This is the accessible text file for GAO report number GAO-03-471 entitled 'Nuclear Security: NNSA Needs to Better Manage Its Safeguards and Security Program' which was released on June 24, 2003. This text file was formatted by the U.S. General Accounting Office (GAO) to be accessible to users with visual impairments, as part of a longer term project to improve GAO products' accessibility. Every attempt has been made to maintain the structural and data integrity of the original printed product. Accessibility features, such as text descriptions of tables, consecutively numbered footnotes placed at the end of the file, and the text of agency comment letters, are provided but may not exactly duplicate the presentation or format of the printed version. The portable document format (PDF) file is an exact electronic replica of the printed version. We welcome your feedback. Please E-mail your comments regarding the contents or accessibility features of this document to Webmaster@gao.gov. This is a work of the U.S. government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from GAO. Because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. Report to the Chairman, Subcommittee on National Security, Emerging Threats, and International Relations, Committee on Government Reform, House of Representatives: United States General Accounting Office: GAO: May 2003: Nuclear Security: NNSA Needs to Better Manage Its Safeguards and Security Program: GAO-03-471: GAO Highlights: Highlights of GAO-03-471, a report to the Chairman, Subcommittee on National Security, Emerging Threats, and International Relations, Committee on Government Reform, House of Representatives Why GAO Did This Study: The attacks of September 11, 2001, intensified long-standing concerns about the adequacy of safeguards and security at four nuclear weapons production sites and three national laboratories that design nuclear weapons—most of these facilities store plutonium and uranium in a variety of forms. These facilities can become targets for such actions as sabotage or theft. The Department of Energy (DOE) and the National Nuclear Security Administration (NNSA)—a separately organized agency within DOE—are responsible for these facilities. NNSA plays a crucial role in managing the contractors operating many of these facilities to ensure that security activities are effective and in line with departmental policy. GAO reviewed how effectively NNSA manages its safeguards and security program, including how it oversees contractor security operations. What GAO Found: NNSA has not been fully effective in managing its safeguards and security program in four key areas. As a result, NNSA cannot be assured that its contractors are working to maximum advantage to protect critical facilities and material from individuals seeking to inflict damage. The four areas are as follows: * Defining clear roles and responsibilities. NNSA still has not fully defined clear roles and responsibilities for its headquarters and site operations. * Assessing sites’ security activities. Without a stable and effective management structure and with ongoing confusion about roles and responsibilities, inconsistencies have emerged among NNSA sites on how they assess contractors’ security activities. Consequently, NNSA cannot be assured that all facilities are subject to the comprehensive annual assessments that DOE policy requires. * Overseeing contractors’ corrective actions. To compound the problems in conducting security assessments, NNSA contractors do not consistently conduct required analyses in preparing corrective action plans. As a result, potential opportunities to improve physical security at the sites are not maximized because corrective actions are developed without fully considering the problems’ root causes, risks posed, or cost versus the benefit of taking corrective action. Allocating staff. NNSA has shortfalls at its site offices in the total number of staff and in expertise, which could make it more difficult for site offices to effectively oversee security activities. What GAO Recommends: GAO is making four recommendations to the Secretary of Energy and the Administrator of NNSA to focus more on certain key management and oversight issues. Commenting on the draft report, NNSA disagreed with GAO’s conclusion that NNSA was not ensuring the comprehensive, annual assessments of contractors’ performance that DOE policy requires. GAO continues to believe that NNSA’s current efforts do not ensure conformance to DOE policy. www.gao.gov/cgi-bin/getrpt?GAO-03-471. To view the full report, including the scope and methodology, click on the link above. For more information, contact Robin M. Nazzaro at (202) 512-3841 or nazarror@gao.gov. [End of section] Contents: Letter: Results in Brief: Background: NNSA's Lack of Safeguards and Security Direction in Key Areas Results in Inconsistent Management of Contractors: Conclusions: Recommendations for Executive Action: Agency Comments and Our Evaluation: Appendix I: Comments from the National Nuclear Security Administration: Appendix II: GAO Contact and Staff Acknowledgments: Abbreviations: DOE: Department of Energy: FRAM: Functions, Responsibilities, and Authorities Manual: NNSA: National Nuclear Security Administration: United States General Accounting Office: Washington, DC 20548: May 30, 2003: The Honorable Christopher Shays Chairman, Subcommittee on National Security, Emerging Threats, and International Relations Committee on Government Reform House of Representatives: Dear Mr. Chairman: Over the past decade, we and others