FAS | Government Secrecy | Library ||| Index | Search | Join FAS


Science and Security
in the Service of the Nation:

A review of the security incident
involving classified hard drives at
Los Alamos National Laboratory

SEPTEMBER 2000

A report to the
President of the United States
and the Secretary of Energy
by the Honorable Howard H. Baker, Jr.
and the Honorable Lee H. Hamilton


September 25, 2000

The President
The White House
Washington, D.C. 20500

Dear Mr. President:

Pursuant to your request, herewith we transmit the report on our review of the security incident involving classified hard drives at Los Alamos National Laboratory.

Respectfully submitted,

Howard H. Baker, Jr.

Lee H. Hamilton

Enclosure


September 25, 2000

The Honorable Bill Richardson
Secretary of Energy
U.S. Department of Energy
Washington, D.C. 20585

Dear Mr. Secretary:

Pursuant to your request, herewith we transmit the report on our review of the security incident involving classified hard drives at Los Alamos National Laboratory.

Respectfully submitted,

Howard H. Baker, Jr.

Lee H. Hamilton

Enclosure


Table of Contents

Preface
Key Findings
I. Introduction
II. Los Alamos National Laboratory

III. The hard drive incident and its implications IV. Conclusion
End Notes
Appendix


Preface

On June 13, we were asked by the Secretary of Energy to review the facts surrounding the loss of two hard drives containing significant quantities of sensitive nuclear information from the Nuclear Emergency Search Team (NEST) at Los Alamos National Laboratory (LANL).

Our charter was neither to evaluate Department of Energy (DOE) security as a whole, nor to duplicate earlier efforts. Neither the time nor the resources devoted to this study would have permitted such an expansive scope, nor was such an effort necessary in light of the thorough report on security issues at the national laboratories issued last year by the Special Investigative Panel of the President's Foreign Intelligence Advisory Board (PFIAB) chaired by the PFIAB Chairman, former Senator Warren Rudman.

We were not asked to try to establish individual culpability, and we have not. Indeed we have carefully avoided any action -- e.g., interviewing the individuals already identified as having possibly been involved in the incident -- that might interfere with existing law enforcement efforts. As the investigation of this matter by the Federal Bureau of Investigation, the Justice Department, or the U.S. Attorney's Office in Albuquerque fall outside the scope of our authority, we make no comment on their activities.

Finally, based on the information available, in fact we do not know how or why the hard drives were lost, misplaced, or stolen. We do not know whether they remained in the copy room where they were ultimately found, or were returned there. And, we do not know what happened to them while they were missing. As far as we know, there is no proof on these points at this time, and therefore we draw no conclusion.

Without knowing what exactly happened to the hard drives, however, we aim to achieve a broader purpose. The following report to the Secretary and to the President of the United States reflects our assessment of the underlying causes of what happened and why, and recommends a number of corrective actions that might reduce the risk of future security lapses of this kind.

In conducting our review, we enjoyed full access to DOE policies, orders, and directives; interviewed dozens of individuals from inside and outside DOE, including other federal departments and agencies; sought additional views through the use of a questionnaire; conducted site visits to LANL and Sandia National Laboratories; and reviewed the extensive literature of past reports and assessments regarding the security issues at DOE and the national laboratories. These contributions are identified in the Appendix to this report. We wish to acknowledge with gratitude the comments -- written, and oral, solicited and unsolicited -- that were presented to us. Respect for the confidentiality of the individuals who provided them prevents us from acknowledging them by name, but we greatly benefited from their diverse perspectives.

We wish to thank Secretary of Energy Bill Richardson, Secretary of Defense William Cohen, Director of Central Intelligence George Tenet, Director of the Federal Bureau of Investigation Louis Freeh, Administrator of the National Nuclear Security Administration John Gordon, Director of LANL John Browne, Director of Sandia National Laboratories Paul Robinson, University of California Chancellor Richard Atkinson, and the other individuals with whom we met. All offered their full support and cooperation with our efforts. In particular, we would like to thank Senator Warren Rudman for sharing the insights he gained in carrying out the earlier PFIAB study, and for the support and assistance we gained from Randy Dietering and other PFIAB staff members, as well as through access to the archives from their earlier research.

We also benefited from the insights and perspectives of past officials and private citizens, including the men and women of Los Alamos National Laboratory. In addition, in preparing tnis report, we were assisted by John Tuck, Daniel Poneman, Howard Liebengood, and John Hartford.

