FAS | Secrecy | PFIAB Top Page ||| Index | Search | Join FAS


RECURRING VULNERABILITIES

Over the past 20 years, six DOE security issues have received the most scrutiny and criticism from both inter-nal and external reviewers: long–term security planning and policy implementation; physical security over facili-ties and property; screening and monitoring of person-nel; protection of classified and sensitive information, particularly information that is stored electronically in the Department’s computers; accounting for nuclear materials; and the foreign visitors’ programs.

MANAGEMENT AND PLANNING

Management of security and counterintelligence has suffered from chronic problems since the creation of the Department of Energy in 1977. During the past decade, the mismatch between DOE’s security programs and the severity of the threats faced by the Department grew more pronounced. While the number of nations possessing, developing, or seeking weapons of mass destruction continued to rise, America’s reliance on foreign scientists and engineers dramatically increased, and warnings mounted about the espionage goals of other nations, DOE spending on safe-guards and security decreased by roughly one–third.1

The widening gap between the level of security and the severity of the threat resulted in cases where sensitive nuclear weapons information was certainly lost to espionage. In countless other instances, such information was left vulnerable to theft or duplication for long periods, and the extent to which these serious lapses may have damaged American security is incalculable. DOE’s failure to respond to warnings from its own analysts, much less independent sources, underscores the depth of its managerial weakness and inability to implement legitimate policies regarding well–founded threats.


A Sample of Security Issues

MANAGEMENT AND PLANNING PHYSICAL SECURITY PERSONNEL SECURITY CLEARANCES PROTECTION OF CLASSIFIED INFORMATION ACCOUNTING FOR NUCLEAR MATERIALS FOREIGN VISITORS

During the mid–1980s, the predominant concern of DOE officials was improving the physical security of the nuclear weapons laboratories and plants. Following a January 1983 report 2 that outlined vulnerabilities of the weapons labs to terrorism, the Department embarked on a five–year program of construction and purchases that would see its overall safeguards and security budget roughly double and its spending on upgrades nearly triple. Included was money for additional guards, security training, helicopters, fortified guard towers, vehicle barriers, emergency planning, and advanced alarm systems.3

Improving physical security in a wide array of nuclear weapons facilities whose replacement value was an estimated $100 billion 4, proved to be difficult. Reports through the late 1980s and early 1990s continued to highlight deficiencies in the management of physical security.

In the late 1980s, priorities began to shift somewhat. Listening devices were discovered in weapons–related facilities,5 and a 1990 study advised the Department leadership of an intensifying threat from foreign espionage. Less and less able to rely on the former Soviet Union to supply technology and resources, an increasing number of states embarked on campaigns to bridge the economic and technological gap with the United States by developing indigenous capabilities in high technology areas. The study noted that the freer movement of goods, services and information in a less hostile world “intensified the prospects and opportunities for espionage as missing pieces of critically needed information became more easily identified.”6

An intelligence report further highlighted the changing foreign threat to the labs by noting that “new threats are emerging from nontraditional adversaries who target issues key to U.S. national security. DOE facilities and personnel remain priority targets for hostile intelligence collection.”7 Anecdotal evidence corroborates, and intelligence assessments agree, that foreign powers stepped up targeting of DOE during the early 1990s. (See Classified Appendix) While this threat may have been taken seriously at the highest levels of the DOE, it was not uniform throughout the Department.

A former FBI senior official noted in discussions with the PFIAB investigative panel that DOE lab scientists during these years appeared naive about the level of sophistication of the nontraditional threat posed by Chinese intelligence collection. The trend in openness to for-eign visitors and visits does not indicate any sense of heightened wariness. A 1997 GAO report concluded that from mid–1988 to the mid–1990s, the number of foreign visitors to key weapons labs increased from 3,800 to 5,900 annually and sensitive country visitors increased from 500 to more than 1,600. 8 Meanwhile, the DOE budget for counterintelligence was in near–constant decline.

