United States General Accounting Office GAO Report to the Chairman, Subcommittee on National Security, Emerging Threats, and International Relations, Committee on Government Reform, House of Representatives May 2003 NUCLEAR SECURITY NNSA Needs to Better Manage Its Safeguards and Security Program GAO-03-471 May 2003 NUCLEAR SECURITY NNSA Needs to Better Manage Its Highlights of GAO-03-471, a report to the Safeguards and Security Program Chairman, Subcommittee on National Security, Emerging Threats, and International Relations, Committee on Government Reform, House of Representatives The attacks of September 11, 2001, NNSA has not been fully effective in managing its safeguards and security intensified long-standing concerns program in four key areas. As a result, NNSA cannot be assured that its about the adequacy of safeguards contractors are working to maximum advantage to protect critical facilities and security at four nuclear and material from individuals seeking to inflict damage. The four areas are weapons production sites and three as follows: national laboratories that design nuclear weapons—most of these facilities store plutonium and • Defining clear roles and responsibilities. NNSA still has not fully uranium in a variety of forms. defined clear roles and responsibilities for its headquarters and site These facilities can become targets operations. for such actions as sabotage or theft. The Department of Energy • Assessing sites’ security activities. Without a stable and effective (DOE) and the National Nuclear management structure and with ongoing confusion about roles and Security Administration (NNSA)—a responsibilities, inconsistencies have emerged among NNSA sites on separately organized agency within how they assess contractors’ security activities. Consequently, DOE—are responsible for these NNSA cannot be assured that all facilities are subject to the facilities. NNSA plays a crucial role in managing the contractors comprehensive annual assessments that DOE policy requires. operating many of these facilities to ensure that security activities • Overseeing contractors’ corrective actions. To compound the are effective and in line with problems in conducting security assessments, NNSA contractors do departmental policy. GAO not consistently conduct required analyses in preparing corrective reviewed how effectively NNSA action plans. As a result, potential opportunities to improve physical manages its safeguards and security at the sites are not maximized because corrective actions security program, including how it are developed without fully considering the problems’ root causes, oversees contractor security risks posed, or cost versus the benefit of taking corrective action. operations. • Allocating staff. NNSA has shortfalls at its site offices in the total number of staff and in expertise, which could make it more difficult GAO is making four for site offices to effectively oversee security activities. recommendations to the Secretary of Energy and the Administrator of Security Force in Action NNSA to focus more on certain key management and oversight issues. Commenting on the draft report, NNSA disagreed with GAO’s conclusion that NNSA was not ensuring the comprehensive, annual assessments of contractors’ performance that DOE policy requires. GAO continues to believe that NNSA’s current efforts do not ensure conformance to DOE policy. www.gao.gov/cgi-bin/getrpt?GAO-03-471. To view the full report, including the scope and methodology, click on the link above. For more information, contact Robin M. Nazzaro at (202) 512-3841 or firstname.lastname@example.org. Contents Letter 1 Results in Brief 4 Background 7 NNSA’s Lack of Safeguards and Security Direction in Key Areas Results in Inconsistent Management of Contractors 9 Conclusions 16 Recommendations for Executive Action 16 Agency Comments and Our Evaluation 17 Appendix I Comments from the National Nuclear Security Administration 20 Appendix II GAO Contact and Staff Acknowledgments 23 Abbreviations DOE Department of Energy FRAM Functions, Responsibilities, and Authorities Manual NNSA National Nuclear Security Administration This is a work of the U.S. Government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from GAO. It may contain copyrighted graphics, images or other materials. Permission from the copyright holder may be necessary should you wish to reproduce copyrighted materials separately from GAO’s product. Page i GAO-03-471 Nuclear Security United States General Accounting Office Washington, DC 20548 May 30, 2003 The Honorable Christopher Shays Chairman, Subcommittee on National Security, Emerging Threats, and International Relations Committee on Government Reform House of Representatives Dear Mr. Chairman: Over the past decade, we and others have raised concerns about the adequacy of security at nuclear weapons facilities within the Department of Energy (DOE) and the National Nuclear Security Administration (NNSA)—a separately organized agency within DOE. For example, we reported in 2002 that DOE had not addressed problems in implementing security initiatives,1 while an independent study by the Commission on Science and Security,2 conducted at the request of DOE, found deficiencies in cyber security. Concerns over security within the nuclear weapons complex were brought into sharper focus by the September 11, 2001, terrorist attacks. These attacks highlighted the importance of effective physical security3 in response to a potentially large and well-organized threat. NNSA relies upon its safeguards and security program to ensure the physical security of the nation’s nuclear weapons complex. Currently, the complex has four production sites: the Pantex Plant, Amarillo, Texas; the Y-12 Plant, Oak Ridge, Tennessee; the Kansas City Plant, Kansas City, Missouri; and the Savannah River Site, Aiken, South Carolina. In addition to the production sites, the complex includes the Nevada Test Site and three national laboratories that design nuclear weapons: Lawrence 1 U.S. General Accounting Office, Nuclear Security: Lessons to Be Learned from Implementing NNSA’s Security Enhancements, GAO-02-358 (Washington, D.C.: March 29, 2002). 2 Commission on Science and Security, Center for Strategic and International Studies, Science and Security in the 21st Century: A Report to the Secretary of Energy on the Department of Energy Laboratories (Washington, D.C.: Apr. 2002). 