Howard H. Baker, Jr.
Lee H. Hamilton


Key Findings

  • While it is unclear what happened to the missing hard drives at Los Alamos National Laboratory, it is dear that there was a security lapse and that the consequences of the loss of the data on the hard drives would be extremely damaging to the national security.

  • Among the known consequences of the hard-drive incident, the most worrisome is the devastating effect on the morale and productivity of LANL, which plays a critical national-security role for the Nation.

  • The current negative climate is incompatible with the performance of good science. A perfect security system at a national laboratory is of no use if the laboratory can no longer generate the cutting-edge technology that needs to be protected from improper disclosure.

  • It is critical to reverse the demoralization at LANL before it further undermines the ability of that institution both to continue to make its vital contributions to our national security, and to protect the sensitive national-security information that is critical to the fulfillment of its responsibilities.

  • Urgent action should be taken to ensure that Los Alamos National Laboratory gets back to work in a reformed security structure that will allow the work there to be successfully sustained over the long term.

  • The following actions -- to be commended to the President, the Secretary of Energy, the Administrator of the National Nuclear Security Administration (NNSA), and to the Congress -- should promote the vital objectives of restoring the performance of outstanding science and outstanding security at Los Alamos National Laboratory:

    1. Organization

    2. Security Measures and Procedures

    3. Personnel Actions

    4. Resources


    I. Introduction

    On June 1, the Director of the Los Alamos National Laboratory learned that two hard drives for use in laptop computers by members of NEST -- the elite emergency response team responsible for disabling nuclear devices at a moment's notice -- had been unaccounted for, for at least the past 24 days. On June 16, both drives were found behind a photocopier inside the security perirneter of X Division, but outside of the vault where they belonged.

    As part of its effort to address the serious security lapses laid bare by this episode, Secretary Richardson asked us to conduct an independent review aimed at establishing how and why this incident occurred, and to propose corrective actions. This report to the President and to the Secretary is the product of that review.

    We are aware of the sensitivity of our task. The hard drive incident and other recent events have created a profound crisis of confidence within and around the Department of Energy. This crisis has jeopardized the Department's ability to fulfill successfully its critical role as the custodian of the Nation's nuclear weapons and nuclear secrets. To overcome the crisis, it is essential to regain the confidence of the Congress and the American people that our nuclear secrets are safe and secure. It is equally essential to regain the confidence of scientists that they and their work at LANL are highly valued.

    The seriousness of this incident has focused enormous attention upon -- and created an opportunity to address -- the problems of security in the DOE complex. The Department should seize that opportunity. While the Department of Energy must bear the largest burden in this effort, uitimately the endeavor cannot succeed without strong support by the President and the Congress, as well.

    By any measure, the loss of these hard drives constituted an extraordinary risk to our national security. How much damage occurred, if any, we do not know, as we do not know what happened to the drives during the period they were missing. And, as this report will show, despite the substantial gaps that remain in our knowledge about the particulars of the hard-drive incident, that such an episode occurred cannot be surprising once one has closely reviewed the institutional and practical shortcomings of security at the Los Alamos National Laboratory.

    Our purpose is to review, not to investigate. We were not charged to assess blame, to identify a culprit, or to displace the role of any of the formal investigations surrounding this episode. The security lapse reviewed here reflected a cascade of events and decisions over many years, rather than a single misstep. Thus, while the Secretary of Energy must bear the burden of responsibility for ensuring that our nuclear secrets are safe and secure at the national laboratories, his predecessors must bear their fair share of the burden of the shortcomings documented in years past in the implementation of security measures.1

    In the aftermath of the Cold War, many in government may have let down their guard in attending to security matters. Certainly the nature of the nuclear threat has changed since the days of family bomb shelters and air raid alerts. But, while the character of the security risks we face has changed dramatically -- from the prospect of all-out attack by the Soviet rocket forces to the far more amorphous but growing threat of nuclear proliferation spawning a terrorist nuclear incident somewhere in our midst -- those risks remain real and so does the need for rigorous security.

    The national laboratories continue to be essential to our national security. Our most important nuclear secrets reside there. What our scientists do at LANL and the other national laboratories has been -- and continues to be -- integral to keeping this country strong and free. The service they have rendered the Nation since World War II has been invaluable and incalculable.

    As the nature of the nuclear threat has changed with the times, so has the nature of the security threat to our nuclear secrets. For example, we need to understand -- and address -- the extraordinary security risk posed by high concentrations of sensitive nuclear weapon-related information in highly portable, easily-concealable forms such as small, removable computer disk drives. By clarifying how our security vulnerabilities have evolved, we may gain valuable insights into specific shortcomings in security practices and procedures at LANL, and elsewhere.