As noted in the previous chapter, federal officials in charge of oversight of nuclear weapons laboratories have historically allowed decisionmaking on basic aspects of security to be decentralized and diffuse. With their budget spread piecemeal throughout a number of offices, security and counterintelligence officials often found themselves with a weak voice in internal bureaucratic battles and an inability to muster the authority to accomplish its goals. Indeed, an excerpt from a history of the early years of the Atomic Energy Commission, reads much like recent studies:

More than 30 years later, decentralization still posed a problem for security managers. An internal DOE report in 1990 found that the Department lacked a comprehensive approach to management of threats and dissemination of information about them.10 A DOE annual report in 1992 found that security “has suffered from a lack of management focus and inconsistent pro-cedural execution throughout the DOE complex. The result is that personnel are seldom held responsible for their disregard, either intentional or unintentional, of security requirements." 11

The counterintelligence effort at DOE in the late 1980s and mid–1990s was in its infancy and grossly underfunded. Although the Department could have filled its gap in some areas, such as counterintelligence information, through cooperation with the broader intelligence community, PFIAB research and interviews indicate that DOE headquarters’ relationship with the FBI—the United States’ primary domestic CI organization—was strained at best.

DOE requested an FBI agent detailee in 1988 to assist in developing a CI program, but the agent found that DOE failed to provide management support or access to senior DOE decisionmakers. A formal relationship with the FBI was apparently not established until 1992: a Memorandum of Understanding between the FBI and DOE on respective responsibilities concerning the coordination and conduct of CI activities in the United States. However, in 1994 two FBI detailees assigned to DOE complained about their limited access and were pulled back to FBI because of a “lack of control of the CI program by DOE headquarters which resulted in futile attempts to better manage the issue of foreign visitors at the laboratories.”12


We asked a number of DOE officials to whom they report, to whom they were responsible. Invariably, their answer was: “It depends."

The haphazard assortment of agencies and missions folded into DOE has become so confusing as to become a running joke within the institution. In the course of the panel’s research and interviews, rare were the senior officials who expressed any sort of confidence in their understanding of the extent of the agency’s operations, facilities, or procedures. Time and again, PFIAB panel members posed the elementary questions to senior DOE officials. To whom do you report? To whom are you accountable? The answer, invariably, was: “It depends.”

DOE’s relationship with the broader intelligence community was not well–defined until the mid–1990s. Coordination between DOE CI elements and the broader intelligence community, according to a 1992 intelligence report, was hampered from the 1980s through the early 1990s by DOE managers’ inadequate understanding of the intelligence community.13 The Department did not become a core member of the National Counterintelligence Policy Board (established in 1994 under PDD-24) until 1997.

Over much of the past decade, rather than a heightened sensitivity to espionage threats recognized widely throughout the intelligence community, DOE lab officials have operated in an environment that allowed them to be sanguine, if not skeptical. Numerous DOE officials interviewed by the PFIAB panel stated that they believed that the threat perception was weakened further during the administration of Secretary O’Leary, who advanced the labs openness policies and downgraded security as an issue by terminating some security programs instituted by her predecessor.

Even when the CI budget was expanded in the late–1990s, the expenditures fell short of the projected increases. In Fiscal Year 1997, for example, DOE’s CI budget was $3.7 million but the actual expenditures on CI were only two–thirds of that level, $2.3 million. Shortly before the 1997 GAO and FBI reports on DOE’s counterintelligence posture were issued, DOE began instituting changes to beef up its counterintelligence and foreign intelligence analytic capabilities.14

When DOE did devote its considerable resources to security, it too often faltered in implementation. A report to the Secretary in January 1994 noted “growing confusion within the Department with respect to Headquarters’ guidance for safeguards and security. At this time, there is no single office at Headquarters responsible for the safeguards and security program. Most recently, a number of program offices have substantially expanded their safeguards and security staff to office–size organizations. These multiple safeguards and security offices have resulted in duplication of guidance, unnecessary requests for information and clarification, and inefficient program execution. Unchecked, this counterproductive tendency threatens the success of the overall safeguards and security effort.”15

A 1996 DOE Inspector General report found that security personnel at the weapons programs had purchased and stockpiled far more firepower—ranging from handguns and rifles to submachine guns and grenade launchers—than could ever be used in an actual emergency. The Oak Ridge facilities had more than three weapons per armed security officer—on and off duty. Los Alamos National Laboratory had more than four.16


Foreign agents could probably not shoot their way into U.S. weapons laboratories. But they could apply for an access pass to walk in and strike up a conversation.