3 Physical security is the combination of operational and security equipment, personnel, and procedures used to protect facilities, information, documents, or material against theft, sabotage, diversion, or other criminal acts. Page 1 GAO-03-471 Nuclear Security Livermore National Laboratory, Livermore, California; Los Alamos National Laboratory, Los Alamos, New Mexico; and the Sandia National Laboratories, Albuquerque, New Mexico, and Livermore, California. To implement its safeguards and security program, NNSA relies on site contractors that are responsible for conducting day-to-day security activities and adhering to DOE policies as they operate the complex’s laboratory and production facilities. The contractors’ activities are subject to DOE-NNSA oversight. NNSA has offices—site offices—co-located with each site. Many of these sites possess Category I special nuclear material. Category I material includes plutonium and uranium in the following forms: (1) assembled nuclear weapons and test devices; (2) products containing higher concentrations of plutonium or uranium, such as major nuclear components, and recastable metal; and (3) high-grade materials, such as carbides, oxides, solutions, and nitrates. The risks this radioactive material poses vary, but include the potential for sabotage, or theft for illegal use in a nuclear weapon. Because these materials pose such risks, NNSA’s management of the safeguards and security program, which includes overseeing contractor activities, is essential to preventing an unacceptable, adverse impact on national security. DOE’s Office of Security develops and promulgates orders and policies that guide NNSA’s safeguards and security program. NNSA is responsible for ensuring that its contractors’ security activities are effective and conform to DOE’s orders and policy requirements. In conducting this oversight, NNSA generally uses certain key processes intended to identify specific weaknesses at contractor-operated sites and ensure that weaknesses are corrected. These processes include, among other things, (1) annual, comprehensive surveys conducted by subject matter experts from across the complex and (2) ongoing reviews of one or more aspects of contractors’ program (surveillance) by NNSA site officials.4 DOE’s Office of Independent Oversight and Performance Assurance also assesses contractor security activities. In response to NNSA surveys and assessments conducted by the Office of Independent Oversight and Performance Assurance, DOE policy requires contractors to prepare corrective action plans for identified problems and to ensure that these 4 A surveillance is generally conducted by a single or small number of subject matter experts, and the documentation from a surveillance or group of surveillance activities may be used as part of the survey. Page 2 GAO-03-471 Nuclear Security actions are based on documented root cause analysis, risk assessment, and cost-benefit analysis. You asked us to review physical security at NNSA and DOE facilities that contain Category I materials. Specifically, as agreed with your office, this report examines how NNSA manages its safeguards and security program. This report is the first of two that we will be issuing to you on various aspects of physical security at NNSA and DOE facilities. Our followup report will focus on the extent to which physical security has improved; the effectiveness of the process for establishing safeguards and security requirements following the September 11, 2001, attacks; and the remaining vulnerabilities. To evaluate the overall safeguards and security oversight process, we reviewed DOE policy and planning documents, including orders, implementation guidance, and reports. We looked at what the orders and guides prescribed, particularly DOE Order 470.1, and compared this to how operations and site offices were following and implementing the policies to see if there were any deficiencies. To determine how NNSA organizes and conducts overall safeguards and security oversight, we met with officials from DOE and NNSA headquarters and NNSA site offices. The primary offices from which we obtained information were from DOE’s Office of Security, Office of Independent Oversight and Performance Assurance, and NNSA’s Office of Defense Nuclear Security and Nuclear Safeguards and Security Program.5 We also evaluated the NNSA reorganization with regard to the potential impact on oversight roles and responsibilities of NNSA headquarters and site offices. We visited 7 site offices from March 2002 to October 2002, to determine how federal contractor oversight and the safeguards and security program is managed. Specifically, we visited Los Alamos National Laboratory and the Office of Los Alamos Site Operations in New Mexico, Sandia National Laboratory and the Office of Kirtland Site Operations in New Mexico, Department of Energy’s Albuquerque Operations Office in New Mexico, the Office of Transportation Safeguards in New Mexico, Y-12 Plant, and the Y-12 Site Office in Tennessee, Pantex Plant and the Office of Amarillo 5 We did not include naval reactors in our review because it is a semiautonomous entity within NNSA with a unique security structure and program. Page 3 GAO-03-471 Nuclear Security Site Operations in Texas, the Savannah River Site6 and the Savannah River Site Office in South Carolina, and Lawrence Livermore National Laboratory and the Livermore Site Office in California. At each location we met with both federal and contractor officials and obtained pertinent supporting documentation. To determine how NNSA sites prepare and document corrective action plans and related analyses, we examined 43 closed and open corrective action plans dated from 1999 through 2002 that we selected at random from each of the 6 NNSA sites (as well as the DOE Savannah River Site, which is expected to come under NNSA’s jurisdiction in the future) that contain category I special nuclear materials.7 We reviewed these plans to determine the extent and type of analyses that support the corrective actions in the plans. These plans generally represent the contractors’ actions to address high priority findings in contractors’ security and safeguards program. To understand how the corrective action process currently works, we compared the processes in place at each NNSA site we visited during 2002. We performed our review from December 2001 through April 2003 in accordance with generally accepted government auditing standards. NNSA has not been fully effective in managing its safeguards and security Results in Brief program in four key areas, and therefore, it cannot be assured that its contractors are working to maximum advantage to protect critical facilities and material from individuals seeking to inflict damage. The following four areas are key: • Defining clear roles and responsibilities. Since its creation in March 2000, NNSA’s management structure has been in a state of flux. While in December 2002, NNSA issued what it considers final directives for reorganizing headquarters and site offices, NNSA expects it will take until at least September 2004 to fully implement its new management structure. In particular, NNSA is still defining its site offices’ roles and 6 Although the Savannah River Site is still an Environmental Management designated site, according to site officials, it will likely become an NNSA site once the accelerated cleanup is complete. Because of its present role as a key DOE nuclear weapons production site, we included it in our review of site offices. 