    In that spirit, we have developed recommendations to reduce the risk that these kinds of security lapses will recur at LANL. In doing so, we have preserved the fundamental principles that have guided our atomic program since its beginning. These include the preservation of civilian control over our nuclear weapons arsenal, and of the deep sense of individual responsibility imbued in the custodians of that arsenal.

    It is not sufficient, however, simply to guard against the loss of nuclear secrets. We must also promote a strong and vibrant scientific culture at our national laboratofies to continue developing the technological advances that secrecy is designed to protect. Our recommendations aim to advance both of these vital national objectives. Given the possible consequences of losing either our nuclear superiority or our nuclear secrets, our Nation and the custodians of our nuclear weapons complex can afford to do no less.


    Past Studies of DOE Security

    The President's Foreign Intelligence Advisory Board published a report in June 1999 on security problems at the U.S. Department of Energy. This report included an extensive analysis of approximately 115 investigations and reports -- by executive branch agencies including DOE, the Congress and the General Accounting Office, and independent panels -- conducted between 1979 and 1999. These documents record extensive security and counterintelligence problems in the Department and at the national laboratories. We also reviewed reports issued by GAO, DOE and independent panels that cover the 1999 to 2000 time frame. These reports address the following subject areas: the physical protection of sensitive nuclear data, materials, and technology; personnel security; foreign visitors and assignments; information security; security management, planning, and oversight; and counterintelligence. In its report the PFIAB panel concluded: "More than 25 years worth of reports, studies and formal inquiries ... have identified a multitude of chronic security and counterintelligence problems at all of the weapons Labs. These reviews produced scores of stern, almost pleading, entreaties for change. Critical security flaws ... have been cited for immediate attention and resolution ... over and over and over...." The reports published after the PFIAB report continue to comment on implementation problems in accomplishing Secretary Richardson's security initiatives, particularly concerning the continuing question of who has the authority, responsibility, and accountability for security management.


    II. Los Alamos National Laboratory

    A. History

    Los Alamos National Laboratory has played a key role in the history of the 20th Century. It helped end World War II, through the extraordinary efforts of the brilliant and patriotic individuals who gathered there to work on the Manhattan Project -- chemists, physicists, soldiers, and many others from all over the country. Many were recent irnmigrants from other nations.

    Despite their differences, a common purpose and destiny united these uncommon individuals. They won their race against time, and against a desperate and resourceful enemy who would stop at nothing to achieve world domination.

    From the moment that President Franklin Roosevelt received Albert Einstein's 1939 letter outlining the explosive potential of atomic fission, scientist and government have worked in tandem -- if not always in harmony -- to build and maintain America's nuclear arsenal. So, from the very beginning, the science of Los Alamos has been closely tied to the government, in a long and productive partnership.

    B. The mission and its importance

    While the Cold War has ended, the mission of LANL and the other national laboratories remains essential to the national security of the United States. Some of the finest scientists in the world have gathered there, and the Nation depends on their unique work in preserving our nuclear deterrent. It is therefore essential to preserve the ability of the laboratory to conduct the leading-edge science that has helped keep America strong and free for the past half-century.

    The scientists at our national laboratories know that. Indeed, that is why so many have chosen to work there. It is important to remember -- especially during the swirl of current events and sensational news reports -- that the vast majority of the scientists of Los Alamos are patriotic Americans who place high value on the well-being of our country. They have worked hard to improve the security of our Nation and its citizens, not to undermine it.

    C. NEST and its role

    The Nuclear Emergency Search Team is part of DOE'S program for preparing and equipping specialized response teams to deal with the technical aspects of nuclear or radiological terrorism. The NEST program was established in 1974 to provide technical assistance to the Federal Bureau of Investigation (FBI), which is responsible for investigating illegal activities -- including terrorist threats -- involving the use of nuclear materials within the United States. NEST capabilities include search and identification of nuclear materials, diagnostics and assessment of suspected nuclear devices, technical operations in support of render-safe procedures, and packaging for transport to final disposition. NEST assets are drawn from the Nation's nuclear weapons complex. Response teams vary in size from a five person technical advisory team, to a tailored deployment of dozens of searchers and scientists who can locate and then conduct or support technical operations on a suspected nuclear device. NEST personnel and equipment are ready to deploy worldwide at all times.

