This report provides a year-end update on the effects of the Secretary of Energy’s security initiatives within the Department of Energy and its nuclear weapons complex. Nineteen ninety-nine was an eventful year for the Department in terms of the level of attention and the amount of activity associated with our security programs and our ability to protect the nation’s secrets. The year began with the Department falling under heavy criticism from both Congress and the media for serious problems in our security practices. That criticism did not substantially subside throughout the year. The Secretary directed a number of actions in an effort to bring our security organizations, programs, and practices to a level that could demonstrably provide adequate protection to those things the Department is entrusted to protect. This report provides a summary perspective on where the Department began the year, what was done on a Departmental level to address problems, and where the Department stands now in terms of observable and measurable results. The status reported is based on appraisals conducted by the Department’s Office of Independent Oversight and Performance Assurance.
Strength Through Leadership
Confidence Through Security
Year-End Status of Safeguards and SecurityA Report
in the Nuclear Weapons Complex
to the Secretary of Energy
the Office of Independent Oversight
and Performance Assurance
Strength Through Leadership
Confidence Through Security
Year-End Status of Safeguards and Security in
the Nuclear Weapons Complex
Independent OversightThe Secretary of Energy created the Office of Independent Oversight and Performance Assurance in early 1999 to consolidate security-related Department-wide independent oversight into a single office reporting directly to the Office of the Secretary of Energy. Its nucleus was the Office of Security Evaluations, formerly part of the Office of Oversight under the Assistant Secretary for Environment, Safety and Health. Two new offices--the Office of Cyber Security and Special Reviews, and the Office of Emergency Management Oversight--were created to complete the consolidation of oversight activities within the new organization.
The Office of Independent Oversight and Performance Assurance conducts appraisals of all aspects of the Department’s policies, programs, and practices related to safeguards and security, cyber security, and emergency management. Our activities range from comprehensive appraisals of a facility’s safeguards and security, cyber security, and emergency management programs to follow-up appraisals that check on the status of corrective actions or specific problems. We also conduct Department-wide special studies of significant issues related to security. When we identify problem areas, we also strive to identify viable approaches for correcting the problems. We do this with highly qualified experts in a dozen disciplines related to security, cyber security, and emergency management. Many of our appraisal team members are recognized authorities in their individual disciplines. Our approach to appraisals is performance-based so we can determine whether security programs and practices in fact provide the necessary protection. Accordingly, we developed and applied performance-testing methodologies whenever applicable. Many of our tests and methodologies have been adopted by Departmental organizations across the country for survey and self-assessment purposes. Our office is respected throughout the Department for its thoroughness, professionalism, and objectivity, and our efforts and conclusions have always withstood scrutiny because of our thorough validation procedures.
The ChallengeThe security problems that challenged the Department during 1999 did not originate in 1999-- they merely became public knowledge to such an extent and in such quick succession that they demanded immediate attention. For the first 50 years of its existence, the priority of the nuclear weapons complex was clear: develop, build, and maintain a nuclear weapons stockpile sufficient to support the nation’s nuclear strategy. While security was an acknowledged necessity, it, along with almost everything else, took a back seat to production requirements. When security and production had competing or incompatible needs, security generally yielded. This was understandable, given the national priorities at the time, but it inevitably planted a seed in the culture of the weapons complex that taught a very simple lesson: security requirements aren’t absolute—they can be put aside for more important things. With victory in the Cold War came the common but unfortunate misconception that we no longer had any formidable enemies, and therefore shouldn’t be allocating increasingly scarce funding on security. While not ignored, security became a decreasing priority and an increasingly expensive overhead item to many managers. Thus the conditions were established that led to the security problems confronting the Department in 1999.