7 One of the seven sites—Transportation Safeguards——is operated by NNSA, not a contractor. Page 4 GAO-03-471 Nuclear Security responsibilities for safeguards and security. Specifically, it is still developing the components of a Functions, Responsibilities, and Authorities Manual, which will not be completed for several months because of the highly detailed planning necessary for determining staff functions at the various sites. This manual, which NNSA itself recognizes as crucial, is intended to set out roles and responsibilities clearly. This still-developing management structure led to confusion about the roles and responsibilities of the headquarters and site offices. • Assessing sites’ security activities. Without a functional management structure and with ongoing confusion about roles and responsibilities, inconsistencies have emerged among the NNSA sites on how to conduct key aspects of safeguards-and-security assessment activities. In particular, three out of the seven NNSA site offices use the traditional survey approach, as required by DOE policy, to oversee security activities, while four have discontinued surveys and instead rely on surveillance activities. The distinction between these two activities is important: A survey provides a comprehensive annual review, by a team of experts from throughout NNSA, of contractor safeguards and security and generally takes about 2 weeks. In contrast, surveillance relies on a single or small number of NNSA site officials overseeing one or more aspects of a contractor’s safeguards and security activities throughout the year. However, officials from DOE’s Office of Security—which developed the policy for conducting surveys—believe the surveillance model does not comply with the DOE order because it does not provide a comprehensive overview. Furthermore, officials from DOE’s Office of Independent Oversight and Performance Assurance and NNSA headquarters expressed concern about the site offices’ ability to conduct surveillance because of shortfalls in available expertise. The four site offices have been able to operate using only surveillance activities because, during the reorganization of the management structure, NNSA has not issued guidance on complying with DOE policy for conducting surveys. • Overseeing contractors’ corrective actions. NNSA contractors do not consistently conduct the analyses DOE policy requires in preparing corrective action plans, compounding the problems in ensuring physical security. Inconsistency occurs because the NNSA site officials do not have implementation guidance from headquarters on how to address corrective actions. Of the 43 corrective action plans we reviewed for 1999 through 2002, less than half showed that the contractor had performed the required root cause analysis. Furthermore, less than 25 percent demonstrated that the contractor had performed a required risk assessment or cost-benefit analysis. As a Page 5 GAO-03-471 Nuclear Security result, potential opportunities to improve physical security at the sites are not maximized because corrective actions are developed without fully considering the problems’ root causes, risks posed, or cost versus benefit of taking corrective action. However, at the 7 sites we visited in 2002, the site offices and contractors are making some progress to establish formal processes for root cause and other analyses. Nevertheless, inconsistencies remain regarding the approaches used to complete these analyses. For example, some site processes specify that root cause analyses will be conducted for all corrective action plans, while other sites consider the completion of these analyses optional. An NNSA headquarters official stated that the agency expects to issue additional guidance for implementing DOE security policies in 2003. • Allocating staff. NNSA has shortfalls at its site offices in the total number of staff and in areas of expertise, which could make it more difficult for the site offices to oversee safeguards and security effectively and to ensure that the agency fully knows security conditions at its sites. According to officials at 5 of the 7 site offices we visited, they have, or expect to have, an average of 2 to 6 vacancies per site for overseeing contractors’ safeguards and security; typically, each site expects to have 10 to 14 security-related positions within the next 2 years. The vacancies occur, in part, because staff are reluctant to move to locations they view as less desirable and because NNSA has frozen hiring in response to budget constraints. Some of these vacancies are for specialists in particular subject areas, such as Industrial Security Systems—a key specialty needed for conducting physical security inspections. The lack of expertise and staff could be further complicated for some sites by NNSA’s realignment plan. Under this plan, NNSA expects to streamline federal oversight of contractors and reduce headquarters and field staff by 20 percent by the end of fiscal year 2004. Site officials said that they will fill some vacancies through a virtual organization in which experts at other locations will assist with certain components of the surveillance activities. However, it will take time to work through some of the difficulties associated with making the transition to this approach. We are making recommendations to the Secretary of Energy and the Administrator of the NNSA that are intended to place additional focus on key management and oversight dimensions during NNSA’s ongoing reorganization. In commenting on our draft report, NNSA concurred with two of our four recommendations, disagreed with one, and did not indicate agreement or disagreement with the fourth. NNSA concurred with our recommendation Page 6 GAO-03-471 Nuclear Security to formally establish roles and responsibilities, and it plans to issue a formal document in 2003. NNSA also concurred that corrective action plans must be prepared in accordance with established standards and policy. NNSA disagreed with the conclusion that it was not ensuring the comprehensive annual assessments of contractors’ performance that DOE policy requires. NNSA believed that its surveillance activities were also comprehensive; however, NNSA provided no evidence—such as implementation guidance to the sites that are conducting surveillances— that