    NEST is now fully integrated into the Federal response to nuclear or radiological terrorist incidents, whether at home or abroad. NEST experts include engineers, scientists, and other technical specialists from DOE's nuclear weapons laboratories and facilities, including Los Alamos National Laboratory, Sandia National Laboratories, Lawrence Livermore National Laboratory, the Remote Sensing Laboratory and the Pantex plant.

    NEST specialized response teams include coordination, liaison, and advisory teams, search teams, technical operations teams, and planning support teams. These teams aim to provide a rapid, flexible response in support of the Lead Federal Agencies, i.e., the FBI, Department of State, or the Department of Defense, depending on the circumstances, to help resolve all technical aspects of the crisis. All response team deployments are directed by DOE headquarters, after coordination with other concerned agencies. This interagency process may involve strict operational security to protect classified or sensitive details of the response operation.

    D. Science and Security

    From the earliest days of the atomic age -- the debate between Leo Szilard and Enrico Fermi over whether to publish research concerning nuclear chain reactions, the historic struggles between J. Robert Oppenheimer and General Leslie Groves during the Manhattan Project -- the tensions between the need for science and the need for secrecy were evident. More than evident, these tensions were inevitable, in light of the nature of science and the nature of information security:

    Despite this inherent tension, we believe that it is essential to promote good science and good security at LANL. Indeed, both science and security must be program objectives at LANL, and in NEST. While accommodations will be required to ensure that each objective adequately takes the other into account, neither can be sacrificed to the other. This country can boast a long and noble tradition of effectively protecting the science that has served our national security, by embedding the security mission in many of our Nation's most advanced scientific programs. The historical record supports the view that this tension is manageable and has, on the whole, been well managed for decades by the managers and scientists at the national laboratories. Regrettably, the exceptions to the rule have been dramatic, and have clouded this record, which makes it all the more important to respond effectively to those exceptions.


    Role of the University of California

    The University of California (UC) manages three laboratories for the U.S. Department of Energy: the Ernest Orlando Lawrence Berkeley National Laboratory and the Lawrence Livermore National Laboratory (LBNL and LLNL, respectively, both in California), and the Los Alamos National Laboratory in New Mexico. The university has managed the laboratories since their inceptions. LBNL was established in 1931, LANL in 1942, and LLNL in 1952. The three laboratories have a combined UC workforce of 18,000 people and operate on federally financed budgets totaling approximately $3.2 billion.

    Contracts

    The current contracts were approved by the UC Board of Regents and DOE in September 1997; they expire in September 2002. Compensation to UC under the contracts is based in part on performance, measured against objective, mutually agreed upon criteria. Much of the compensation is returned to the laboratories for research activities. As part of the annual performance appraisal process, the quality of science and technology at the laboratories is assess by a peer review process.

    Oversight

    The Board of Regents has ultimate authority for the university's laboratory management. The Regents' Committee on Oversight of the DOE Laboratories -- one of the board's eight operating committees -- considers matters related to laboratory management, reporting on these matters and referring action to the full board. With the approval of the regents and the concurrence of the DOE, the president of the University appoints the laboratory directors. Management oversight of the laboratories is delegated by the Regents to the university's president. The provost/senior vice president for academic affairs oversees scientific and technical programs at the laboratories; the senior vice president for business and finance oversees administrative functions associated with the university's laboratory management.

    The UC National Laboratory Coordinating Committee reports to the University president on issues related to laboratory management. The group consists of the two senior vice presidents, and other senior managers in the UC Office of the President.

    The UC President's Council on the National Laboratories advises the president and the regents on all aspects of laboratory management and operation. Appointed by the president, council members bring experience from academic and research institutions, private industry, and government and military service. About a third of the council members are also UC faculty members.

    Reporting to the provost and senior vice president for academic affairs, the Office of Research and Laboratory Programs has responsibility for the programmatic and scientific technological oversight of the laboratories' performance. It supports the president's council, promotes scientific and academic interactions, and works to resolve programmatic and scientific issues.

    The Laboratory Administration Office, part of the UC Office of the President, works closely with the laboratories and DOE to provide overall contract management and specific oversight in these functional areas: laboratory management, information management, facilities management, environmental safety and health, procurement and property management, human resources, financial systems, and safeguards and security.


