Mr. Chairman, thank you for the opportunity to speak with the committee today about the Department of Energy=s (DOE) Safeguards and Security Program, and the Department=s long history of suppression and reprisal against individuals attempting to do their jobs. DOE=s arrogant disregard for national security is clearly described in the June 1999, Report on Security at the Department of Energy by the President=s Foreign Intelligence Advisory Board (PFIAB), and Congressman Cox=s committee report on espionage at our national laboratories. It is clear today that DOE has sacrificed nuclear security for other budget priorities and has jeopardized national security by failing to protect its Laboratories against widespread espionage or against terrorist attack.

Over the past nine years, I have served as the Director of DOE=s Office of Safeguards and Security. In this capacity, I have been responsible for the policy that governs the protection of the DOE=s national security assets, including nuclear weapons, nuclear materials, highly classified information and personnel clearances for these assets. My office is also charged with investigating security incidents involving the loss of nuclear materials and the unauthorized disclosure of classified information.

As you know the Department of Energy placed me on Administrative Leave on April 19, 1999. DOE officials allege that I committed a security infraction. They claim that I disclosed classified information during a conversation with a whistleblower. This is not true based on the Department=s own classification procedures and guidelines (CG-SS-3, Chap 10, Dispersal of Radioactive Material), these allegations are completely unfounded. I have been an authorized classifier in the DOE and its predecessor organizations for over 25 years and helped develop the first classification guide in this area in 1976. I am also the Department=s subject matter expert in this area, yet the DOE did not consult my staff or me before taking this action. Further, DOE failed to follow its own procedures in investigating these issues before placing me on Administrative Leave, and has failed to respond to my classification challenge since. I believe this action to be an obvious act of retaliation against the individual and the office that has tried to bring an increasingly distressing message of failed security at the DOE Laboratories forward since 1995. In addition, my situation at DOE remains unresolved with the threat of a more serious actions as a realistic possibility.

Prior to joining the Office of Safeguards and Security I held several high level positions within the Department=s safeguards and security program areas. From 1988-1989 I served as Director, Office of Security Evaluations. In 1978 I joined the DOE at the Chicago Operations Office and in 1979 became the Director of the Safeguards and Security Division. Prior to joining DOE, I served as an officer in the U.S. Army. Active military service included a number of Military Intelligence and Special Forces assignments in Europe and Southeast Asia. I culminated my military duty as a reserve officer after over thirty years of active and reserve service.

As the Director, Office of Safeguards and Security, my team has provided senior DOE management with sound, professional judgement regarding security of our nation=s most critical strategic nuclear assets. We have provided specific action plans to correct shortcomings, even though much of what we have recommended has not been considered politically correct, since the Cold War is now over. The steady decline in resources available to the DOE safeguards and security program as well as a lack of priority has allowed the Department=s security posture to deteriorate to a point where it is not effective. I refer in my written testimony to a number of unclassified reports from the Office of Safeguards and Security, issued between 1994 and 1999, which document the reduction in the Department=s security readiness. These reports are supported by hundreds of classified reports which provide detailed analysis.

The information presented in the testimony I submit today is not new. The message has been repeated consistently over the last decade, in such reports prepared by my office as the Annual Reports to the Secretary in 1995, 1996 and 1997. In fact, these reports were frequently referenced and footnoted in the PFIAB Report. External reviews such as the Report to the Secretary, by General James Freeze, or the Nuclear Command and Control Staff Report on Oversight in the DOE in 1998, cite similar concerns. There have also been a large number of General Accounting Office Reports addressing these and other areas. We have frequently reorganized, restructured and studied these issues, however, the department has not chosen to resolve these serious and longstanding problems.

I would like to cover a few specifics to introduce the committee to the severity of the issues. Technical expertise and continuous external oversight will be required to assure their correction. Reorganization and reshuffling will not suffice.


One of the primary interests expressed in recent months, and indeed widely covered by the media recently, is the loss of classified information from the computer systems at the National Laboratories. Indeed, I believe we are sitting at the center of the worst spy scandal in our Nation=s history.

