FAS | Government Secrecy | Congress ||| Index | Search | Join FAS


Oversight Hearing
Weaknesses in Classified Information Security Controls at DOE's Nuclear Weapon Laboratories.
Subcommittee on Oversight & Investigations
Committee on Commerce
U.S. House of Representatives
July 11, 2000


Prepared Statement of The Honorable T. J. Glauthier
Deputy Secretary
U.S. Department of Energy
1000 Independence Avenue, SW
Washington, DC 20585
Panel 2, Witness 1

Accompanied By

General Eugene E. Habiger Director Office of Security and Emergency Operations

General John McBroom Director Office of Emergency Operations

General Tom Giaconda Deputy Administrator for Defense Programs National Nuclear Security Administration


Thank you for this opportunity to appear before you today to provide an update on security at the Department of Energy's weapon laboratories.

To begin, at the end of June the Secretary Bill Richardson informed the University of California (UC) that its contract for managing the department's national weapons laboratories must be restructured in order to make much-needed improvements to security and other facility operations. We have begun negotiations with the University to bring into their operations specific security and management expertise to implement these improvements.

Although the Secretary recognizes UC's unparalleled scientific reputation and its contribution to the scientific vitality of the laboratories, he is sharply critical of their failure to bring the same degree of expertise to the management of security and facility operations.

Secretary Richardson has asked Under Secretary John Gordon to oversee this and to work with the University to identify new mechanisms and procedures to address the serious security shortcomings of the University of California at the weapons laboratories. It is expected that General Gordon will make his recommendations to the Secretary by September 5.

SITUATION UPDATE

I would like to reiterate Secretary Richardson's statement in reference to the missing Los Alamos hard-drives, that the Energy Department security procedures were not followed. Since coming to the Department, the Secretary has emphasized security issues. We are outraged at what has taken place. There are no excuses.

Now, as much as can be discussed, I would like to give a brief update on the current FBI criminal investigation. A grand jury has been convened to examine issues related to the case.

The FBI is still looking at the two hard drives found on June 16 at the Los Alamos National Lab. The Secretary has been speaking with FBI Director Louis Freeh throughout the investigation.

It has been determined by the FBI that these are the authentic disk drives. Based upon the investigation by the FBI, there is no evidence of espionage.

The Bureau continues to treat the area where the hard drives were found as a crime scene. Over the last several weeks, the FBI and Energy Department investigation has focused on a handful of X-Division employees, who have offered conflicting statements to investigators.

I can also tell you that, according to its latest findings, the FBI's working theory puts the loss of the drives at the tail end of March of this year. This time-line would be further refined as the investigation continues. This information helps clarify some details surrounding this case.

Prior to this incident, the Secretary's directive required the Department to be notified of any such problem within eight hours of their discovery. That is his policy. Instead, the University of California neglected to inform the Department until three weeks after the initial discovery.

As you know, the Department immediately brought in the FBI, informed the President, advised others in the Administration with a need to know, and shared what we knew with the relevant Congressional committees.

It can be assured that personnel will be held accountable and disciplinary action will result from this incident. But the Department will not take action until all the facts are established.

LATEST SECURITY ACTIONS

During the last two years, security has been a top priority, and the Secretary has gone to extreme lengths to improve this agency's security and counterintelligence profile. Through his leadership we have implemented more than 21 major security initiatives and have completed 36 recommendations in the Counterintelligence Implementation Plan.

However, when the recent breach came to our attention, we immediately implemented an elevated slate of security procedures to be followed in our sensitive divisions. I reviewed a number of enhanced security protection measures directed by General Eugene Habiger, Director of Security and Emergency Operations, and who is with me. These new steps will effect immediately. They include:

  • ·Encrypting selected classified electronic media ;
  • ·Enhancing verification procedures for vault and vault-type room access;
  • ·Manning all open vaults and vault-type rooms;
  • ·Evaluating existing vault and vault-type room procedures;
  • ·Increasing security measures for certain classified encyclopedic databases; and,
  • ·Conducting an immediate inventory of all Nuclear Emergency Search Team (NEST) and Accident Response Group (ARG) assets.

These steps are in addition to measures the lab has put in place:

  • ·Placing serial numbers/identification on sensitive materials;
  • ·Changing combinations to vaults; and
  • ·Reviewing vault access policy, including a vault "stand-down" to ensure procedures are followed.

NEST

Next I would like to give a description of the Department's Nuclear Emergency Search Team, familiarly known as NEST, and the policies and procedures in which it operates.

NEST is one of seven major Department of Energy Emergency Response assets tasked with responding to nuclear incidents or accidents. NEST members are dedicated volunteers who, when called, form a highly skilled force specially trained to deal with all types of nuclear and radiological emergencies.

The concept of the response teams and how the program runs on a daily basis may provide some valuable insight. Ordinarily, the Department has no standing teams formed. The all-volunteer personnel who would comprise these teams are working their normal jobs within the lab/site structure. An example of this concept would be a volunteer fire department in which a member's full time occupation is working in the local school system. That person only becomes a responder when the siren goes off; up until then he or she is a school teacher.

Similarly at the Department, when an event such as a training exercise, or an actual emergency occurs, the Secretary, through the Director of Security and Emergency Operations "stands-up" a response team. Until that time, most personnel are working full time on the laboratories' scientific and technical missions.