would ensure that the sites’ surveillance activities conform to DOE’s policies. Finally, regarding our recommendation that NNSA develop and implement a plan for effectively allocating staff for safeguards and security oversight, NNSA commented that managers have staffing plans and that its virtual organization and additional hiring will address sites’ need for certain types of skilled personnel. In our view, while reliance on the virtual approach may be effective in the short term, the continuing vacancies at some sites indicate that NNSA may have difficulty attracting and retaining necessary expertise at specific, understaffed locations over the long term. Since its creation in 1977, DOE has been responsible for developing, Background producing, and maintaining nuclear weapons; preventing the proliferation of weapons of mass destruction; designing, building, and maintaining naval nuclear propulsion systems; and ensuring the security of the nuclear weapons complex. In 2000, however, the Congress created a separately organized agency within DOE—the NNSA.8 NNSA’s Office of Defense Nuclear Security is primarily responsible for developing the agency’s security programs, including protecting, controlling, and accounting for material and ensuring physical security for all facilities in the complex. Historically, NNSA has conducted comprehensive annual surveys of contractors’ operations for safeguards and security. These surveys, which can draw upon subject matter experts throughout the complex,9 generally take about 2 weeks to conduct and cover 5 “topical” areas and 32 subtopical areas. The topical areas include 8 National Defense Authorization Act for Fiscal Year 2000, Pub. L. No. 106-65, tit. 32 (also known as the National Nuclear Security Administration Act). 9 The core skill sets needed to address the safeguards and security elements at a facility include program management and planning; protective force operations; classified matter protection and control; physical security; technical security and security systems; nuclear material control and accountability; and safeguards and security program infrastructure. Page 7 GAO-03-471 Nuclear Security program management, protection program operations, information security, nuclear materials control and accountability, and personnel security. The survey team assigns ratings of satisfactory, marginal, or unsatisfactory. Currently, NNSA’s facilities have been rated satisfactory in most topical areas. All deficiencies (findings) identified during a survey require the contractors to take corrective action, and both findings and corrective actions are to be entered in the Safeguards and Security Information Management System—a DOE-wide, integrated tracking database for findings of surveys and other safeguards and security activities. In addition, NNSA’s Office of Facilities and Operations is expected to provide policy guidance for safeguards and security. This office is also expected to be responsible for the Nuclear Safeguards and Security Program, which oversees the implementation of safeguards and security in NNSA facilities. The office is expected to integrate and defend the budget for safeguards and security to ensure that program components can achieve mission objectives. Through various contract mechanisms, NNSA provides financial incentives, such as award fees, for contractor performance. NNSA assesses this performance based on the extent contractors meet a set of measures, which are generally established in annual performance plans—so-called performance measures. DOE’s Office of Independent Oversight and Performance Assurance supports NNSA in safeguards and security assessments and conducts independent oversight activities in line with DOE and NNSA policies and priorities. Among other things, the office is responsible for evaluating the effectiveness of contractors’ performance in safeguards and security. To carry out this function, this office periodically assesses both federal and contractor operations at a site and identifies findings, issues, and opportunities for improvement. It also performs follow-up reviews to ensure corrective actions are effective and that weaknesses in safeguards and security are appropriately addressed. Page 8 GAO-03-471 Nuclear Security NNSA has not been fully effective in managing its safeguards and security NNSA’s Lack of program in four key areas, and therefore, it cannot be assured that its Safeguards and contractors are working to maximum advantage to protect its sites. First, NNSA has not fully defined safeguards and security roles and Security Direction in responsibilities. Second, without an effective management structure, site Key Areas Results in offices are uncertain about how to conduct their safeguards and security responsibilities. This uncertainty has resulted in inconsistencies in how Inconsistent site offices comply with DOE orders in assessing contractors. Third, even Management of when assessments are done, NNSA contractors do not consistently Contractors conduct required DOE analyses in preparing corrective action plans. Finally, NNSA’s shortfalls at its site offices in the total number of staff and expertise could make it more difficult for the site offices to oversee safeguards and security effectively. NNSA Has Not Clearly Since its creation in March 2000, NNSA’s management structure has been Defined Roles and in a state of flux, and NNSA expects it will take at least to September 2004 Responsibilities, Resulting to implement a new management structure. However, NNSA needs a stable structure to establish clear roles and responsibilities for its in Confusion at Sites headquarters and site offices, including safeguards and security oversight. In May 2001, NNSA’s Administrator proposed a management structure for his organization,10 but in December 2001, we reported that a clearly delineated overall management structure still did not exist.11 In February 2002, NNSA reported in more detail to Congress on its outline for a new management structure12 to improve NNSA’s effectiveness and efficiency. NNSA expected to implement the new structure later in the year. Since then, NNSA headquarters and field officials have been defining safeguards and security roles and responsibilities. In December 2002, NNSA fundamentally changed the management structure for safeguards and security. It abolished operations offices, which had been responsible for conducting the annual, comprehensive surveys as well as other 10 National Nuclear Security Administration, Report to Congress on the Plan for Organizing the National Nuclear Security Administration (Washington, D.C.: May 3, 2001). 11 U.S. General Accounting Office, NNSA Management: Progress in the Implementation of Title 32, GAO-02-93R (Washington, D.C.: Dec. 12, 2001). 