• Consolidates and rationalizes the Safeguards and Security and the Emergency response and operations functions from throughout the entire Department of Energy Complex under a new Security Czar.

• Brings classified and unclassified cyber-security functions from across the entire Department of Energy complex under the CIO. Transfers the CIO into the new organization.

• Resolves budget trade-off disputes by establishing a crosscut safeguards and security budget. This new office will develop and oversee the budget for the entirety of safeguards and security in the Department of Energy complex.

• Creates new Office of Foreign Visits and Assignments (FV&A) Policy to track and monitor all FV&A, to ensure all FV&A are done in a secure manner, and to issue regular reports to the Secretary on all visits.

• The new office will provide independent analysis of the performance of safeguards and security and other critical functions (Emergency Management, nuclear materials accounting, etc.) across the department.

• Elevates and aligns the Department of Energy Independent Oversight and Performance Assurance Functions to ensure that potential safeguards and security deficiencies receive appropriate senior management attention and priority.

• Ensures constant tracking and accountability of all SNM on the entire Department of Energy complex.

• Provides regular reports on all SNM accounting to the Secretary.

• Real-time, reliable and complete information on the most sensitive DOE fissile material (plutonium, enriched uranium, uranium-233 and alternate nuclear materials) on inventory domestically as well as transferred abroad.

• Support broad nuclear material information needs of the government and public and assist in departmental decision-making.

4. Cyber-security improvements supported by a significant budget increase.

• Substantially increase funding for cyber security.

• Ensure continual monitoring of DOE computers for unauthorized or non-secure use.

• Implement needed upgrades in electronic and physical protection to ensure

  against future cyber-related incidents.

• Improve human reliability and training programs for cyber-security.

• Strengthen penalties, including immediate suspensions for verified intentional or reckless breaches that create a significant risk of a national security compromise, or that display a willful disregard for security procedures.

6. Counterintelligence Improvements. Secretary Richardson has already significantly rebuilt the DOE CI program. To ensure it is as effective as possible, DOE is undertaking seven new initiatives.

• End the backlog of DOE background investigations. By the end of calendar 1999, DOE will have initiated all pending re-investigations.

• DOE will mandate the use of "banners" across the complex which will apprise users logging onto a system that it is subject to audit.

• New vulnerability "red teams" to certify the departments security and counterintelligence capabilities.

• Propose legislation to strengthen this group's charter.

9. Accelerate Upgrades to Physical Safeguards and Security.

• Significantly increase funding to ensure security of the Department of Energy nuclear complex.

• Apply new technologies and capabilities including: installation of explosive and human detection devices and chem-bio protection capabilities at sensitive labs.

• Train 1000 Computer security and system administrators from across the DOE complex with cutting edge cyber-security tools and procedures. To be completed by the end of this calendar year.

• Brief all managers of the specific cyber-security threats, their responsibility to defend against it, and countermeasures available to do so.

The new Director of the Office of Counterintelligence was also directed to prepare a strategic plan, with recommendations for strengthening counterintelligence at DOE and its laboratories. That plan was approved by the Secretary in November 1998, and the following recommendations have been implemented to date:

• The Director of the Office of Counterintelligence (OCI) is a senior executive from the Federal Bureau of Investigation (FBI) who reports directly to the Secretary of Energy. The Director also has direct access to the Director of Central Intelligence (DCI) and the Director, FBI.

• The lab directors are now directly accountable to the Secretary of Energy for the performance of the Counterintelligence Program at their locations. The Director, OCI has assigned experienced Counterintelligence Officers (CIOs) at the five weapons laboratories.

• The Director, OCI as the program manager for CI, has submitted a consolidated budget request encompassing all CI activities, including personnel in DOE and the laboratories. Henceforth, all DOE CI activities will be programmed and funded directly by OCI.

• CIOs are monitoring all instances of close and continuing contact between DOE personnel and foreign nationals from sensitive countries.

• The Director, OCI has established an internal inspection function to review compliance with Presidential Decision Directive/NSC-61 (PDD-61) and evaluate the performance of CIOs at DOE.

• The OCI Analysis Program has completed a threat assessment regarding two countries of proliferation concern, and is working on the second in what will be a series of threat assessments and other products designed to aid DOE's CI professionals in better targeting their resources.

• The screening and adjudicative authority for the high-risk population has been transferred to OCI. The OCI has created a Personnel Security Program which will manage the CI-Scope Polygraph Program, an expanded financial disclosure program, and forensic financial investigations.

• The Director, OCI has created a CI-Cyber Program, which is working in coordination with the larger DOE Critical Infrastructure Protection effort, as mandated by PDD-63.

• OCI has established formal procedures for referrals to the FBI mandated by Section 811 of the Intelligence Authorization Act of 1995. OCI is directly involved in the referral process.

• OCI has requested that FBI Headquarters recruit and station Special Agents with counterintelligence experience in the five nuclear laboratory jurisdictions.

• Local CIOs have established formal procedures for liaison with their local FBI counterparts. The efficacy of these procedures will be assessed in the inspection process.

• OCI's Training Program is ensuring that CI and Security Awareness briefings are better targeted to the audience, allowing for tailored presentations to various segments of the laboratory community.