have raised concerns about the adequacy of security at nuclear weapons facilities within the Department of Energy (DOE) and the National Nuclear Security Administration (NNSA)--a separately organized agency within DOE. For example, we reported in 2002 that DOE had not addressed problems in implementing security initiatives,[Footnote 1] while an independent study by the Commission on Science and Security,[Footnote 2] conducted at the request of DOE, found deficiencies in cyber security. Concerns over security within the nuclear weapons complex were brought into sharper focus by the September 11, 2001, terrorist attacks. These attacks highlighted the importance of effective physical security[Footnote 3] in response to a potentially large and well- organized threat. NNSA relies upon its safeguards and security program to ensure the physical security of the nation's nuclear weapons complex. Currently, the complex has four production sites: the Pantex Plant, Amarillo, Texas; the Y-12 Plant, Oak Ridge, Tennessee; the Kansas City Plant, Kansas City, Missouri; and the Savannah River Site, Aiken, South Carolina. In addition to the production sites, the complex includes the Nevada Test Site and three national laboratories that design nuclear weapons: Lawrence Livermore National Laboratory, Livermore, California; Los Alamos National Laboratory, Los Alamos, New Mexico; and the Sandia National Laboratories, Albuquerque, New Mexico, and Livermore, California. To implement its safeguards and security program, NNSA relies on site contractors that are responsible for conducting day-to-day security activities and adhering to DOE policies as they operate the complex's laboratory and production facilities. The contractors' activities are subject to DOE-NNSA oversight. NNSA has offices--site offices--co-located with each site. Many of these sites possess Category I special nuclear material. Category I material includes plutonium and uranium in the following forms: (1) assembled nuclear weapons and test devices; (2) products containing higher concentrations of plutonium or uranium, such as major nuclear components, and recastable metal; and (3) high-grade materials, such as carbides, oxides, solutions, and nitrates. The risks this radioactive material poses vary, but include the potential for sabotage, or theft for illegal use in a nuclear weapon. Because these materials pose such risks, NNSA's management of the safeguards and security program, which includes overseeing contractor activities, is essential to preventing an unacceptable, adverse impact on national security. DOE's Office of Security develops and promulgates orders and policies that guide NNSA's safeguards and security program. NNSA is responsible for ensuring that its contractors' security activities are effective and conform to DOE's orders and policy requirements. In conducting this oversight, NNSA generally uses certain key processes intended to identify specific weaknesses at contractor-operated sites and ensure that weaknesses are corrected. These processes include, among other things, (1) annual, comprehensive surveys conducted by subject matter experts from across the complex and (2) ongoing reviews of one or more aspects of contractors' program (surveillance) by NNSA site officials.[Footnote 4] DOE's Office of Independent Oversight and Performance Assurance also assesses contractor security activities. In response to NNSA surveys and assessments conducted by the Office of Independent Oversight and Performance Assurance, DOE policy requires contractors to prepare corrective action plans for identified problems and to ensure that these actions are based on documented root cause analysis, risk assessment, and cost-benefit analysis. You asked us to review physical security at NNSA and DOE facilities that contain Category I materials. Specifically, as agreed with your office, this report examines how NNSA manages its safeguards and security program. This report is the first of two that we will be issuing to you on various aspects of physical security at NNSA and DOE facilities. Our followup report will focus on the extent to which physical security has improved; the effectiveness of the process for establishing safeguards and security requirements following the September 11, 2001, attacks; and the remaining vulnerabilities. To evaluate the overall safeguards and security oversight process, we reviewed DOE policy and planning documents, including orders, implementation guidance, and reports. We looked at what the orders and guides prescribed, particularly DOE Order 470.1, and compared this to how operations and site offices were following and implementing the policies to see if there were any deficiencies. To determine how NNSA organizes and conducts overall safeguards and security oversight, we met with officials from DOE and NNSA headquarters and NNSA site offices. The primary offices from which we obtained information were from DOE's Office of Security, Office of Independent Oversight and Performance Assurance, and NNSA's Office of Defense Nuclear Security and Nuclear Safeguards and Security Program.