Weaknesses in Classified Information Security Controls at DOE's Nuclear Weapon Laboratories.
Subcommittee on Oversight & Investigations
Committee on Commerce
U.S. House of Representatives
July 11, 2000
Prepared Statement of Mr. Jim Wells
Issue Area Director Energy, Resources, and Science Issues
U.S. General Accounting Office
441 G Street
Washington, DC 20548
Panel 1, Witness 1
NUCLEAR SECURITY
Statement of Jim Wells,
Information on DOE's Requirements for Protecting and Controlling Classified Documents
Director, Energy, Resources, and Science Issues
Resources, Community, and Economic Development DivisionT-RCED-00-247
Mr. Chairman and Members of the Subcommittee:
We are pleased to be here today to provide information on the Department of Energy's (DOE) requirements for protecting and controlling classified documents. DOE's requirements are designed to protect classified documents from their inception to their destruction. At the Subcommittee's request, we have begun an evaluation, which is still underway, of DOE's classified matter protection and control program. During the past few weeks, we briefed your staff on DOE's requirements for controlling classified documents. At your request, we are testifying today on changes in DOE's requirements since 1988, when complete accountability was required for Secret and Top Secret documents. You also asked us to testify on the extent to which sign-out sheets have been required to provide a record of who removed a classified document from storage and when it was removed.
I would like to emphasize that the requirements we address today are DOE's minimum requirements. The contractors who operate DOE's facilities may require additional controls and procedures to protect and control classified documents. We are providing information on the requirements for controlling both Secret and Top Secret documents in protected areas. Protected areas have physical barriers and also have controlled access. Secret and Top Secret documents stored outside of these areas require additional protective measures.
In summary, DOE has numerous procedures designed to protect classified documents. The requirements vary depending on the type of document being protected and the nature of the protection provided where the document is stored. We found that many requirements for protecting and controlling Secret and Top Secret documents stored in protected areas were discontinued in the 1990s. For example, the requirement to inventory Secret documents every 3 years was discontinued in 1992 with other controls over Secret documents. In regard to Top Secret documents, many requirements, such as a Top Secret Control Officer, were eliminated in 1998.
Background
DOE is responsible for administering a security program that protects classified documents from loss or theft. DOE's memoranda, orders, and manuals set forth the requirements for protecting and controlling classified documents at DOE facilities. DOE's strategy for protecting classified documents involves a "graded protection" system. Under such a system, the level of protection for a classified document is commensurate with the threat to the document, the vulnerability of the document, the value of the document, and the level of risk to the document that DOE is willing to accept. Not all items are protected to the same degree; furthermore, locations on a DOE site may be protected differently. Protection is provided by various means, such as physically protecting classified documents with guards, buildings, vaults, and locks; limiting access to classified documents to personnel with proper security clearances and a legitimate need to have the information; and the processes and procedures known as classified matter protection and control.
DOE's classified matter protection and control program has included a wide variety of requirements. These requirements have included conducting inventories of classified documents and maintaining an accountability record for each classified document. The accountability record can include a description of the document, date, classification level and category. DOE has also required that each classified document be assigned a unique identification number--to allow the identification and tracking of the document--and a copy and series designation--to provide information on how many copies exist. Additionally, DOE has required the use of receipts for internal and external distribution to provide a record of dissemination of a classified document within a facility and outside a facility, respectively. Finally, DOE has required certain procedures for maintaining receipts and destruction records and obtaining approval for the reproduction of a classified document. Other requirements could also be used, such as maintaining a sign-out sheet to provide a record of who removed a classified document from storage and when it was removed.
DOE has also required additional controls for Top Secret documents. These have included assigning a Top Secret Control Officer, who has ultimate responsibility for Top Secret documents; conducting a verification to certify that all Top Secret documents have been returned to storage at the end of each work day; and maintaining a Top Secret access record that lists all persons who are authorized access to Top Secret documents.
Changes to DOE's Requirements Over the Past 12 Years
In general, over the past 12 years, many requirements for Secret and Top Secret classified matter protection and control have been discontinued. Specifically, requirements for maintaining records and receipting and reproducing classified documents were discontinued. According to DOE classified matter protection and control officials, these changes were implemented to promote governmentwide uniformity among contractors and to account for technological changes, such as computers, copiers, and faxes, in the processing and storage of classified information. In our ongoing evaluation, we will be looking at how other agencies protect and control classified documents.