    III. The hard-drive incident and its implications

    A. What happened?

    Within the limitations on our mandate, noted in the Preface to this report, our review produced the following observations about what happened to the disk drives:

    B. Why did it happen?

    1. Were official policies, directives, and procedures deficient?

    We did not find evidence linking the loss of the hard drives to either the presence or absence of official DOE policies, directives, and procedures for the protection of classified information. DOE policies, directives, and procedures for the protection of classified information are, in general, rigorous and thorough. Indeed, we had some concern that the rules were so numerous as to be needlessly complex and confusing. DOE security rules and regulations properly call for a high degree of safeguarding and protection of information relevant to nuclear weapon design and manufacture. In recent years, particularly following the Wen Ho Lee incident, DOE has increased security within the Department, first with the promulgation of PDD-61, which, among other things, established an Office of Counterintelligence within DOE, and later with a series of measures adopted by Secretary Bill Richardson. These included the appointment of a "security czar" and the requirement that key laboratory personnel submit to polygraph examination. Following the hard-drive episode, the Secretary ordered a number of further actions to bolster secuity.3 While we question the effectiveness of certain of these actions, we applaud the heightened priority given to security that they reflect.

    Even after the significant security enhancements in recent years, we identified a number of shortcomings in official policies and procedures that existed at the time the drives were lost. A number of these have already been addressed in the Secretary's June 19 directive:

    Common sense dictates that security procedures should be predictable over time and consistent among all individuals who have access to sensitive nuclear information, i.e., the policy and overall standards should not vary by laboratory or even by agency. Moreover, because the laboratory employees understand better than anyone the sensitivity of the information being protected, or how they work with that information on a day-to-day basis, those employees should be consulted about the impact of the implementation of rules and any proposed changes to the rules.

    2. Were official policies, directives, and procedures fully implemented?

    Official policies and directives were not fully implemented in the hard drive incident. Even if the hard drives never left X Division, taking them out of the vault without accounting for them clearly violated established procedures. Nor could it have been proper to place them behind a copier in a nearby room. Further, according to the existing rules and procedures, once noted, the absence should have been reported within eight hours to the Associate Laboratory Director for Nuclear Weapons and to the Director of Security at LANL. This was not done.

    An alternate view has been suggested that, insofar as the reporting of the loss is concerned, the operative policies and procedures were followed. In our meetings with laboratory employees (none of whom were among those identified as potentially involved in the incident), we heard the view that the drives were not truly "missing" until laboratory employees established (on May 30) that two hard drives had not been deployed to a sister laboratory for an exercise. LANL security officials confirmed that the hard drives were missing on May 31. Under that analysis, there would have been no obligation to report the drives missing to laboratory management until June 1. Hence, there was no improper delay, in contrast to the general view that there was a three-week delay in reporting the lost drives.

    Laboratory management, however, dismissed that alternative view as without foundation, adding that laboratory employees knew full and well that as soon as they had identified the anomaly on May 7, the eight-hour clock for reporting began to tick. In addition, the LANL Security Office denied having supported any alternative view, as had been suggested in the preceding paragraph. The DOE manual4 on protection of classified information states that "[a]ny person observing, finding, or with knowledge of the loss or potential compromise of classified information shall immediately report this information to the facility security officer." At a minimum, the fact that laboratory employees might view a three-week delay in reporting as consistent with good security bespeaks a lack of understanding of -- or respect for -- the rules in effect.

    3. Were lines of command and communication clear and effective?

    No. The confusion of lines of command and communication was clearly demonstrated to us from our initial interviews with relevant officials and laboratory employees. Some DOE officials with direct oversight of NEST believed that LANL management was responsible for security. The Acting Deputy Administrator of NNSA for Defense Programs, however, acknowledged that his office was responsible for security in the NEST program. The DOE "security czar" had authority over budget and policies, but was not part of line management for LANL or NEST. Within DOE, the role of various offices within headquarters and the Albuquerque Operations Office was unclear.

    LANL management thought DOE was essentially responsible for labotatory security, particularly with the appointment of a DOE "security czar." LANL security personnel believed that the NEST program was "special" and somehow exempt from normal LANL security oversight. NEST members believed they were subject to inconsistent guidance from varied and uncoordinated sources.

    While the University of California contract to manage and operate LANL clearly assigns responsibility for security to the University, officials there appear not to have focused on this responsibility. Indeed, the former Chair of the President's Advisory Committee on the National Laboratories, an eminent and experienced scientist with decades of experience in intelligence and nuclear weapons issues, told us that he had no idea the University had this responsibility.

    Lines of command and communication that are so greatly confused cannot be effective, and we conclude that thcy were not. The inevitable result of this confusion is a widespread lack of a sense of personal responsibility and accountability for security, which tends to appear to be someone else's problem.