The Department’s 1999 23rd Annual Report to the President -- prepared by the Department’s safeguards and security policy organization -- covering the calendar years 1997 and 1998 and based largely on the results of our appraisal activities, emphasized a number of security-related weaknesses. Three nuclear weapons program facilities discussed in the report received overall ratings of less than satisfactory for security. The report characterized many security programs as “lacking management support and involvement.” The Annual Report also highlighted concerns across the weapons complex relating to protection of information against “hackers,” protective force readiness and preparedness, aging physical security alarm hardware, and the need for better facilities for long-term storage of plutonium and highly enriched uranium.
The allegations of nuclear espionage at a national laboratory made the subject of security within the DOE a matter of nationwide concern. The aftermath of this revelation and the prominent reporting of the Department’s security problems created a crisis in confidence between the Department and Congress and, to some extent, the American public. This situation posed a real threat to the Department’s ability to continue performing its national security and other responsibilities.
The Secretary’s ResponseAcknowledging the existence of serious security problems, the Secretary immediately took a number of significant actions aimed at correcting deficiencies and creating institutional changes to strengthen the Department’s security programs and prevent such serious deficiencies from occurring in the future. These unprecedented initiatives included:
The initiation of changes of this scope and magnitude in the Department’s approach to security, in a single year, is unprecedented, and required extraordinary leadership initiative and the concentration of significant effort at all levels within the Department. Collectively, these initiatives concentrated on four basic management tenets: demonstrating management interest at the highest level and demanding it at lower levels; setting understandable and achievable goals and milestones; holding managers accountable for performance; and providing additional resources in areas of most serious need.
- Establishing a DOE security "czar" to provide overriding security policy and budgetary control throughout the Department. The former Commanding General of the Strategic Command was appointed to head the Office of Security and Emergency Operations and was given wide-ranging authority to “shake up” and remedy security weaknesses. To further strengthen this new czar, three entities not formerly part of the security organization were included in the new office: the Chief Information Officer (responsible for unclassified computer security); the Foreign Visits and Assignments Program office; and the emergency management organization. This office is expected to receive unprecedented authority over security spending with the FY 2001 budget.
- Establishing an independent oversight office, reporting directly to the Office of the Secretary, to police the Department’s security and emergency management programs. The Office of Independent Oversight and Performance Assurance provides the Secretary with real-time assessments of the effectiveness of policies and programs in nuclear safeguards; security, including cyber security; and emergency management and other critical functions. As the Secretary’s "junkyard dog," this office performs the critical role of independent oversight of the Department’s security, providing an independent review by experts who have no vested interest in the implementation of security programs.
- Establishing a "zero tolerance" approach to security lapses.
- Appointing a veteran of the Central Intelligence Agency and the Federal Bureau of Investigation to head a new counterintelligence office, increasing the counterintelligence budget from $2.6 million (the 1995 baseline) to $39.2 million, placing counterintelligence representatives at all nuclear weapons laboratories, and instituting a polygraph program to screen personnel with access to highly sensitive nuclear weapons information.
- Establishing new requirements and standards for computer security programs.
- Overhauling the program governing the control of foreign visitors to DOE facilities for unclassified purposes or work.
- Insisting on DOE and laboratory management commitment to new, challenging goals for correcting the most urgent security problems by the end of calendar year 1999 to ensure progress toward the long-term solution of longstanding security weaknesses.
- The Secretary’s travelling often to each national laboratory to emphasize personally to the laboratory directors his intention to reform security, while continuing to stress the importance of science.
- Directing that individuals responsible for security be held accountable for correcting security weaknesses.
The ResultsAt the Secretary’s direction, the Office of Independent Oversight and Performance Assurance devoted most of its efforts during the year to dealing with the Department’s most immediate security concerns. The Secretary tasked us to closely examine the status of security at the three major nuclear weapons laboratories, identify any significant deficiencies, and identify what would have to be corrected to bring the security programs to an acceptable level of performance by the end of the year. He further directed us to provide continuous information on the status of laboratory security programs. Accordingly, we conducted:
The results of our major efforts are summarized in the following sections.