Around the same time, GAO security audits of the research laboratories at these sites found lax procedures for issuing access passes to secure areas, inadequate prescreening of the more than 1,500 visitors from sensitive countries that visited the weapons laboratories annually, and poor tracking of the content of discussions with foreign visitors. The implication: foreign agents could probably not shoot their way past the concertina wires and bolted doors to seize secrets from U.S. weapons laboratories, but they would not need to do so. They could probably apply for an access pass, walk in the front door, and strike up a conversation.

PHYSICAL SECURITY

The physical security of the Department of Energy’s weapons–related programs is roughly divided into two essential functions: tracking and control over the property and equipment within the weapons-related laboratories, and keeping unwarranted intruders out, often referred to as the realm of “guns, guards, and gates."

The general approach to security, of course, was defined by the emphasis on secrecy associated with nuclear weapons program during World War II. Los Alamos National Laboratory was created as a “closed city”—a community with a high degree of self-sufficiency, clearly defined and protected boundaries, and a minimum of ingress from and egress to the outer world. Although the community is no longer “closed,” the weapons laboratories at Los Alamos, like those at the other national laboratories, still retain formidable physical protections and barriers. In examining the history of the laboratories, the panel found only a few instances where an outsider could successfully penetrate the grounds of an operation by destruction of a physical safeguard or direct violent assault.

In visits to several of the weapons laboratories, the members of the Special Investigative Panel were impressed by the great amount of attention and investment devoted to perimeter control, weaponry, and security of building entrances and exits. Indeed, one cannot help but be struck by the forbidding and formidable garrison–type atmosphere that is prevalent at many of the facilities: barbed wire, chain–link fences, electronic sensors, and surveillance cameras. Further, the panel recognizes that the labs themselves have developed and produced some of the most sophisticated technical security devices in the world. Nonetheless, DOE reports and external reviews since at least 1984 have continued to raise concerns about aging security systems.17


Clearances to secure DOE areas have been granted simply for convenience, such as to reduce the length of an employee’s walk from the car to the office each morning.

Management of the secure environments at the laboratories has posed more serious problems. As noted earlier, DOE may be spending too much money in some areas, buying more weapons than could conceivably be used in an emergency situation. In other cases, it may be spending too little. Budget cuts in the early and mid-1990s led to 40 to 50 percent declines in officer strength and over-reliance on local law enforcement. Resources became so low that normal protective force operations required “the use of overtime scheduling to accomplish routine site protection.”18 GAO has found an assortment of problems at Los Alamos over the past decade: security personnel failed basic tests in such tasks as firing weapons, using a baton, or handcuffing a suspect, and inaccurate and incomplete records were kept on security training.19 Other DOE facilities have had substantial problems in management of physical property.

DOE had begun to consolidate its growing stockpile of sensitive nuclear material by 1992, but a 1997 DOE report to the Secretary found that significant quantities of the material “remain in aging buildings and structures, ranging in age from 12 to 50 years, that were never intended for use as storage facilities for extended periods.”23

SCREENING AND MONITORING OF PERSONNEL

Insider threats to security have been a chronic problem at the nation’s weapons laboratories. From the earliest years, the importance of the labs’ missions and their decentralized structure have had an uneasy coexistence with the need for thorough background investigations of researchers and personnel needing access to sensitive areas and information.

In 1947, the incoming director of security for the AEC was greeted with a backlog of more than 13,000 background investigations and a process where clearances had been dispersed to field offices that operated with few formal guidelines.24

Forty years later, GAO found that the backlog of personnel security investigations had increased more than nine-fold, to more than 120,000. Moreover, many clearances recorded as valid in the Department’s records should have been terminated years before.25


Even after DOE discovered listening devices in some of its weapons laboratories, security audits found that thousands of “Q" clearances were being given to inappropriate personnel.26

The research of the PFIAB panel found that problems with personnel security clearances, while mitigated in some aspects, have persisted to an alarming degree. From the mid–1980s through the mid–1990s, the DOE Inspector General repeatedly warned Department officials that personnel were receiving clearances that were much higher than warranted and that outdated clearances were not being withdrawn on a timely basis. The issue became more urgent with the discovery of a clandestine surveillance device at a nuclear facility.27