    To his credit, Secretary Richardson recognized this diffusion of authority and tried to redress it through the establishment of a "security czar," officially the Director of the Office of Security and Emergency Operations (SO). The "security czar" was invested with policy oveisight, and budgetary authority, and Secretary Richardson appointed a distinguished retired general to that position. While well intentioned, we conclude that the creation of a "security czar," who appears to operate from outside of the line organization, ultimately cannot succeed. Instead, it offers a convenient office in which to repose the responsibility but not the authority for security -- ultimately an untenable situation. We further believe that, with the establishment of the NNSA. the responsibility and authority for security at LANL and the other weapons laboratories must be vested in the Administrator of the NNSA, and run right down the line management of that organization to the individual employee.

    4. Was DOE oversight effective?

    DOE oversight did not identify or disclose in advance the specific shortcomings that contributed to the security breach of NEST, in this instance. Once the hard-drive incident occurred, however, DOE oversight responded expeditiously and thoroughly, issuing an interim report in less than a month and completing its final report in September.

    As in line management for security, in the area of oversight there has existed a confusion of responsibilities, as there were two offices led by senior DOE officials with apparent oversight responsibility and authorities. One was the "security czar" discussed above. The other was the Office of Independent Oversight and Performance Assurance, established by the Secretary of Energy in 1999, which is led by a career DOE official. The Office of Independent Oversight and Performance Assurance has responsibility for providing the Secretary of Energy and senior DOE managers an independent assessment of the effectiveness of DOE policy and site performance, including in such areas as safeguards and security, cyber security, and emergency management. Comments from our interviews reflect confusion over the respective oversight roles of these two entities.

    Part of the problem in oversight of NEST reflected the deteriorating relationship between LANL employees and the relevant oversight bodies in the wake of the Wen Ho Lee affair. Independent oversight requires vigorous auditing of the line organization -- from outside the line -- to identify security deficiencies and possible correctives. The auditing process should ultimately be one of give and take -- in the form of finding and response -- that promotes the common goal of the best possible security at the laboratory. Where that shared commitment is lost, e.g., where laboratory employees' concerns of criminal prosecution undermine their commitment to full candor in response to oversight, the oversight function cannot be effectively executed. Our interviews suggest that this has begun to occur at LANL.

    * * *

    On balance, while we cannot exclude the possibility of deliberate misconduct, if the hard drives were in fact simply misplaced through human error, the foregoing section suggests that such an error cannot be surprising when one considers the situation of the NEST members:

    The challenge we face is how -- while preserving the best science in the world -- to ensure that appropriate procedures are in place and followed and that each individual with access to nuclear weapon information views the proper care of sensitive materials as a critical part of his or her mission. The recommendations in the following section seek to address this challenge.

    C. What preventive measures should be implemented?

    We identified a number of corrective actions to be commended to the President, the Secretary of Energy, the Administrator of the National Nuclear Security Administration (NNSA), and to the Congress. Taken together, they should facilitate the exercise of strong, unified leadership over nuclear security matters at Los Alamos:

    1. Organization

    2. Security Measures and Procedures

    3. Personnel Actions

    4. Resources

    D. What are the implications of the hard drive incident?

    Beyond the assessment of what happened and why, our review of this episode underlined the fact that no security. procedures or physical barriers can substitute for individual commitment to security. After all, the Los Alamos scientists and engineers walk in and out of X Division every day with the most sensitive nuclear information in their minds. Neither airtight procedures nor robust deployments of guns, guards, and gates can alter that immutable fact. For this reason, security must be viewed not as a burden levied by outsiders upon laboratory employees, but rather as an integral part of the employees' mission to assure that America has the nuclear technology it needs, but that her foes do not. Fortunately, we have found that this deep commitment to security, although buffeted by recent events, still exists in the laboratory employees we had the opportunity to visit.

    Our meetings with X Division and NEST members, however, did reveal that the combined effects of the Wen Ho Lee affair, the recent fire at LANL, and the continuing swirl around the hard-drive episode have devastated morale and productivity at LANL. The employees we met expressed fear and deep concern over the influx of FBI agents and yellow crime-scene tape in their workspace, the interrogation of their colleagues by the FBI and by federal prosecutors before a grand jury, and the resort of some of their colleagues to taking a second mortgage on their homes to pay for attorney fees. The inevitable anxiety resulting from these circumstances collectively has, by all accounts, had a highly negative effect on the ability of LANL and the other national laboratories to continue to do their work, while attracting and maintaining the talented personnel who are the lifeblood of the cutting-edge work of the laboratory. This is particularly true in X Division and NEST, but seems to be a factor in the lab as a whole.