The following tables show the requirements, or lack of requirements, for certain classified matter protection and control procedures. Several points in time were selected to demonstrate the changes in requirements from 1988 to 1998. The 1988 requirements are used as a baseline because, in that year, DOE required accountability procedures and receipting and reproduction requirements that applied to all Secret and Top Secret documents. The requirements for Secret documents for 1992 are shown because in that year DOE modified accountability requirements for Secret documents. The 1992 requirements for protecting and controlling Secret documents have not changed.
Table 1 shows that many requirements for controlling Secret documents that were required in 1988 were discontinued in 1992. Among those discontinued were DOE's requirement to conduct inventories, maintain an accountability record, assign a unique identification number and copy and series to each Secret document, use receipts for the dissemination of Secret documents within a facility, and obtain approval from the document's originator before reproducing a Secret document. The requirements for retaining receipts and destruction documentation did not change. DOE has not and does not require a sign-out sheet for Secret documents.
Table 1: Changes in Minimum Requirements for Controlling Secret Documents
Control requirements
1988
1992
Frequency of inventories
Every 3 years
Requirement discontinued
Accountability record
Required
Requirement discontinued
Unique identification number
Required
Requirement discontinued
Copy and series designation
Required
Requirement discontinued
Receipts for internal distribution
Required
Requirement discontinued
Receipts for external distribution
Required
Required
Retention of receipts
2 years
2 years
Retention of destruction records
2 years
2 years
Approval for reproduction
Required
Requirement discontinued
Sign-out sheets
Not specified
Not specified
Source: Prepared by GAO on the basis of DOE documents.
Table 2 shows DOE's requirements for safeguarding Top Secret documents in 1995 and 1998 in addition to the 1988 baseline requirements. The requirements in 1995 are included because DOE revised its classified matter protection and control manual, changing several inventory and accountability requirements. DOE decreased the frequency of inventories from semiannually to annually. DOE had also discontinued the requirements for assigning a copy and series designation to each document and the requirement for verifying that all Top Secret documents had been returned to storage at the end of the work day.
DOE's minimum requirements for 1998 are included because DOE again revised its classified matter protection and control manual to eliminate additional accountability requirements for Top Secret documents. In 1998, DOE eliminated requirements for performing annual inventories, maintaining an accountability record, assigning a unique identification number to each document, assigning a Control Officer, maintaining an access record, using receipts for the dissemination of Top Secret documents within a facility, and obtaining approval before reproducing a document. The requirements for using receipts for dissemination of Top Secret documents to recipients outside the facility and retaining receipts and destruction documentation did not change. DOE has not and does not require a sign-out sheet for Top Secret documents. The 1998 requirements for protecting and controlling Top Secret documents have not changed.
Table 2: Changes in Minimum Requirements for Controlling Top Secret Documents
Control requirements
1988
1995
1998
Frequency of inventories
Every 6 months
Annually
Requirement discontinued
Accountability record
Required
Required
Requirement discontinued
Unique identification number
Required
Required
Requirement discontinued
Copy and series designation
Required
Requirement discontinued
No change from 1995
Top Secret Control Officer
Required
Required
Requirement discontinued
End-of-day verification
Required
Requirement discontinued
No change from 1995
Access record
Required
Required
Requirement discontinued
Receipts for internal distribution
Required
Required
Requirement discontinued
Receipts for external distribution
Required
Required
Required
Retention of receipts
5 years
5 years
5 years
Retention of destruction records
5 years
5 years
5 years
Approval for reproduction
Required
Required
Requirement discontinued
Sign-out sheets
Not specified
Not specified
Not specified
Source: Prepared by GAO on the basis of DOE documents.
While we were asked to discuss document protection and control within DOE protected areas, it should be noted that Secret and Top Secret documents stored outside of these areas require additional protective measures. In addition, these requirements have not been discontinued for some specific types of Secret and Top Secret classified documents. These include classified documents related to special access programs, cryptographic information, and NATO classified information.
I would like to reiterate that the requirements we address today are DOE's minimum requirements. The contractors who operate DOE's facilities may require additional controls and procedures to protect and control classified documents. In addition, as you know, we have recently begun our work for the Subcommittee related to accountability for classified documents and will be doing further work on these issues.
- - - - -
We discussed the information related to classified matter protection and control requirements with DOE's Office of Safeguards and Security and Office of Independent Oversight and Performance Assurance officials, who agreed with its factual accuracy.
Mr. Chairman, this concludes our formal statement. We would be happy to respond to any questions that you or Members of the Subcommittee may have.
Contact and Acknowledgements
For future contacts regarding this testimony, please contact Jim Wells at (202) 512-3841. Individuals making key contributions to this testimony include William F. Fenzel, Kenneth E. Lightner, Jr., and Ilene M. Pollack.
(141450)