- Comprehensive appraisals of security programs and practices, including computer security programs, at Lawrence Livermore National Laboratory, Sandia National Laboratories (New Mexico and California facilities), Los Alamos National Laboratory, and the Y-12 Plant in Oak Ridge, Tennessee
- A follow-up appraisal of the Transportation Safeguards Division’s tactical capabilities
- Year-end follow-up appraisals of Los Alamos, Lawrence Livermore, and Sandia National Laboratories, focusing on their progress in correcting deficiencies identified in the earlier comprehensive appraisals.
Lawrence Livermore National Laboratory
Our comprehensive appraisal in the spring of 1999 found serious, widespread deficiencies in Lawrence Livermore’s programs for protecting information and special nuclear materials. For example:
- Classified weapons parts were stored in buildings that did not provide adequate protection.
- Some classified information was not controlled adequately to prevent unauthorized access.
- Some actions required by the “nine-point plan” to address cyber security issues had not been taken, and others had not been thoroughly or effectively implemented.
- Foreign nationals who had not been screened through the Department’s Foreign Visits and Assignments Program had remote dial-up access to the unclassified computer network; we found exploitable vulnerabilities in the network.
- Lawrence Livermore had not tested and documented its protection posture rigorously and thoroughly enough to substantiate its claimed levels of protection for special nuclear materials. As an example, the tactical performance test program did not test many of the critical elements of the tactical response plan.
- There were deficiencies in the physical inventory program for special nuclear materials, and Lawrence Livermore could not properly measure its inventory of highly enriched uranium.
As a result of our findings during the comprehensive inspection, we rated the overall safeguards and security program, as well as most program elements, as less than satisfactory.
Our follow-up appraisal in December 1999, evaluating the status of corrective actions, found that Lawrence Livermore had responded vigorously to the results of our earlier appraisal and had made noteworthy progress in addressing the identified deficiencies. While some problems in unclassified cyber security remained, progress was made in other areas:
- Lawrence Livermore had completed improved vulnerability analyses related to the protection of special nuclear materials and had initiated compensatory protection measures and protection system upgrades.
- Classified information was better protected through the elimination of non-approved storage containers and implementation of necessary physical security upgrades and access barriers. Procedures were implemented to assure that all foreign nationals with dial-up access to the unclassified computer network would be processed through the Foreign Visits and Assignments Program.
As a result of the significant progress made since the earlier appraisal and the compensatory measures in place, we rated Lawrence Livermore’s overall safeguards and security program as satisfactory during the follow-up appraisal.
Sandia National Laboratories-New Mexico
Our comprehensive appraisal of Sandia National Laboratories-New Mexico was conducted in July 1999. Most of the elements of the safeguards and security program were found to be effective; however, we identified several issues in need of immediate attention:
- Protection of classified matter was inadequate in some areas. For example, several buildings that did not meet applicable protection requirements were used for open storage of classified nuclear weapons parts, and non-approved containers were used to store classified information without benefit of required protective force checks and/or alarm coverage.
- Approved foreign national visitors and assignees were not sufficiently controlled and supervised to keep them from accessing inappropriate areas or inappropriate unclassified computer systems.
- Various vulnerabilities were detected in the laboratory’s unclassified computer network, which contains sensitive unclassified information.
- The tactical modeling and performance testing programs used to validate the adequacy of the protection program did not reflect the complete range of applicable adversary tactics and capabilities.
Our follow-up appraisal in December 1999 found that considerable resources and management attention had been applied to the identified deficiencies; appropriate short-term corrective actions had been implemented; and suitable plans for long-term corrective actions had been developed. While follow-through on longer-term actions remains necessary, we found that the interim actions, including the effectiveness of implemented compensatory measures, had sufficiently addressed the identified concerns to merit an overall program rating of satisfactory.
Los Alamos National Laboratory
We conducted a comprehensive appraisal of Los Alamos in August 1999; our previous comprehensive appraisal of the site had been a mere ten months earlier. We found that while Los Alamos had made significant progress in addressing the deficiencies we had identified the previous year, problems remained to be fully corrected in some areas, including unclassified computer security and protection of classified parts. However, due to the compensatory measures in place, we rated the overall status of the protection program as satisfactory.