The DOE Computer Security Program suffers from a variety of problems. Of primary concern is the lack of protection for unclassified sensitive information and the ease with which it can be transferred from classified systems. Until last month little guidance had been issued on how to protect sensitive but unclassified information. Further, system administrators are charged with the responsibility for designing their own protective measures. Unfortunately, many of them do not have the computer security knowledge required to implement a sound computer security program. Attempts to issue comprehensive guidance by my office and the Chief Information Officer as early as 1995 met with significant Laboratory resistance and failed. Several Laboratories and their Program Assistant Secretaries in Washington believed that providing protection, such as firewalls and passwords, was unnecessarily expensive and a hindrance to science. Implementation of the proposed Computer Security Regulations in 1996 would have prevented many of the losses being reported today.

A variety of computer security tools and techniques, such as encryption devices, firewalls, and disconnect features, are required by policy; however, these policies were frequently ignored. Something as simple as using different size floppy discs between classified and unclassified systems was refused as unnecessary.

Last year, despite the most severe and candid briefings to the Secretary on compromises of nuclear weapons data at our National Laboratories, we were still unable to move essential policy changes forward. It was not until Congressman Cox=s report began to take shape that DOE began to react.


While much attention of late has been directed toward foreign visitors, espionage and the protection of classified information, equally serious cause for concern exists in other areas as well. For instance, since 1992, the number of protective forces at DOE sites nationwide has decreased by almost 40% (from 5,640 to the current number of approximately 3,500). In 1996, the numbers were far worse, but continuous pressure from my office resulted in an increase of several hundred Security Police Officers over that low. In the same timeframe the inventory of nuclear material has increased by more than 30%. The number of Security Police Officers has declined to the point where it is questionable at some facilities whether the DOE Security Force could defeat an adversary. By 1996 several facilities were no longer capable of recapturing a nuclear asset or facility if it were lost to an adversary. Indeed, a number of sites stopped training for this mission because resources were reduced below the minimum level necessary to expect success. We have had some success in increasing security force numbers in recent years and at this time all sites claim they can satisfy the requirement to maintain control over these facilities. Yet, several of these sites are using unrealistic performance tests to verify that their Protective Force can recognize, contain and neutralize the adversary. For instance, artificial "safety constraints" are imposed on exercise adversary teams that effectively neutralize their ability to operate. A review by a DOD Special Operations team at one of our sites last year reported that needlessly restrictive exercise rules for the intruders resulted in a false site win and a false sense of security.

There have been several other consequences of reduction in the number of Security Force Officers. First, DOE sites are relying increasingly on local law enforcement agencies to handle serious security threats. While their dedication and intent are clear, their training and ability to respond in a timely manner in a nuclear terrorist situation is questionable. Second, sites have difficulty increasing the operations tempo of security during high threat periods. Finally, an average annual overtime rate in our nuclear weapons facilities of approximately 25% has had detrimental affects on safety, training, and response capabilities.


A centrally funded and well-integrated National-level security exercise program is critical to meet the safeguards and protection needs of DOE and the nation. Exercises that address site response and management of security crisis are required by regulation to be held annually at critical DOE facilities. However, participation by State and local law enforcement, regional offices of the Federal Bureau of Investigation (FBI) and other Federal agencies is inconsistent and varies considerably. Under Presidential Decision Directive 39, U.S. Policy on Counterterrorism, and Decision Directive 62, Protection Against Unconventional Threats to the Homeland and Americans Overseas, the Secretary of Energy is directed to conduct exercises to ensure the safety and security of its nuclear facilities from terrorism. With the cooperation and support of the FBI, several regional exercises were conducted at DOE sites in the last year. However, funding and commitment are far short of the required goals. My staff has estimated that we are meeting only about 25% of our site requirements. Importantly, the majority of the funding for exercises resides at the site level where expenditures must vie with other immediate program needs each fiscal year, usually to their detriment.