• CIOs are entering into the Counterintelligence Analytical Research Data System (CARDS) sensitive country visit/assignment and foreign travel data that produces CI relevant information.

• The Director, OCI is now a member of the DOE Special Access Program Oversight Committee (SAPOC), and as such has been granted access to DOE Special Access Programs in order to contribute to the development of heretofore non-existent CI Plans required in the Security Program Manual.

• CIOs are requesting indices checks on all foreign national visitors and assignees from sensitive countries, and on those non-sensitive country foreign nationals who will have access to sensitive technologies and/or security areas.

• CIOs are contacting, either orally or in writing, all DOE employees having interaction with foreign nationals from sensitive countries in any fora. Both OCI personnel and CIOs are developing close and cooperative relationships with DOE international scientific and non-proliferation exchanges for pre-briefing and debriefing purposes.

• The current DOE Policy and DOE Order on Unclassified Foreign visits and Assignments (to include all exemptions and waivers) will have been rescinded and a new policy will have been issued by the Secretary of Energy. This new Policy will reflect those CI recommendations regarding Foreign Visits and Assignments.

• All OCI federal employees, and volunteering OCI contractor employees, will have taken the CI-scope polygraph. The "rule-making" procedures for applying the CI-scope polygraph of all contractors in "high-risk" positions will also be in progress.

• Each Laboratory Director will have developed an unclassified sensitive technologies list for his/her facility and provided it to OCI.

• OCI's Analysis Program will have requested the CIA's assistance in filling critical substantive gaps by assigning analysts on a rotational detail to OCI.

1)DOE sites will establish a program to continually monitor computer systems for security

• Audits will be conducted of security and content, and system administrators will be accountable for performance.

• Continual testing will ensure that vulnerabilities are not introduced when new computers systems are added or configurations changed.

• Train 1000 Computer security and system administrators from across the DOE complex with cutting edge cyber-security tools and procedures. To be completed by the end of this calendar year.

• Brief all managers of the specific cyber-security threats, their responsibility to defend against it, and countermeasures available to do so

• Audit program will provide a significant deterrence to unauthorized activity

• Will include various tools and methods, such as e-mail and file sniffers, random file audits, random supervisor checks, logging file access, and increased "logging" of file transfers and print jobs.

• Conduct a detailed assessment of cyber security at all three weapons laboratories (Los Alamos, Lawrence Livermore, and Sandia) to verify the implementation and effectiveness of recent cyber security enhancements.

• Establish a program to include unannounced inspections, remote testing for network vulnerabilities, and attempts to penetrate computer systems using techniques similar to those used by hackers.

• Establish a process to track corrective actions in response to independent oversight findings

• Includes more stringent logging, controlling printed output, and establishing controls to prevent coded and/or encrypted messages from leaving the DOE sites.

• Ensure DOE orders in place to prohibit individuals from downloading classified files to any removable media or printed matter without specific authorization.

• Establish requirements that place stringent controls on computers and workstations, including controls on removable media, removable drives, devices, printers, lap-link cables, and ports that could be used to download files.

1. Ask the FBI to conduct all DOE "Q clearance" background investigations. End the backlog of DOE background reinvestigations.

• Increase the DOE background check basic budget by $5M in 2000 ($30M to $35M).

• By the end of calendar year 1999, DOE will have initiated all necessary reinvestigations to end the current backlog.

• DOE is recommending to the FBI that the FBI conduct all background investigations for DOE "Q" clearances.

2. Make necessary changes to regulations to allow auditing of all official government computers across the DOE complex. Mandate the use of "banners."

• Banners will apprise users logging onto a system that the computers are for government use only and the user may be monitored.

• DOE security and counterintelligence offices will now more easily be able to log e-mail and search government computers within the National Laboratories and nuclear weapons plants, as well as investigate unauthorized activity/users on DOE systems

• DOE security and counterintelligence investigations and audits will increase scrutiny of email traffic and other government computer use

• Analysis and "Red Team" groups to evaluate the threat and vulnerability of DOE and the National Laboratories to espionage

• "Red Teams" would conduct classified operational tests of lab counterintelligence and security program.

4. Require all DOE Facilities to use intrusion detection tools, and to report all intrusions (root-level compromise) to the DOE Office of Counterintelligence and the FBI's National Infrastructure Protection Center for investigation and analysis.

5. DOE and FBI have signed a Memorandum of Understanding which ensures better coordination between the DOE Office of Counterintelligence and the FBI National Security Division.

• Under new MOU, FBI and DOE are compelled to rapidly share information about any potential espionage issues and investigations.

• Require all DOE Office of Counterintelligence employees, National Laboratory Counterintelligence Officers, and all other supervisors of DOE and DOE contract employees to notify the DOE official responsible for maintaining Q clearances (the Office of Security Affairs) and the Department of Energy Office of Counterintelligence of any issues that might impact issuance and maintenance of such a clearance, even when such issues fail to rise to the level of an indictment.

• Mandatory reporting by all DOE employees of any substantive contact with foreign nationals from sensitive countries

• Consolidation of two existing personnel security reliability programs into one improved program