12 National Nuclear Security Administration, Report to Congress on the Organization and Operations of the National Nuclear Security Administration (Washington, D.C.: Feb. 25, 2002). Page 9 GAO-03-471 Nuclear Security safeguards and security activities. It divided these operations offices’ responsibilities among the site offices and a service center, formerly the Albuquerque operations office; headquarters will oversee the performance of the site offices. The restructuring brings day-to-day federal oversight of laboratories and plants closer to the site offices. However, these changes do not complete the management structure. NNSA plans to further streamline its oversight of contractors by reducing site activities. Among other things, NNSA plans to focus more on ensuring that contractors’ management systems are valid. Furthermore, NNSA plans to review its policies and practices and decide which site office oversight activities can be reduced or eliminated in order for the site offices to work more efficiently. It has not yet identified which specific activities will be modified. At the time of our review, headquarters could not provide details on how it intends to monitor the NNSA site offices’ performance with respect to safeguards and security or address deficiencies. In creating this new management structure, NNSA has not yet developed a Functions, Responsibilities, and Authorities Manual (FRAM), an organizational tool used by managers at federal agencies, including DOE, for defining roles and responsibilities. This manual is to address the functions, responsibilities, and authorities of all elements within NNSA. NNSA headquarters security officials agree that this guidance is crucial and stated that they are currently developing the components of a FRAM, which should be finalized in 2003. NNSA told us that completing the FRAM takes significant time because of the highly detailed planning necessary for determining staff functions at the various sites. According to NNSA site office officials, as they wait for formal guidance from headquarters on conducting security oversight, each office is carrying out oversight activities as it deems appropriate. In addition, these officials told us that they have not received formal notification about the change in their safeguards and security oversight responsibilities, such as responsibilities for the survey program. Officials at several site offices expressed frustration with this lack of direction. NNSA’s Security NNSA site offices are not consistent in how they assess contractor Assessment Processes safeguards and security activities, and they may not be conducting these Differ among Sites and Are assessments in accordance with DOE policy. The lack of consistency and the failure to implement DOE policy occurs in part because the site offices Inconsistent with DOE have had to assume new oversight responsibilities without, among other Requirements things, clear guidance from headquarters on how to carry out these responsibilities. As a result, three offices of the seven NNSA site offices we Page 10 GAO-03-471 Nuclear Security visited continue to use the traditional survey approach to oversee security activities (Oak Ridge, Savannah River, and NNSA’s Office of Transportation Safeguards), while the remaining four have adopted or are adopting a surveillance model—-Amarillo, Kirtland, Livermore, and Los Alamos. The distinction between these two activities is important: A survey provides a comprehensive annual review, by a team of experts, of contractor safeguards and security and generally takes about 2 weeks; formerly, the operations offices generally conducted surveys, assisted by experts from throughout the complex, as necessary. In contrast, surveillance relies on a single or small number of NNSA site officials overseeing one or more aspects of a contractor’s safeguards and security activities throughout the year, and the documentation from a surveillance or a group of surveillance activities may be used as part of the survey. By relying on surveillance, NNSA may have less assurance that it fully knows the condition of security at its sites and therefore potentially cannot act to correct deficiencies undisclosed by this limited review. Surveillance allows subject matter experts at the sites to evaluate areas of contractor safeguards and security performance more often than the traditional survey process and therefore potentially identify deficiencies faster. However, according to DOE officials, reliance on surveillance is not consistent with DOE orders calling for a comprehensive survey of a contractor’s safeguards and security performance. This survey provides a unified assessment of all security-related topical areas.13 Officials from DOE’s Office of Security—which developed the policy for conducting surveys—believe the surveillance model does not comply with DOE order survey requirements because it is not comprehensive. Officials from DOE’s Office of Independent Oversight and Performance Assurance expressed concern about the site offices’ ability to conduct surveillance because of shortfalls in available expertise. Furthermore, the director of NNSA’s Office of Defense Nuclear Security acknowledged that although some NNSA site offices, such as the Los Alamos site office, are using the surveillance model, this site and others lacked the necessary personnel to conduct surveillance. According to officials from DOE’s Office of Independent Oversight and Performance Assurance and one site office, surveillance is not compatible with the current Safeguards and Security Information Management 13 The frequency of survey schedules can be modified if the site being surveyed meets certain criteria. Page 11 GAO-03-471 Nuclear Security System, a DOE information database system used to track findings and associated corrective actions, and therefore could pose problems for sites in entering information. On the other hand, NNSA officials at site offices and headquarters argue that using the surveillance model for oversight will produce an annual end of the year survey report and should have the same end result as an annual survey. However, NNSA could have difficulty ensuring consistent and comprehensive assessments because of the difficulties posed by using the surveillance model without appropriate NNSA-wide implementation guidance, site office staffing shortfalls, and database compatibility problems. NNSA’s Corrective Action Contractors have not consistently prepared effective, formal root cause Practices Are Inconsistent analyses in developing corrective action plans for identified deficiencies, with DOE Requirements as DOE policy requires.14 An effective, formal, root cause analysis can enhance the development of