But problems persisted. DOE Inspector General reports in 1990 and 1991 found that one of the weapons laboratories had granted “Q” clearances (which provide access to U.S. government nuclear weapons data) to more than 2,000 employees who did not need access to classified information.28 A 1992 report to the Secretary of Energy noted that “DOE grants clearances requested by its three major defense program sponsored labs based on lab policies to clear all employees regardless of whether actual access to classified interests is required for job performance.”29

Three years later, a review of personnel security informed the Secretary there were “individuals who held security clearances for convenience only and limited security clearances to those individuals requiring direct access to classified matter or [special nuclear materials] to perform official duties.”30

More recent evidence is no more reassuring. A counterintelligence investigation at a nuclear facility discovered that the subject of an inquiry had been granted a “Q" clearance simply to avoid the delay caused by the normal processing of a visit.31 That same year, an illegal telephone wiretap was discovered at the same lab. The employee who installed it confessed, but was not prosecuted by the government.32

PROTECTION OF CLASSIFIED AND SENSITIVE INFORMATION

Two vulnerabilities regarding classified and sensitive information at DOE have recurred repeatedly throughout the past 20 years: inappropriate release of classified information, either directly through inadvertence or indirectly through improper declassification; and the increasing mobility of classified and sensitive information through electronic media, such as computers.

As computers have progressed from the large mainframes of the 1950s and 1960s to desktop models in the 1980s and decentralized networks in the 1990s, it has become progressively easier for individuals to retrieve and transport large amounts of data from one location to another. This has presented an obvious problem for secure environments. GAO found in 1991 that DOE inspections revealed more than 220 security weaknesses in computer systems across 16 facilities. Examples included a lack of management plans, inadequate access controls, and failures to test for compliance with security procedures.33

As a 1996 DOE report to the President said, “adversaries no longer have to scale a fence, defeat sensors, or bypass armed guards to steal nuclear or leading–edge ‘know-how’ or to shut down our critical infrastructure. They merely have to defeat the less ominous obstacles of cyber–defense.”34


Computer systems at some DOE facilities were so easy to access that even Department analysts likened them to “automatic teller machines, [allowing] unauthorized withdrawals at our nation’s expense."

DOE’s cyber–defenses were, in fact, found to be “less ominous obstacles." In 1994, an internal DOE review found that despite security improvement “users of unclassified computers continue to compromise classified information due to ongoing inadequacies in user awareness training, adherence to procedures, enforcement of security policies, and DOE and [lab] line management oversight."35 Also in 1994, a report to the Energy Secretary cited five areas of concern: “failure to properly accredit systems processing classified information, lack of controls to provide access authorities and proper password management; no configuration management; improper labeling of magnetic media; and failure to perform management reviews."36

Apparently, the warnings were to no avail. A year later, the annual report to the Secretary noted: “Overall, findings and surveys, much like last year, continue to reflect deficiencies in self–inspections and procedural requirements or inappropriate or inadequate site guidance … In the area of classified matter protection and control, like last year, marking, accountability, protection, and storage deficiencies are most numerous."37

Some reports made extra efforts to puncture through the fog of bureaucratic language. A 1995 report to the President said: “By placing sensitive information on information systems, we increase the likelihood that inimicable interests, external and internal, will treat those systems as virtual automatic teller machines, making unauthorized withdrawals at our nation’s expenses." Indeed, a report found security breaches at one of the major weapons facility in which documents with unclassified but sensitive information “were found to be stored on systems that were readily accessible to anyone with Internet access."38 In other instances, personnel were found to be sending classified information to outsiders via an unclassified email system.39


Ahead of its Time

In 1986, the DOE Office of Safeguards and Quality Assessment issued an inspection report on a weapons lab that warned of shortcomings in computer security and noted that the “ability of [a] user to deliberately declassify a classified file without detection and move classified information from the secure partition to the open partition can be made available to any authorized user either on or off site."40 The warning turned out to be on the mark. In April of this year, Energy Secretary Bill Richardson issued a statement: “While I cannot comment on the specifics, I can confirm that classified nuclear weapons computer codes at Los Alamos were transferred to an unclassified computer system. This kind of egregious security breach is absolutely unacceptable ... ."