    In that context, we also take note of the strong opposition to polygraphy expressed by the scientists at LANL, on philosophical and scientific grounds. Obviously it is well beyond the scope of this review to assess whether the information-security gains of the current polygraph protocol, as administered, outweigh the possible national security losses in accelerating attrition among our national-laboratory scientists. We therefore welcome the study of the costs and benefits of that security tool by the National Acaderoy of Sciences.

    The current demoralization at LANL is dangerous. Once issues of management oversight give way to criminal investigation, and laboratory employees fear that committing a security error may expose them not just to management discipline, but to prosecution and imprisonment, any hope that individuals will volunteer information that could reflect security lapses is annihilated. To be sure, if crimes were committed they should be prosecuted, but we must recognize that the general criminalization of security lapses will tend to bury security deficiencies under a welter of self-justifications and active or passive failures to cooperate with oversight organizations. Ultimately this will erode both the security surrounding our nuclear secrets and the ability of independent oversight organizations to discover them. Poor morale breeds poor security, because the protection of our nuclear secrets ultimately depends on personal loyalty, commitment to mission, and care by laboratory employees, as much as on physical barriers or other external measures.

    The ability of LANL and the other national laboratories to attract and retain top talent has already been eroded, and now stands at serious risk. If the national laboratories lose the ability to attract and retain top talent, then U.S. national security will be seriously harmed. That harm may be long lasting, in light of the specialized nature of nuclear weapon design technology and the inexorable attrition through retirement and other departures of the dwindling numbers who understand them thoroughly.

    It is doubtful that the DOE, NNSA, LANL, and the University of California will be able effectively to redress either security or management lapses in the midst of a continuing criminal investigation or prosecution. It is critically important to national security that the internal disruptions at LANL be brought to a swift and orderly conclusion, and that the new management structure of the NNSA take all necessary measures to put the laboratory back to work, and to establish the conditions that will be conducive over the long term to the development of leading-edge science in a safe and secure environment.

    We must promote a strong and vibrant scientific culture at our national laboratories to continue developing the technological advances that secrecy is designed to protect. The great tradition of loyal Americans generating creative ideas in the performance of world-class science must be preserved.

    The current negative climate is incompatible with the performance of good science. A perfect security system at a national laboratory is of no use if the laboratory can no longer generate the cutting-edge technology that needs to be protected from improper disclosure. Further, to remain in the forefront of nuclear-technology development, our scientists need to be able to communicate and collaborate with scientists in other national laboratories, in universities, and in other nations.

    We conclude that it is critical to reverse this demoralizatton before it further undermines the ability of Los Alamos National Laboratory both to continue to make its vital contributions to our national security, and to protect the sensitive national security information that is critical to the fulfillment of their responsibilities.


    Comments from LANL employees

    On August 8, we visited LANL and held two roundtable sessions -- on a not-for-attribution basis -- with members of X Division and the NEST. Representative comments are summarized here:

    Our work load is increasing, but staff is declining.

    Politicians come here and say they want "the best and the brightest." But why would the best and the brightest work here?

    Politicians have the power to destroy the laboratory but not to recreate it in time of need. The nuclear weapons business is a guild system. It takes a long time to build.

    It is imperative for national and global security to keep our nuclear stockpile, so stockpile stewardship is critical. The quality of background investigations has deteriorated. A Q badge is not worth what it used to be. They should abolish L clearances from this building. I do not want to be in a building where we can't speak freely.

    All of the recent relaxations of security have been over the objections of the laboratory. None of the laboratory's security recommendations were accepted.

    Offer an amnesty with a reasonable [administrative] punishment, if you want the truth about the hard drives.

    We're walking down a canyon and it is getting tighter and tighter, and you're not getting a pedigree on the disks.

    NEST members are hard-working, security-conscious people.

    This emphasis on punishment has lost us 50 percent of computing-science people in the past three years.

    There is a lot of misdirected security.

    The guidance we get is routinely inconsistent and frequently absurd. If you give nerds absurd guidance it won't work. Give them sensible and consistent guidance and they'll do their best.

    I've been here 22 years. We are in this death spiral without trust and respect, and I don't know how to get it back.

    We are completely divorced from security. The relationship is totally adversarial. Security has no vested interest in our mission. You should have a team with security, ES&H [Environment, Safety & Health], all with a vested interest in the program.

    The safest and most secure way to do work is not to do any work at all.