Our follow-up appraisal in December 1999 found that most unclassified computer security concerns had been adequately addressed. Vulnerability assessments of the storage of classified parts had been conducted and interim protective measures were in place, pending implementation of longer-term corrective actions such as installation of alarm systems. The overall protection program rating remained satisfactory.
Y-12 Weapons Plant
We conducted a comprehensive appraisal of the Y-12 Weapons Plant in Oak Ridge, Tennessee, during September and October 1999. While we found that some protection program elements were particularly effective, several significant concerns were identified in other program elements. The overall protection program, as well as some individual elements thereof, were rated less than satisfactory. Because of the time needed to effectively implement planned corrective actions, we have not yet conducted a formal follow-up appraisal to determine the adequacy of the actions taken to address these concerns. However, we have conducted follow-up visits and monitored the corrective action plan, which is generally adequate. The Y-12 Weapons Plant is still working to address longstanding issues in material control and accountability resulting from an extended shutdown due to safety concerns.
Transportation Safeguards Division
We conducted a follow-up review of the Transportation Safeguards Division in late 1999, specifically to examine how it had addressed some deficiencies in tactical capabilities that were identified in the 23rd Annual Report to the President. The Division had developed an appropriate response plan to address the issue, had established milestones and conducted training, and demonstrated an acceptable level of proficiency in training exercises we observed. We concluded that the Division’s response to the identified deficiency was satisfactory.
The PrognosisOverall, what we found offers considerable reason for optimism, particularly at the weapons laboratories. The unprecedented leadership provided by the Secretary of Energy has focused efforts and mobilized significant resources to implement both immediate and long-term solutions to the Department’s security problems. Those efforts are already demonstrating numerous positive results, and we have seen considerable progress toward the most pressing needs in a relatively short time. While many efforts have yet to be completed, we have observed and measured considerable achievement in many areas. Most notably, with the Secretary as a driving force, we see the beginning of a Department-wide cultural change in attitude toward security, which has never previously been seen in this Department. Top-level facility managers, including the directors of the major weapons laboratories, are acting on the Secretary’s message that security matters--that they must pay attention to security and give it the appropriate priority if they are to continue conducting their business. Not only have we seen significant effort and resources devoted to correcting security problems, but increased upper management emphasis on security is also filtering down to the mid-level managers and supervisors whose support and cooperation are essential to effective security. We have even seen some evidence that as security practices are enforced, workers are realizing that they can do their jobs and follow good security procedures simultaneously without serious inconvenience. The weapons laboratories, having borne the brunt of last year’s public criticism and having been a main focus of corrective efforts, provide the first evidence of a real attitudinal change. However, the Secretary’s emphatic direction (after the recent appraisal at Y-12) to make individuals accountable for security problems can be expected to send a clear, forceful message throughout the entire Department regarding the need to focus on security.
We also measured real progress in the last six months of 1999 in the "nuts and bolts" implementation of security measures. For example, our security appraisal in October 1998 rated Los Alamos National Laboratory less than satisfactory in all major areas. When we returned a year later, Los Alamos--under a new Director and with the Secretary’s new emphasis--had made much progress. Although significant issues remain, such broad progress had been made that we gave the Los Alamos security program an overall rating of satisfactory. Our follow-up visit in December 1999 confirmed that the forward momentum on the remaining problems was continuing.
As another example, security at the Lawrence Livermore National Laboratory had progressively deteriorated over the period 1993 to 1997 to the point that, during our appraisal in the late spring of 1999, we concluded that the weaknesses were so self-evident that performance testing was not needed to prove that special nuclear materials were not adequately protected. After that appraisal, at the express direction of the Secretary, the laboratory began working closely with Department field managers and key Headquarters managers to identify and implement corrective actions for these weaknesses. When Independent Oversight returned in December 1999 to evaluate progress, we concluded that the protection provided to special nuclear materials at that time was effective.