Even though the hard evidence points to only sporadic penetrations of the labs by foreign intelligence services (see classified appendix), volumes of sensitive and classified information may have been lost over the years—via discarded or purloined documents; uninformed and often improperly vetted employees, and a maze of uncontrolled computer links. In one recent case discovered by PFIAB, lab officials initially refused to rectify a security vulnerability because “no probability is assigned to [a loss of sensitive information], just the allegation that it is possible.”41

As recent as last year’s annual DOE report to the President, security analysts were finding “numerous incidents of classified information being placed on unclassified systems, includ-ing several since the development of a corrective action plan in July 1998.”42

TRACKING OF NUCLEAR MATERIALS: HOW MUCH MUF?

MUF stands for “materials unaccounted for,” the official term used until the late 1970s for discrepancies in the amount of nuclear materials that can be physically located in inventory versus the amount noted in Department records. MUF (now termed with the more politic phrase “inventory differences”) has been a recurring concern—and debate—in the nuclear research field since the beginning. The question at the center of the debate: if large quantities of nuclear material are impossible to measure with absolute precision, what constitutes a significant loss?

As in many questions, the answer depends on whom you ask. Officials of nuclear research facilities have argued that the scale and complexity of the processing and handling of nuclear material inevitably result in losses that are detectable but inconsequential. Outside observers have tended to be less sanguine about what constitutes a significant loss from a security standpoint. In 1976, the General Accounting Office reported that the Nuclear Regulatory Commission and the Energy Research and Development Administration (DOE’s predecessor) could not account for 8,000 pounds of highly enriched uranium and plutonium. Officials of the two agencies responded that part of the accounting discrepancy could be ascribed to the statistical margin of error in their measuring equipment, the rest was probably dregs created during processing and left in machinery parts, wiping cloths, and scrap items.43

Critics of the agencies have pointed out that thieves could easily use the variance in statistical measures to cover their tracks, stealing an increment during each measuring period that falls just within the margin of error. They have also pointed out that if Department records are not accurate, it is impossible for anyone to estimate the stock of nuclear material at any given point, much less the difference between two levels as it proceeds from one stage of the nuclear cycle to the next. In December 1994, the Department released updated figures for the cumulative amount of MUF or inventory difference for the 50-year period beginning in 1944. The cumulative figure: 6,174 pounds. Of that amount, a cumulative total of about 10 pounds was ascribed to “accidental losses" and “approved write-offs."44

GAO has continued to highlight the issue since DOE has become the steward of the nation’s nuclear weapons laboratories. GAO published a report in 1991 criticizing the insufficiency of the Department’s measuring systems and handling procedures 45 ; in 1994, criticizing its methods of tracking exported nuclear material;46 and in 1995, for installing a new system that was allegedly faulty.47

Even if accurate systems of measurement and accounting had been in place, it is not clear whether DOE officials would have been qualified to manage them effectively. A 1995 report to the President warned that “severe budget reductions, diminished technical resources, increased responsibilities, and reduced mission training ... have undermined protection of special nuclear material and restricted data."48

Last year, a report by an external review panel found “a lack of nuclear physical security expertise at all levels in the oversight process; ad hoc structuring of safeguards and security functions throughout the Department, and placement of oversight functions in positions which constrain their effectiveness."49

The dispute over the accuracy of nuclear measurements, of course, is beyond the technical capabilities of this panel to resolve. But the panel members do believe that its persistence and the low priority given to the issue relative to other DOE scientific goals is indicative of the institutional attitude that DOE has had toward security: nonscientists have a poor understanding of all things nuclear, so their judgments about acceptable levels of risk are suspect prima facie.

FOREIGN VISITORS AND ASSIGNMENTS PROGRAM

True to the tradition of international partnership molded by the experiences of the Manhattan Project, the weapons labs have remained a reservoir of the best international scientific talent. Recent examples abound: a supercomputing team from Oak Ridge National Lab, made up of three PRC citizens and a Hungarian, recently won the Gordon Bell Prize; a Bulgarian and a Canadian, both world-class scientists, are helping Lawrence Livermore National Lab solve problems in fluid dynamics; a Spanish scientist, also at Livermore, is collaborating with colleagues on laser propagation.