corrective actions, as we observed while reviewing some plans. However, less than half of the 43 corrective action plans we reviewed, dated between 1999 and 2002, showed that the contractor had performed the required root cause analysis. Furthermore, in a few cases corrective action plans were based on root cause analyses that were poorly prepared, resulting in confusion and contradictions. For example, NNSA had identified a deficiency at one site of potential entry into a critical facility. The contractor did not fully develop a root cause for this problem but merely rebutted the finding’s validity. Nevertheless, the contractor took a corrective action in response to this deficiency— spending about $150,000. However, because the root cause analysis was not fully developed, we could not determine how, or if, the contractor’s corrective actions would correct the deficiency. Furthermore, the contractor’s staff preparing the analysis did not have formal training in how to conduct root cause analyses. NNSA site officials agreed that the root cause analysis was performed incorrectly and that their oversight review of the analysis had not detected this problem. Despite the problems some contractors have had in preparing root cause analyses, corrective action processes in 2002 at all 7 sites showed that some sites are making progress. For example, in late 2000, the Office of Transportation Safeguards, which is responsible for securely transporting critical NNSA items and material, had begun to correct significant weaknesses in its process for preparing and tracking corrective actions. 14 DOE Order 470.1 Safeguards and Security Program; Sept. 28, 1995. Page 12 GAO-03-471 Nuclear Security According to an official responsible for corrective actions at the office, the new process has already resulted in documented improvements to the quality and completeness of its corrective action plans. For example, the new process for root cause analyses identified additional reasons for a recurring NNSA finding on problems in how three federal agent facilities in NNSA’s Office of Transportation Safeguards inspected the vehicles used to transport critical materials across the nation. These inspections are crucial in preventing individuals from attaching explosives or other foreign devices to the vehicles in potential attempts at sabotage or theft. The new process enabled NNSA to identify specific actions to ensure consistent interpretation and implementation of vehicle inspection procedures among the three facilities. Because the finding has not been repeated since July 2000, it appears that the additional corrective actions proved effective. Another site, Sandia National Laboratories, has developed a process for root cause analysis that other sites may find useful. Sandia uses a designated root cause analyst to systematically lead teams of subject matter experts at the laboratory through the steps for determining root cause. With this expert in root cause analyses, Sandia helps ensure that these analyses are consistent and effective. Other analyses and assessments that are critical to planning corrective actions are also not consistently prepared at NNSA sites. In particular, less than 25 percent of the corrective action plans we reviewed showed documentation of other analyses required by the DOE order for corrective action, such as risk assessment or cost-benefit analysis. Without this documentation, we found it difficult to determine what process, if any, the sites had used to determine the risk level of the problem or the cost and relative benefit of implementing corrective actions. Consistency problems are likely to continue without effective NNSA guidance for corrective actions. For example, at four sites we visited, the sites either did not require a risk assessment and cost-benefit analyses or stated that they were optional, depending on the site’s evaluation of the need for an analysis. However, the remaining three sites we visited required these analyses for all corrective action plans. This inconsistency resulted in part from differing interpretations of the DOE order governing corrective actions. As a result, NNSA cannot be assured that all contractors are considering the costs of corrective actions in conjunction with the risk posed or the potential benefits to be gained. NNSA officials at some sites stated that, without implementation guidance, the intent of the DOE order requiring these analyses can be interpreted differently from site to site, which contributes to the inconsistent practices we observed. Since we provided our draft report to NNSA in April 2003, it has sent a brief Page 13 GAO-03-471 Nuclear Security guidance letter on corrective action plans to its site offices, clarifying its analysis and documentation requirements. An NNSA headquarters official stated that issuance of additional guidance for implementing DOE security policies is expected in 2003. And finally, NNSA sites do not consistently measure all performance aspects of contractors’ preparation of corrective action plans and may reward contractors simply for closing the finding on schedule. According to our review of performance measures concerning corrective actions, four of the six contractor-operated sites we visited had measures that were primarily based on whether the contractor met the schedule for completing corrective actions, not on whether and how well the contractor had performed the analyses.15 The other two sites did not consider any corrective action performance measures in assessing contractor performance—not even the schedule. However, DOE guidance encourages sites to measure qualitative factors, whenever possible, to minimize the need to rely solely on schedule-driven measures.16 Effective qualitative performance measures would essentially reflect how well the contractor completes root cause analyses, risk assessment, and cost- benefit analyses. The lack of qualitative performance measures affects the quality of the correction plan. For example, in fiscal year 1999, DOE’s Office of Independent Oversight and Performance Assurance criticized a site that had schedule-driven performance measures for poorly prepared corrective action plans. Out of the 50 plans reviewed for that site, 27 had inadequate root cause determinations, and 15 had corrective actions that were unlikely to fix the deficiency cited. The performance measures in place for this contractor in fiscal year 1999—and then again in fiscal years 2000 and 2001—did not reflect qualitative aspects of these analyses; instead, they were primarily focused on schedule-driven outcomes. Some contract provisions permit the contractor to forfeit some of the award fee based on other generic performance factors, such as “management failure.” However, these generic provisions may not be fully effective in motivating contractors in all aspects of their corrective action performance because 15 One site, the Office of Transportation Safeguards is federally operated and therefore performance award fees are not applicable. 