[Footnote 5] We also evaluated the NNSA reorganization with regard to the potential impact on oversight roles and responsibilities of NNSA headquarters and site offices. We visited 7 site offices from March 2002 to October 2002, to determine how federal contractor oversight and the safeguards and security program is managed. Specifically, we visited Los Alamos National Laboratory and the Office of Los Alamos Site Operations in New Mexico, Sandia National Laboratory and the Office of Kirtland Site Operations in New Mexico, Department of Energy's Albuquerque Operations Office in New Mexico, the Office of Transportation Safeguards in New Mexico, Y-12 Plant, and the Y-12 Site Office in Tennessee, Pantex Plant and the Office of Amarillo Site Operations in Texas, the Savannah River Site[Footnote 6] and the Savannah River Site Office in South Carolina, and Lawrence Livermore National Laboratory and the Livermore Site Office in California. At each location we met with both federal and contractor officials and obtained pertinent supporting documentation. To determine how NNSA sites prepare and document corrective action plans and related analyses, we examined 43 closed and open corrective action plans dated from 1999 through 2002 that we selected at random from each of the 6 NNSA sites (as well as the DOE Savannah River Site, which is expected to come under NNSA's jurisdiction in the future) that contain category I special nuclear materials.[Footnote 7] We reviewed these plans to determine the extent and type of analyses that support the corrective actions in the plans. These plans generally represent the contractors' actions to address high priority findings in contractors' security and safeguards program. To understand how the corrective action process currently works, we compared the processes in place at each NNSA site we visited during 2002. We performed our review from December 2001 through April 2003 in accordance with generally accepted government auditing standards. Results in Brief: NNSA has not been fully effective in managing its safeguards and security program in four key areas, and therefore, it cannot be assured that its contractors are working to maximum advantage to protect critical facilities and material from individuals seeking to inflict damage. The following four areas are key: * Defining clear roles and responsibilities. Since its creation in March 2000, NNSA's management structure has been in a state of flux. While in December 2002, NNSA issued what it considers final directives for reorganizing headquarters and site offices, NNSA expects it will take until at least September 2004 to fully implement its new management structure. In particular, NNSA is still defining its site offices' roles and responsibilities for safeguards and security. Specifically, it is still developing the components of a Functions, Responsibilities, and Authorities Manual, which will not be completed for several months because of the highly detailed planning necessary for determining staff functions at the various sites. This manual, which NNSA itself recognizes as crucial, is intended to set out roles and responsibilities clearly. This still-developing management structure led to confusion about the roles and responsibilities of the headquarters and site offices. * Assessing sites' security activities. Without a functional management structure and with ongoing confusion about roles and responsibilities, inconsistencies have emerged among the NNSA sites on how to conduct key aspects of safeguards-and-security assessment activities. In particular, three out of the seven NNSA site offices use the traditional survey approach, as required by DOE policy, to oversee security activities, while four have discontinued surveys and instead rely on surveillance activities. The distinction between these two activities is important: A survey provides a comprehensive annual review, by a team of experts from throughout NNSA, of contractor safeguards and security and generally takes about 2 weeks. In contrast, surveillance relies on a single or small number of NNSA site officials overseeing one or more aspects of a contractor's safeguards and security activities throughout the year. However, officials from DOE's Office of Security--which developed the policy for conducting surveys- -believe the surveillance model does not comply with the DOE order because it does not provide a comprehensive overview. Furthermore, officials from DOE's Office of Independent Oversight and Performance Assurance and NNSA headquarters expressed concern about the site offices' ability to conduct surveillance because of shortfalls in available expertise. The four site offices have been able to operate using only surveillance activities because, during the reorganization of the management structure, NNSA has not issued guidance on complying with DOE policy for conducting surveys. * Overseeing contractors' corrective actions. NNSA contractors do not consistently conduct the analyses DOE policy requires in preparing corrective action plans, compounding the problems in ensuring physical security. Inconsistency occurs because the NNSA site officials do not have implementation guidance from headquarters on how to address corrective actions. Of the 43 corrective action plans we reviewed for 1999 through 2002, less than half showed that the contractor had performed the required root cause analysis. Furthermore, less than 25 percent demonstrated that the contractor had performed a required risk assessment or cost-benefit analysis. As a result, potential opportunities to improve physical security at the sites are not maximized because corrective actions are developed without fully considering the problems' root causes, risks posed, or cost versus benefit of taking corrective action. However, at the 7 sites we visited in 2002, the site offices and contractors are making some progress to establish formal processes for root cause and other analyses. Nevertheless, inconsistencies remain regarding the approaches used to