1998 Oakland Operations Office Survey Report. The report reflected a deficient configuration management practices in the Secure Computing Facility (SCF). The SCF includes the LLNL intersite Advanced Strategic Computing Initiative system. Interim protection measures are currently sufficient to meet protection requirements until corrective actions are complete. Configuration management is a basic, critical element of computer security. The effectiveness of these corrective actions will be important in sustaining a viable information security program at LLNL.

Y-12 Plant, Oak Ridge, TN

Overall Facility Rating: Satisfactory

Less-than-Satisfactory Topical Areas: Nuclear Materials Control and Accountability (Marginal), Personnel Security (Marginal)

This facility manufactures/dismantles nuclear weapons components used in weapons systems. The plant provides fabrication support for weapons design laboratories, participates in the disassembly of retired nuclear weapons, processes special nuclear materials, and provides unique support for other governmental agencies. The plant possesses large quantities of Category I quantities of SNM, of which 10 metric tons are subject to verification by international inspectors. The facility also manages documents, material, and work classified up to Secret Restricted Data. The protection posture for the facility and its assets is maintained by an integrated security system working in concert with a force of approximately 280 uniformed security officers, including more than 75 SRT personnel.

During FY 1997, identified problems at Y-12 were associated with its NMC&A Program. Due to a "stand-down" of operations, inventories, quantitative measurements and other routine operations were not conducted. This resulted in Y-12 being unable to provide assurance that SNM is in its proper and authorized location. However, compensatory measures are in place to reduce the risk associated with the lack of operations.

In 1998, Y-12 continued to employ compensatory measures, but also was able to begin limited NMC&A operations to include inventories. However, issues arose in the Personnel Security (PS) topical area.

[REDACTED]

Protective force personnel have been re-deployed within the PA and in the Material Access Areas (MAA) to address specific concerns. These deployments and the access enhancements above have been performance tested and provide some assurance that SNM is adequately protected. Enhancements have been identified and, when fully implemented, will provide the appropriate assurance.

[REDACTED]

Personnel Security (Marginal)

 

Issue

 

Corrective Action

 

Backlog of access authorization terminations.

 

Foreign Visits and Assignments program not in compliance with DOE policy

 

Not all designated personnel are enrolled in the Personnel Security Assurance Program.

 

Personnel Security issues continue to be addressed by implementing procedures that comply with DOE Order requirements. However, these procedures have not yet been fully implemented.

[REDACTED]

Continued management focus and attention must be directed to maintaining and improving the protection posture of the Y-12 Plant.

Rocky Flats Environmental Technology Site, Golden, CO

Overall Facility Rating: Satisfactory

Less-than-Satisfactory Topical Areas: Information Security (Marginal)

Rocky Flats Environmental Technology Site (RFETS), operated by Kaiser-Hill, LLC, previously fabricated nuclear weapons parts and assemblies, processed and recovered special nuclear materials, fabricated tritium reservoirs, and performed related research and development in support of the weapons program. The facility has in storage and holdup approximately 13 metric tons of Category I quantities of SNM (plutonium), various pieces of classified production equipment, and classified information holdings. The facility also manages documents, material, and work classified up to Secret Restricted Data. The protection posture for the facility and its assets is maintained by a physical security system functioning in concert with a force of approximately 260 uniformed security officers, of whom more than 25 are SRT-qualified.

In 1997, RFETS received a Marginal overall Facility rating, mandated by issues in the areas of PM and PPO. Key areas of concern identified included physical security systems and deployment of protective forces.

During 1998, RFETS substantially improved the overall protection posture at the Rocky Flats facility and is now Satisfactory. As part of the Rocky Flats physical security systems upgrade process, RFETS is replacing the interior alarm component with a commercial off-the-shelf system. Other improvements include access control upgrades for access into the protected area and additional closed-circuit television (CCTV) assessment installation in critical vaults. The physical security upgrade project is expected to be completed in February 1999.

[REDACTED]

Information Security (Marginal)

 

Issue

 

Corrective Action

 

Rocky Flats has not ensured compliance with DOE Orders and local procedures when processing classified matter during the deactivation and decommissioning activities in Building 444.

 

Building 444 was re-activated as a limited area.


PART III

Support for National Security Decision Directives

Nuclear Weapons Command and Control
(National Security Decision Directive 281)

During Calendar Year 1997, DOE participated with the Nuclear Command and Control System (NCCS), Support Staff (NSS) in numerous projects including the update and rewrite of the NCCS Architectural Document (the NCCS Policy Document), in addition to a major restructuring of Chapter 14, Recapture and Recovery, and the participation in the Mighty Guardian III planning exercise. The Department received one assessment regarding the NSS review of Security Oversight within the DOE. Additionally, the House Energy and Water Subcommittee directed an independent review of the DOE Design Basis Threat (DBT). The NSS conducted the review and reported that DOE's DBT was valid and should be used as a baseline document for developing safeguards and security protection strategies. The DOE also participated with the NSS on the review and update of the US Government-wide Postulated Threat for Department of Defense (DoD) and DOE facilities. The results of these activities are essentially the following:

Security Oversight within DOE: The NSS assessment of the DOE's security oversight concluded in a major recommendation that an independent oversight committee be established to review the safeguards and security structure within DOE. Other recommendations identified the need for programmatic close coordination among the policy developers, the Operations Offices and the Program Offices. DOE responded to this independent assessment by creating two panels of experts, a Security Management Board and a Security Council, to give executive-level attention to the identified issues.