Another area of concern involves aging and deteriorating security systems throughout the DOE complex. Physical security systems such as sensors, alarms, access control and video systems are critical to ensure the adequate protection of Special Nuclear Material (SNM) and classified material and weapons parts. Many facilities have systems ranging in age from 14 to 21 years, and are based on technology developed in the mid-70's. Because of the obsolescence of these systems they fail too frequently and replacement parts and services are increasingly expensive and hard to obtain. Expensive compensatory measures (i.e., security force response) are required as a stopgap measure to assure adequate protection. Older systems are also vulnerable to defeat by advanced technologies that are now readily available to potential adversaries. Continual reductions, delays or cancellations in line item construction funding increase the risk to sites security. Also, DOE is not realizing significant savings available through advancements in technology that have increased detection, assessment, and delay capabilities.


I fear that a recent decision by the Department to have HQ Program Offices fund the cost of clearances for field contractor personnel will have severe repercussions. Since implementing this new approach at the beginning of FY 1999, we have already seen a dramatic increase in the backlog of background investigations. As with other security areas, program offices must decide between competing interests when determining those areas to be funded. Unfortunately, security activities are relegated to a lower tier in terms of importance by most program Assistant Secretaries and field sites. This appears to be the case with the funding of security background investigations. As the first line of defense against the "insider" threat, adequate funding and timely conduct of reinvestigations is critical to ensuring that DOE maintains a security posture commensurate with the level of threat and that only reliable and trustworthy individuals are given access to critical national security assets.


Presidential Decision Directive-39, The United States Policy on Counterterrorism, requires all governmental agencies to implement security measures to defend against weapons of mass destruction, including chemical and biological weapons. The Office of Safeguards and Security has developed the necessary policies and requirements for implementing PDD-39. Labs and production plants, however, have been slow to purchase and install explosive detection systems, with only a limited number of sites having done so. HQ program Assistant Secretaries claim that there is no funding for such equipment. I find it hard to believe we can find money to provide explosive detection at airports nationwide but not at our most sensitive nuclear facilities.


Operating beneath the surface of these major challenges are some fundamental issues that, if properly addressed, could provide the impetus to effect real progress. These challenges are not new, nor are their solutions.


This is the central and root-cause issue for failed security in the DOE. As previously stated, when HQ program Assistant Secretaries face funding shortfalls, there is a tendency to cut security programs in equal or greater proportion than other program elements. In recent years, these cuts have been routinely made without the benefit of assessing the impact these cuts have on the security of the site or assets in question. The implementation of virtually every security program, from the Information Security Program to the Protective Forces, has suffered significantly. Many of these cuts are shortsighted and ill advised, and as we have seen they have led to serious security lapses. Nevertheless, my office had no authority to ensure HQ program Assistant Secretaries implementation of departmental security policies and requirements. Similarly, my office has few resources to provide program offices or field elements to help pay for appropriate security measures. The new Security Czar does not have a budget for implementation. Safeguards and Security budgets for DOE should be provided through one or more line items to the Security Czar, not the program Assistant Secretary. Without an adequate budget there is simply no authority.


It should be apparent that attempts to implement internal oversight of the DOE safeguards and security program have failed over the last decade. While there have been high points and periods when oversight has been effective, organizational and budget pressures have played too central a theme for this function to remain within DOE. An organization like the Commission on Safeguards, Security and Counterintelligence for Department of Energy Facilities proposed by the Senate in Section 3152 of the National Defense Authorization Act for Fiscal Year 2000 should be established to independently review Security at DOE and the Laboratories. This would fulfill longstanding recommendations of both GAO and the Congress. Further a direct information mechanism should be established to one or more of the Congressional Committees.


In all of the reviews of the safeguards and security program conducted during the last decade, there is a recurring theme. Namely, the organizational structure of the Department=s Safeguards and Security Program does not align programmatic authority and responsibility and is too open to manipulation by the contractors. The Safeguards and Security Program in its current structure has one organization developing policy, training and providing technical field assistance (OSS), another organization providing funding and "implementing guidance" (Headquarters Program Offices), a third tier of organizations (Field Sites) is responsible for implementation of policy, while a fourth (EH) is responsible for oversight. A fundamental change in both the organizational structure and funding of the Safeguards and Security Program is absolutely necessary before the Department can begin to systematically address the major challenges previously addressed. These organizations must be consolidated with policy, guidance and implementation in one location, and with an appropriate budget to participate in Department decision making.