    A year ago, I'd be inclined to try to work with Security. Now I'm scared... and it ain't worth it. What they want is someone to crucify. They are not interested in solving the security problem. I ain't gonna talk to anybody, which is not the best way to keep security in this place.

    A year ago they [oversight officials] were partners. Now they are policemen.

    Three to four years ago Albuquerque [Operations Office] encouraged increased reporting of security violations and we were naive enough to believe it. So the incidents shot up, but then the rain came down and they started coming after us.

    The political process has created gray areas, such as UCNI [Unclassified Controlled Nuclear Information], which introduces complacency. We should separate classified from unclassified information clearly and cleanly.

    We've lost the third "S." We've got the safety and security, but we have forgotten the science.

    If you lose the best, you can turn this place into an arsenal, but you cannot keep world-class science.

    Zero infractions, zero tolerance, zero work, zero IQ.

    People are making up rules at the division and group level that make no sense.

    My continued involvement in NEST is hanging by a thread, because I have colleagues locked out of their offices.


    IV. Conclusion

    In undertaking this assignment, we believed. that we had an opportunity to make a constructive contribution to a difficult problem. This problem did not begin with our involvement with it, and will not end with our report.

    This report cannot be read as a broad critique of the individuals who serve at LANL, or in X Division. We recognize that the vast majority of these individuals are dedicated, patriotic, conscientious contributors to our national security, and protectors of our nuclear secrets. Their extraordinary record ofaccomplishment is legendary, dating back to the Manhattan Project.

    To understand that security breaches are the exception rather than the rule, however, cannot alleviate the irreversible damage that even one major loss of classified data can cause. Rather than shrink from taking on a task so demanding, we urge DOE to embrace the challenge as an opportunity to apply the same energy and creativity that it has always shown to its highest program objectives. This imposes a heavy responsibility on our public servants, but we are confident they can meet it.

    These have been hard times at Los Alamos, between the tragic fire and the security issues that have dominated the headlines in recent months. In visiting Los Alamos, we came to understand the very different perspective the scientists there bring to all issues -- including security -- and view that difference as a source of strength, not weakness. We saw the anger and anxiety there, and it causes us great concern. If these problems are not addressed, the cutting-edge science that has served America so well will be placed in jeopardy.

    In our meetings at LANL, we saw that many scientists fully appreciate the need for good security practices to fulfill the fundamental national security mission of the laboratory to maintain a safe and secure nuclear deterrent. Understandably, the scientists expressed the strong desire that these security practices be reasonable and practical, and that they be consulted on new security procedures before they are imposed.

    It is reasonable for the Congress and the American people to be assured that our nuclear secrets are safe and well protected. It is reasonable for the LANL employees to be assured that their contributions to the national security are appreciated and that they will be provided a safe and secure environment -- politically as well as physically -- in which to work.

    These reasonable expectations can all be met, we believe, if we can move beyond traditional tensions so that science and security reinforce one another in the service of the Nation. Our purpose, through this report to the Secretary of Energy and to the President, is to help resolve security concerns, to recommend reform measures for consideration, to reassure Los Alamos National Laboratory of the trust the country places in. laboratory personnel as custodians of our deterrent, and to reassure all Americans that their trust is well placed.

    Working together, we believe that we can achieve that purpose, and set the stage for an exciting new period at Los Alamos National Laboratory, where the character of the scientific activity may change but its quality will not, where the great tradition of the scientists who have made breakthrough after breakthrough will be strengthened and continued, and where the Nation will honor their accomplishments and thank them for their invaluable efforts in defense of our freedom and security.


    End Notes

    1. The PFIAB published a report in June 1999, based on the analysis of approximately 115 external and internal reviews, investigations, audits of security at the Department and national laboratories dating from 1979 to 1999, that identified a multitude of chronic security and counterintelligence problems at all of the weapons laboratories.

    2. For example, DOE Order 471.2A, Information Security Program; DOE Order 471.2-lB, Classified Matter Protection and Control Manual, Chapter IV; and X Division 025-069 Vault -- TA-3, SM-43, Room A222A -- rules of use.

    3. The June 19, 2000 memorandum from the Secretary of Energy required nuclear weapons laboratories to implement a number of measures, including improved control over entering and exiting classified vaults, supported by the maintenance of logs, evaluation of existing vault procedures; encryption of certain media, and other measures. These and other DOE security initiatives are included in the Appendix.

    4. DOE Order 471.2-1B, Classified Matter Protection and Control Manual, Chapter IV.




  • FAS | Government Secrecy | Library ||| Index | Search | Join FAS