Once a team is formed, the operational responsibility shifts from the laboratory to the Department's headquarters chain of command. The administrative responsibility continues with the laboratories. For example, the Director of Emergency Management cannot fire or suspend a University of California team member, however, the ultimate administrative responsibility continues with the laboratory's director.

Training deployments or real world events, such as the World Trade Organization meeting in Seattle,Washington or the 50th NATO Summit in Washington, DC, present unique and difficult challenges in moving and securing the classified equipment on the road. Sometimes the teams work in US cities and other times they find themselves in overseas locations.

RECENT REPORTS

Now I would like to take this opportunity to address recent reports criticizing the Department's security.

We have recently reviewed the Inspector General's report entitled "Inspection of Allegations Relating to the Albuquerque Operations Office Security Survey Process and the Security Operations' Self-Assessments at Los Alamos National Laboratory." We are concerned about these results, particularly with respect to the reported changes to the 1998 and 1999 surveys without providing a documented rationale for the changes. We note however, that making such ratings decisions always involves a degree of objective judgment.

However, we are more concerned with the reported destruction of work papers regarding the survey ratings at the Albuquerque Operations Office, and reports that thirty percent of the laboratory security staff felt pressured to "mitigate" security self-assessments and other related allegations. We are reviewing the report carefully and are not ruling out changes to existing procedures regarding our security surveys and self-assessments. We also are reviewing the role and actions of the personnel involved in these particular surveys and assessments, and stand ready to hold personnel fully accountable for any improper actions taken, if our review indicates that to be the case.

I will now discuss the responsibilities of the Department's Counterintelligence (CI) Program inspections. This program was directed by Presidential Decision Directive No. 61, which directed the establishment of a CI Program at Energy, and the inspections of the CI Programs in the laboratories, sites and operations offices. These inspections assess program performance in seven topical areas, which include subjects such as investigations, training, analysis and management. The inspections also evaluate the degree to which the programs are in compliance with the measures identified by the CI Implementation Plan.

The CI Programs of the three national laboratories were inspected in August, September and October of 1999. As the Committee knows, the CI Program at Lawrence Livermore received a satisfactory rating. The CI Programs at Los Alamos and Sandia, however, received a marginal and an unsatisfactory rating, respectively. Many of the problems stemmed from the newness of these CI Programs and the personnel involved. Shortfalls identified by the inspections were responded to in corrective action plans developed by the programs; progress on the corrective actions was tracked by Office of Counterintelligence management.

The Office of Counterintelligence reinspected the Los Alamos and Sandia CI Programs in April of this year. These special inspections focused on the problem areas that were identified during the initial Inspections. In both cases, the inspections found that the corrective actions had been completed and both programs received satisfactory ratings. The Lawrence Livermore CI Program will be reinspected in September.

Next, I would like to make a few comments on the recently publicized General Accounting Office (GAO) report on the Department's foreign travelers. The Department agrees with the GAO that travelers to nonsensitive countries may also encounter incidents similar to those experienced by sensitive country travelers and that any Department employee traveling overseas could be an intelligence target. It is true that the initial focus of the CI Program has been on Departmental employees working in classified programs who have sensitive country contact. However, our CI Program does not focus only on those employees and programs. The Department's Counterintelligence Program collects information of any kind or any location that may show a foreign intelligence presence. Moreover, all employees and contractors are required to receive an annual CI awareness briefing that instructs on the methods and capabilities of foreign intelligence services. During these briefings, employees are instructed to inform their CI officers of anything they observe that may be an indicator of intelligence activity.

In short, our relatively new CI Program, which truly only got underway after Secretary Richardson arrived to the Department in late 1998, leaves the Department far better prepared to protect its personnel and programs overseas than ever before. Our defensive CI Program now can be said to be one of the best in government, and it will continue to improve. The fact that the report cites a number of overseas incidents is not an indicator of CI Program deficiencies; rather, the existence of these incident reports demonstrates that Energy's CI Program is getting the information it needs to build a good defense to these ongoing hostile intelligence activities. Moreover, as a result of the incident reporting the CI Program is getting, we believe we are steadily improving our ability to get the message to our employees on how they can protect themselves during overseas travel.

LARGER PICTURE

The Department of Energy has a greater charge from the American people. Our overall nuclear security. It is a task far more complex than can be described by me or debated to a satisfying conclusion here today.

We are responsible for:

  • ·Sustaining America's nuclear deterrent - the cornerstone of our national defense; and
  • ·Securing nuclear weapons materials and know-how - at home and abroad.

The Department has taken its security responsibility very seriously. The challenges of the Department of Energy have crossed decades and administrations.

Ultimately, security will always also be an individual responsibility, and must rely on the dedication, loyalty, and patriotism of our weapons scientists. And these people must be accountable like anybody else. Individuals are, indeed, fallible, and no amount of policy - no amount of legislation - will protect us from irresponsibility and human failings.

We must remember that a successful security policy is one that results in the detection of security violations. The worst security violations are the ones that go undetected. We will continue to keep you and other key Congressional committees informed of further developments immediately as they become available.

Thank you for this opportunity to appear before you today to provide an update on security at the Department of Energy's weapon laboratories.




FAS | Government Secrecy | Congress ||| Index | Search | Join FAS