Secretary Richardson recently announced the selection of a new "Security Czar" for the Department. Based on the Secretary=s pronouncements many of these concerns could be answered. However, the Secretary=s statements and the actual actions occurring within the DOE seem startlingly different. A disturbing document entitled, "Safeguards and Security Roles and Responsibilities@ has been circulated by the Undersecretary and Roger Hagengruber of Sandia National Laboratory that would give the Security Czar less authority than I had in DOE. Specifically, in the proposed security structure, critical approvals would be delegated from Headquarters to the very Laboratories that have allowed critical losses. Important security plans as well as exceptions to national and departmental regulations would be delegated to the field. And finally, oversight inspections would be conducted "for cause" only, based on initial reviews and self-inspections by the Labs themselves.

Ladies and gentlemen, this devolution of the few authorities reserved to the DOE is in direct conflict with the serious negligence identified in both Congressman Cox=s Report and that of the PFIAB. It is the organizational equivalent of sending the fox in to count the hens. The head of such an eviscerated organization could hardly be called a Czar. This proposal-developed by the Labs at a cost of almost 2 million dollars - is a perfect example of the organizational and policy

interference by the Labs that is also documented in the PFIAB report.


I would be less than forthcoming if I failed to mention the most positive aspect of the Department=s safeguards and security program. The program is staffed by hard working dedicated men and women throughout the country, both Federal and contractor, who are firmly committed to protecting the critical national security assets entrusted to their care. The responsibilities of these individuals are most demanding and frequently dangerous in many respects. Yet despite the dwindling resources available to them, these individuals continue to perform in an outstanding fashion. Where this Department has failed is in providing these professionals the necessary resources and training to allow them to perform their responsibilities safely and appropriately. The Department has also failed to provide protection so that individuals will bring forward problems and deficiencies without fear of retaliation.

It is due to the professionalism and diligence of the DOE security workforce that progress has been made in some of the areas I previously addressed. However, the DOE field is strewn with the careers and reputations of security officers who have dared question the system or raise concerns for the security of our sites or the health and safety of the public. One site has had 5 Security Directors in a little over 2 years. The last, David Reidenour resigned in disgust after only 90 days, stating that he had never before been in a position where his duty to protect the health and safety of the public placed him in direct conflict with loyalty to his supervision. Men like Rich Levernier, Gary Morgan and David Reidenour are joined by contractor Security Directors like Bernie Muerrens and Link White who tried to do the "right thing" for the country and were rewarded by replacement or reprisal.

Numerous Security Police Officers responded to former Secretary O=Leary=s call in 1994 to come forward without fear of reprisal only to suffer harassment. After the press conference was over and the cameras and microphones were turned off, they suffered reprisal as thanks for their efforts. Men like John Hnatio, Jeff Hodges, Jeff Peters and Mark Graff have all had their careers ruined for coming forward and addressing serious lapses in DOE security practices. This year, one of our best and longest serving Security Directors suddenly retired after attempting to take action against an employee who willfully violated security procedures and admitted a Russian visitor, under escort, to a security area at the Savannah River site. The DOE escort allowed the Russian to carry an uncleared laptop computer into the area, after being warned by the Security Office not to do so.

The Department=s history of harassment and reprisal sends a very clear warning that this government does not want to attract or keep its best and brightest.

Despite current legislation, gaps exist in current employee protection specifically where security clearances or classified information may be part of the issue. Under some circumstances current organizations do not review claims of inappropriate or prohibited employment practices where these elements are present. Willful negligence has flourished in DOE and will continue to do so as long as officials can hide capricious and sometimes malicious acts behind the mantra of National Security. While I place no value higher than duty to my country, some forum must be identified or clearly chartered to assure everyone has a fair and impartial hearing and all have the same right to "due process" which we expect as citizens and is provided for provided by our Constitution.

Mr. Chairman, career civil servants are charged foremost with assuring the public health and safety, and the protection of our environment. However, if civil service is solely based on a personal whim, then the public will be protected and served only as long as it is politically expedient to do so.