But for more than a decade, the increasing prominence of foreign visitors in the weapons labs has increased concern about security risks. The PFIAB panel found that as early as 1985, the DCI raised concerns about the foreign visitors’ program with the Energy Secretary. A year later, researchers conducting internal DOE review could find only scant data on the number and composition of foreign nationals at the weapons labs. Although intelligence officials drafted suggestions for DOE’s foreign visitor control program, PFIAB found little evidence of reform efforts until the tenure of Secretary Watkins.

A 1988 GAO report cited DOE for failing “to obtain timely and adequate information on for-eign visitors before allowing them access to the laboratories." The GAO found three cases where DOE allowed visitors with questionable backgrounds—possible foreign agents—access to the labs. In addition, the GAO found that about 10 percent of 637 visitors from sensitive countries were associated with foreign organizations suspected of conducting nuclear weapons activities but DOE did not request background data on them prior to their visit. DOE also had not conducted its own review of the visit and assignment program at the weapons labs despite the DOE requirement to conduct audits or reviews at a minimum of every five years. Moreover, GAO reported that few post–visit or host reports required by DOE Order 12402 were submitted within 30 days of the visitors’ departure and some were never completed.50

The following year, DOE revised its foreign visitor policy and commissioned an external study on the extent and significance of the foreign visitor problem. DOE’s effort to track and vet visitors, however, still lagged well behind the expansion of the visitor program, allowing foreigners with suspicious backgrounds to gain access to weapons facilities. A study pub-lished in June 1990 indicated DOE had a “crippling lack of essential data, most notably no centralized, retrievable listing of foreign national visitors to government facilities." 51

By September, 1992, DOE had instituted Visitor Assignment Management System (VAMS) databases, used to track visitors and assignees requesting to visit DOE. The system, however, failed to provide links between the labs that could be used for CI analysis and cross-checking of prospective visitors. Moreover, labs frequently did not even use the database and failed to enter visitor information. Instead, each lab developed its own computer program independently.

Reviews of security determined that, despite an increase of more than 50 percent in foreign visits to the labs from the mid–1980s to the mid–1990s, DOE controls on foreign visitors actually weakened in two critical areas: screening for visitors that may pose security risks, and monitoring the content of discussions that might touch on classified information.

In 1994, DOE headquarters delegated greater authority to approve nonsensitive country visitors to the laboratories, approving a partial exception for Los Alamos and Sandia National Laboratories to forego background checks to help “reduce costs and processing backlogs." This resulted in almost automatic approval of some foreign visitors and fewer background checks. The FBI and GAO subsequently found that “questionable visitors, including suspected foreign intelligence agents, had access to the laboratories without DOE and/or laboratory officials’ advance knowledge of the visitors’ backgrounds."52

Changes in records checks over the past decade also made it easier for individuals from sensitive countries to gain access to the laboratories. In 1988, for example, all visitors from Communist countries required records checks regardless of the purpose of the visit. By 1996, records checks were only required for visitors from sensitive countries who visited secure areas or discussed sensitive subjects.

An internal DOE task force in 1996 determined that the Department’s definitions of sensitive topics were not specific enough to be useful. It directed the DOE office of intelligence to develop a new methodology for defining sensitive topics, but did not set a due date. The 1996 group also called for a Deputy Secretary–level review of foreign visits and assignments to be completed by June 1997. 53 The PFIAB panel found no evidence to suggest that these tasks were accomplished.

In 1997, GAO found that DOE lacked clear criteria for identifying visits that involve sensitive subjects, U.S. scientists may have discussed sensitive subjects with foreign nationals without DOE’s knowledge or approval; and the Department’s counterintelligence program had failed to produce comprehensive threat assessments that would identify likely facilities, technologies, and programs targeted by foreign intelligence.a href="#54">54 The study found that records checks were still not being conducted regularly on foreign visitors from sensitive countries. 55 Last year, 7,600 foreign scientists paid visits to the weapons labs.56 Of that total, about 34 percent were from countries that are designated “sensitive” by the Department of Energy—meaning they represent a hostile intelligence threat. The GAO reported last year that foreign nationals had been allowed after-hours and unescorted access to buildings.57


ENDNOTES

On to Next Section

Back to Report Top Page




FAS | Secrecy | PFIAB Top Page ||| Index | Search | Join FAS