The Secretary’s personal emphasis on the protection of information in computer systems has also led to a re-examination, throughout the weapons complex, of the protection afforded to classified and sensitive information in other forms and media. This re-examination is spurring the correction of deficiencies in the protection of classified documents and parts.
With the Secretary’s continuing attention, the Department is rapidly taking action to correct known deficiencies, and procedures are now in place to implement longer-term permanent corrections--and to identify and correct other security problems that may exist. The quick progress in the past year confirms that the Department has capable security professionals who can do an excellent job at protecting our national security interests if given the appropriate direction, resources, and opportunity, and that the incredible human and technical capabilities of our facilities can be effectively applied to solving our security problems as well as to their more traditional areas of endeavor. While final judgment must be withheld until completion of the work so successfully begun, the progress to date has been unprecedented. In some cases, such as those illustrated above, once-lethargic and unresponsive programs have been completely turned around. The enabling change we have seen that has made the progress possible, and that will perhaps provide the most critical impetus to the Department’s security program, is the sea change in attitude toward security, particularly at management levels at the laboratories and other facilities. If sustained, the new attitude--instilled in large part through the Secretary’s personal involvement and leadership--can drive all the other elements that are necessary to assure a robust and formidable security program.
Independent Oversight Activities for CY 2000The Office of Independent Oversight and Performance Assurance has scheduled a full range of activities during calendar year 2000 to determine if the progress made last year is sustained, the Secretary’s initiatives are pursued, and the long-term corrective actions are implemented. Our planned activities include visits to all the weapons laboratories and other major facilities.
Office of Safeguards and Security Evaluations
This office, which evaluates safeguards and security programs, has an ambitious schedule for the year. They will conduct comprehensive appraisals at four major facilities. These comprehensive appraisals involve detailed examinations of the various elements of a facility’s protection program as well as an analysis of the effectiveness of the overall safeguards and security program. They also involve rigorous performance testing of system elements, often including major force-on-force tactical performance tests. In addition to these four major efforts, the office will conduct follow-up appraisals at eight other facilities, including Los Alamos, Lawrence Livermore, and Sandia national laboratories. These follow-up appraisals, which are also significant efforts, will focus on examining the progress and status related to previously identified deficiencies, and typically examine protection program effectiveness in other areas as well.
Office of Cyber Security and Special Reviews
This office, whose primary responsibilities are associated with cyber security oversight, has an equally ambitious schedule. They will conduct comprehensive appraisals of classified and unclassified cyber security programs at four facilities. These comprehensive appraisals, which will include performance tests, will be conducted in conjunction with the Office of Safeguards and Security Evaluations’ comprehensive appraisals discussed above. They will conduct follow-up appraisals of cyber security systems at eight facilities, also in conjunction with the safeguards and security appraisals. Concurrent safeguards and security and cyber security appraisals are more efficient and effective, allowing us to evaluate all aspects of security simultaneously, share administrative resources, and limit our impact on the facilities. This office will also conduct more focused cyber security reviews at two facilities, and will conduct extensive remote cyber security scanning and network penetration testing of computer systems at 12 facilities.
Office of Emergency Management Oversight
This office, which evaluates emergency management and emergency response capabilities, has scheduled the following activities. They will conduct full emergency management program reviews at three facilities, evaluating all aspects of emergency management and emergency response plans, facilities, training, drills, and performance. They will also conduct eight follow-up reviews to examine the status of corrective actions for previously identified deficiencies. They will plan and conduct a major emergency management performance test at one facility, and will evaluate major emergency management exercises conducted by two other facilities.
Director, Independent Oversight and
The Office of Independent Oversight and
Glenn S. Podonsky
Deputy Director, Independent Oversight
and Performance Assurance
Director, Office of Safeguards and
Deputy Director, Office of Safeguards
and Security Evaluations
Director, Office of Cyber Security and
Director, Office of Emergency Management