Validation of the DOE DBT: The NSS conducted an independent review of the DBT with input from other Governmental intelligence agencies, to include the Federal Bureau of Investigations and the DoD. The review determined that the DBT was valid against today's threat. In addition to validating the DBT as a baseline for development of protection strategy, the review also recommended that the DBT increase the size of the vehicle bomb that may be used by terrorist groups. Regular update of the DBT was recommended.

US Postulated Threat: The NSS validation of the DBT was a predecessor to the US Government conducting an agency-wide review and upgrade of the US Postulated Threat. The Postulated Threat update was lead by NSS and the Defense Intelligence Agency, with full participation by the DoD, DOE and other interested federal agencies. The Postulated Threat is a coordinated, national-level intelligence threat estimate that provides the foundation on which DoD and DOE develop their respective Design Basis Threat characterizations.

Operations Security
(National Security Decision Directive 298)

DOE maintains an Operations Security Program that complies with National Security Decision Directive 298. The Operations Security Program strives to meet the task of protecting Departmental informational assets at a level commensurate with the threat. The release of sensitive information, through inadvertence or intent, is subject to collection and use to the detriment of Departmental programs such as nuclear nonproliferation, technology transfer, and directed research. Through furtherance of individual responsibility for information protection, the Operations Security program is one of the most cost-effective security programs for the protection of sensitive activities and information.

The Operations Security program is concerned with protection of sensitive information, regardless of form. The dramatic increase in the Department's Internet Presence compelled the development of assessment guidelines to evaluate effects of voluminous data availability and the subsequent impact on operations. The DOE Internet Presence Assessment Guide was distributed to DOE field elements in October 1998. Copies of the Guide were provided to the Department of Defense for incorporation into DoD Regulations regarding the review and assessment of information available via the World-Wide Web. In evaluating the adverse impacts of unrestricted information availability on sensitive operations, Departmental OPSEC elements are now equipped with another tool with which to review the vast array of information published on DOE web sites.

The Operations Security program relies on the principles of risk management. These principles are designed to provide management officials with an information perspective of risk upon which to prioritize the distribution of resources. To maintain currency, the Operations Security training course was revised to more accurately reflect the global political situation in the post Cold-War world. The training course has been the subject of laudatory comments on the part of the students and has garnered the favorable attention of the Interagency Operations Security community. Through the sharing of resources and the reciprocity of training initiatives, the DOE Operations Security program has attempted to leverage all available governmental assets to enhance program effectiveness in a diminishing resource environment.

United States Policy on Counterterrorism
(Presidential Decision Directive-39)

Presidential Decision Directive-39 (PDD-39), "U.S. Policy on Counterterrorism," which was issued in 1995, redirected the US counterterrorist program to address the changing threat, especially the response to terrorist use of nuclear, chemical or biological weapons or materials of mass destruction. Although DOE has taken actions to respond to the six major taskings contained in PDD-39, full compliance will require more a proactive and aggressive stance.

As First Responders to a terrorist incident at DOE facilities responsible for initial denial of access to special nuclear materials, and, failing that, recapture/recovery of the materials, it is a paramount mission of the Department to ensure that safeguards and security counterterrorist capabilities are well-maintained, funded, exercised and fully "mission capable."

Among other requirements, PDD-39 tasks the DOE to provide support to FBI counterterrorism response assets responding to incidents at DOE facilities. To enhance these capabilities, under the specific guidance and direction of PDD-39, DOE is working with the FBI to conduct joint training and exercises, and to develop site security incident management procedures in concert with those in the FBI Nuclear Incident Contingency Plan. Discussions between DOE and FBI have indicated a convergence between plans and procedures for DOE operations and FBI activity in the areas of crisis response, security and law enforcement, training and exercises and technology development. The project seeks to expand upon areas of agreement and improve cooperation and coordination overall. Both parties recognize the importance of effecting a timely, well-coordinated response to any emergency or hostile threat to DOE assets and operations.

DOE is also actively pursuing the intra- and inter-Departmental coordination required by PDD-39, which will greatly assist the implementation of DOE security policies for combating acts of terrorism involving weapons or materials of mass destruction DOE is active in the interagency counterterrorism research and development organization, the Technical Support Working Group, with members serving as Executive and Committee Co-Chairs. Specific DOE PDD-39 initiatives include:

DOE must make a concerted effort to implement the provisions of PDD-39, especially those dealing with WMD. Recent terrorist activity signals a "clear and present danger" requiring a decisive plan of action. The Department is committed to ensuring that DOE security programs are responsive to the new and unanticipated requirements of the future.




FAS | Government Secrecy | News ||| Index | Search |