16 U.S. Department of Energy, Guidelines for Performance Measurement, DOE G 120.1-5 (Washington, D.C.: June 30, 1996). Page 14 GAO-03-471 Nuclear Security these provisions are not explicitly focused on corrective action and are therefore not highly visible. Difficulties in Allocating NNSA’s site offices have shortfalls in the total number of staff and in the Staff Could Hinder expertise for effectively overseeing contractors, including covering all Effective Safeguards and topical areas in the annual surveys. At five of the seven sites we visited, NNSA officials told us that they currently have, or will have, two to six Security Oversight vacancies in safeguards and security positions once NNSA fully implements its new management structure; each site believes that it needs from 10 to 14 security-related positions in order to carry out its oversight activities under NNSA’s new organization. In particular, some of the site offices are experiencing difficulty in filling positions because some staff consider the site locations less desirable than others and because NNSA has instituted a hiring freeze. Some of these vacancies are for specialists in particular subject areas, such as industrial security systems—a key specialty needed for conducting physical security inspections. Officials in the Office of Independent Oversight and Performance Assurance concurred that NNSA’s reorganization and the shifting of responsibilities to the site offices has the potential to weaken security oversight. To offset the lack of some subject matter experts at sites, NNSA field officials indicated that they frequently rely on subject matter experts from headquarters or other site offices to cover site offices that do not have expertise locally. With only a limited number of subject matter experts in the complex, the sites have to coordinate oversight carefully. Coordination is particularly complicated at those sites that have switched to a surveillance model since they may have to rely on particular subject expertise that is only available during certain times. NNSA’s new management structure further complicates the problems in staff allocation. NNSA expects to reduce headquarters and field staff by 20 percent by the end of fiscal year 2004. In this restructuring, NNSA plans to share staff expertise, creating a “virtual” organization to cover the needs of site offices and other areas within the complex until a final move of personnel can be made. Headquarters officials told us that it may take 1 to 2 years to move the appropriate safeguards and security persons to the areas where they are needed. Until then, they expect the virtual organization to meet the complex’s needs. The virtual organization will include subject matter experts whose knowledge will be needed throughout the nuclear weapons complex and not just at their current sites. Some of these experts will work from the service center or be detailed to site offices as needed. With competing demands for the Page 15 GAO-03-471 Nuclear Security experts, it is unclear how they will successfully provide assistance to site offices in their surveillance processes. The assistance may be unavailable when needed since components of surveillance are ongoing and may span an entire year. Without effectively managing its safeguards and security program, NNSA Conclusions cannot be assured that its contractors are working to maximum advantage to protect its nuclear weapons sites. These sites may have critical materials that could be prime terrorist targets. Several factors contribute to this lack of assurance. NNSA continues to change its management structure, making it difficult to define roles and responsibilities clearly. Without a functional management structure, some site offices and contractors may not be carrying out their security responsibilities, as DOE orders require. In particular, NNSA has not fully assured itself that the four sites that rely on surveillance activities, rather than on the DOE-required surveys, are overseeing contractors’ security activities in the integrated, comprehensive fashion that are called for in the annual surveys. Moreover, when NNSA site offices allow and reward contractors for closing findings without ensuring that the contractors have correctly identified the root cause, assessed risk, and conducted a cost-benefit analysis, NNSA cannot be assured that the security problem identified was adequately addressed. Finally, to provide effective oversight, NNSA needs to develop an approach, beyond its “virtual” organization, that ensures its limited security resources are able to provide oversight, over the long term, where and when it is needed. In order to strengthen the safeguards and security program of the nuclear Recommendations for weapons complex, we recommend that the NNSA Administrator and Executive Action Secretary of Energy • formalize the roles and responsibilities of site offices and headquarters for conducting oversight; • ensure that sites are performing oversight using a survey approach that provides an integrated comprehensive view of security conditions and is consistent with DOE orders; • ensure that contractors’ corrective action plans are prepared and documented consistently and are based on qualitative root-cause, risk- assessment, and cost-benefit analyses, and that appropriate incentives are used to help motivate contractors toward effectively addressing findings; and Page 16 GAO-03-471 Nuclear Security • develop and implement a plan to ensure that NNSA allocates safeguards and security staff so that it provides effective safeguards and security oversight over the long term. We provided the DOE’s NNSA with a draft of this report for review and Agency Comments comment. Overall, NNSA concurred with two of our four and Our Evaluation recommendations, disagreed with one, and did not indicate agreement or disagreement with the fourth. In the area of concurrence, NNSA concurred with our recommendation to formally establish roles and responsibilities, and it plans to do so in 2003. NNSA also concurred that corrective action plans must be prepared in accordance with established standards and policy and based on documented root cause analysis, risk assessments, and cost-benefit analysis. Since we provided our draft report to NNSA, it has sent its site offices a guidance letter on corrective action plans that clarifies its analysis and documentation requirements. NNSA now allows required elements to be omitted from corrective action plans, but only if the contractors document the rationale for the exclusion as a formal part of their plan. We believe this guidance letter is a positive step in clarifying some implementation aspects of the DOE requirements, and we encourage continued management attention to this area. NNSA did not comment on the portion of this recommendation concerning the use of appropriate incentives to motivate contractors to address findings effectively. NNSA disagreed with the conclusion that led to our recommendation to conduct oversight using a survey approach, which provides an integrated, comprehensive view of security conditions and is consistent with DOE orders. Specifically, NNSA disagreed with our conclusion that it was not ensuring the comprehensive annual assessments of contractors’ performance that DOE policy requires. As we reported, four of the seven site offices no longer conduct comprehensive, integrated surveys to assess security but instead rely on surveillance activities. NNSA believed that these surveillance activities were also comprehensive; however, NNSA provided no evidence—such as implementation guidance to the sites that are conducting surveillances—that would ensure that the sites’ surveillance activities conform to DOE’s policies. Without such guidance, NNSA cannot be fully assured that surveillance activities, as presently conducted, provide the comprehensive assessment DOE requires in its surveys. Our recommendation therefore is intended to focus NNSA management attention on ensuring that site offices conduct security assessments that are integrated, comprehensive, and on par with the survey approach previously used and currently described in DOE orders. Furthermore, NNSA asserted, incorrectly, that we found its security Page 17 GAO-03-471 Nuclear Security posture to be at risk. Assessing NNSA’s security posture was not the objective of this report. Rather, our objective was to assess the way NNSA manages its overall security program. We have clarified the report, where appropriate. Finally, regarding our recommendation that NNSA develop and implement a plan to ensure that it effectively allocates staff to provide safeguards and security oversight, NNSA commented that managers have staffing plans and that its virtual organization and additional hiring will address sites’ need for certain types of skilled personnel. Reliance on the virtual approach may be effective in the short term. However, the continuing vacancies at some sites indicate that NNSA may have difficulty attracting and retaining necessary expertise at specific, understaffed locations over the long term. NNSA’s comments do not indicate that it fully understands the need to address this longer-term problem. We have modified our recommendation to target this specific long-term concern. We modified our report, where appropriate, to reflect NNSA’s comments and to clarify some of our conclusions. NNSA’s comments on our draft report are presented in appendix I. As arranged with your office, unless you publicly announce its contents earlier, we plan no further distribution of this report until 30 days after the date of this letter. At that time, we will send copies of the report to the Secretary of Energy, the Administrator of NNSA, the Director of the Office of Management and Budget, and appropriate congressional committees. We will make copies available to others on request. In addition, the report will also be available at no charge on the GAO Web site at http://www.gao.gov. Page 18 GAO-03-471 Nuclear Security If you or your staff have any questions about this report, please call me at (202) 512-3841. Major contributors to this report are listed in appendix II. Sincerely yours, Robin M. Nazzaro Director, Natural Resources and Environment Page 19 GAO-03-471 Nuclear Security Appendix I: Comments from the National Appendix I: Comments from the National Nuclear Security Administration Nuclear Security Administration Page 20 GAO-03-471 Nuclear Security Appendix I: Comments from the National Nuclear Security Administration Page 21 GAO-03-471 Nuclear Security Appendix I: Comments from the National Nuclear Security Administration Page 22 GAO-03-471 Nuclear Security Appendix II: GAO Contact and Staff Appendix II: GAO Contact and Staff Acknowledgments Acknowledgments James Noel (202) 512-3591 GAO Contact In addition to the individual named above, Christopher R. Abraham, Jill Acknowledgments Berman, Jonathan M. Gill, Andrea R. Miller, Christopher M. Pacheco, and Carol Herrnstadt Shulman made key contributions to this report. (360159) Page 23 GAO-03-471 Nuclear Security The General Accounting Office, the audit, evaluation and investigative arm of GAO’s Mission Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO’s commitment to good government is reflected in its core values of accountability, integrity, and reliability. The fastest and easiest way to obtain copies of GAO documents at no cost is Obtaining Copies of through the Internet. GAO’s Web site (www.gao.gov) contains abstracts and full- GAO Reports and text files of current reports and testimony and an expanding archive of older products. The Web site features a search engine to help you locate documents Testimony using key words and phrases. You can print these documents in their entirety, including charts and other graphics. Each day, GAO issues a list of newly released reports, testimony, and correspondence. GAO posts this list, known as “Today’s Reports,” on its Web site daily. The list contains links to the full-text document files. To have GAO e-mail this list to you every afternoon, go to www.gao.gov and select “Subscribe to daily E-mail alert for newly released products” under the GAO Reports heading. Order by Mail or Phone The first copy of each printed report is free. Additional copies are $2 each. A check or money order should be made out to the Superintendent of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or more copies mailed to a single address are discounted 25 percent. Orders should be sent to: U.S. General Accounting Office 441 G Street NW, Room LM Washington, D.C. 20548 To order by Phone: Voice: (202) 512-6000 TDD: (202) 512-2537 Fax: (202) 512-6061 Contact: To Report Fraud, Web site: www.gao.gov/fraudnet/fraudnet.htm Waste, and Abuse in E-mail: email@example.com Federal Programs Automated answering system: (800) 424-5454 or (202) 512-7470 Jeff Nelligan, Managing Director, NelliganJ@gao.gov (202) 512-4800 Public Affairs U.S. General Accounting Office, 441 G Street NW, Room 7149 Washington, D.C. 20548
Nuclear Security: NNSA Needs to Better Manage Its Safeguards and Security Program
Published by the Government Accountability Office on 2003-05-30.
Below is a raw (and likely hideous) rendition of the original report. (PDF)