complete these analyses. For example, some site processes specify that root cause analyses will be conducted for all corrective action plans, while other sites consider the completion of these analyses optional. An NNSA headquarters official stated that the agency expects to issue additional guidance for implementing DOE security policies in 2003. * Allocating staff. NNSA has shortfalls at its site offices in the total number of staff and in areas of expertise, which could make it more difficult for the site offices to oversee safeguards and security effectively and to ensure that the agency fully knows security conditions at its sites. According to officials at 5 of the 7 site offices we visited, they have, or expect to have, an average of 2 to 6 vacancies per site for overseeing contractors' safeguards and security; typically, each site expects to have 10 to 14 security-related positions within the next 2 years. The vacancies occur, in part, because staff are reluctant to move to locations they view as less desirable and because NNSA has frozen hiring in response to budget constraints. Some of these vacancies are for specialists in particular subject areas, such as Industrial Security Systems--a key specialty needed for conducting physical security inspections. The lack of expertise and staff could be further complicated for some sites by NNSA's realignment plan. Under this plan, NNSA expects to streamline federal oversight of contractors and reduce headquarters and field staff by 20 percent by the end of fiscal year 2004. Site officials said that they will fill some vacancies through a virtual organization in which experts at other locations will assist with certain components of the surveillance activities. However, it will take time to work through some of the difficulties associated with making the transition to this approach. We are making recommendations to the Secretary of Energy and the Administrator of the NNSA that are intended to place additional focus on key management and oversight dimensions during NNSA's ongoing reorganization. In commenting on our draft report, NNSA concurred with two of our four recommendations, disagreed with one, and did not indicate agreement or disagreement with the fourth. NNSA concurred with our recommendation to formally establish roles and responsibilities, and it plans to issue a formal document in 2003. NNSA also concurred that corrective action plans must be prepared in accordance with established standards and policy. NNSA disagreed with the conclusion that it was not ensuring the comprehensive annual assessments of contractors' performance that DOE policy requires. NNSA believed that its surveillance activities were also comprehensive; however, NNSA provided no evidence--such as implementation guidance to the sites that are conducting surveillances- -that would ensure that the sites' surveillance activities conform to DOE's policies. Finally, regarding our recommendation that NNSA develop and implement a plan for effectively allocating staff for safeguards and security oversight, NNSA commented that managers have staffing plans and that its virtual organization and additional hiring will address sites' need for certain types of skilled personnel. In our view, while reliance on the virtual approach may be effective in the short term, the continuing vacancies at some sites indicate that NNSA may have difficulty attracting and retaining necessary expertise at specific, understaffed locations over the long term. Background: Since its creation in 1977, DOE has been responsible for developing, producing, and maintaining nuclear weapons; preventing the proliferation of weapons of mass destruction; designing, building, and maintaining naval nuclear propulsion systems; and ensuring the security of the nuclear weapons complex. In 2000, however, the Congress created a separately organized agency within DOE--the NNSA.[Footnote 8] NNSA's Office of Defense Nuclear Security is primarily responsible for developing the agency's security programs, including protecting, controlling, and accounting for material and ensuring physical security for all facilities in the complex. Historically, NNSA has conducted comprehensive annual surveys of contractors' operations for safeguards and security. These surveys, which can draw upon subject matter experts throughout the complex,[Footnote 9] generally take about 2 weeks to conduct and cover 5 "topical" areas and 32 subtopical areas. The topical areas include program management, protection program operations, information security, nuclear materials control and accountability, and personnel security. The survey team assigns ratings of satisfactory, marginal, or unsatisfactory. Currently, NNSA's facilities have been rated satisfactory in most topical areas. All deficiencies (findings) identified during a survey require the contractors to take corrective action, and both findings and corrective actions are to be entered in the Safeguards and Security Information Management System--a DOE-wide, integrated tracking database for findings of surveys and other safeguards and security activities. In addition, NNSA's Office of Facilities and Operations is expected to provide policy guidance for safeguards and security. This office is also expected to be responsible for the Nuclear Safeguards and Security Program, which oversees the implementation of safeguards and security in NNSA facilities. The office is expected to integrate and defend the budget for safeguards and security to ensure that program components can achieve mission objectives. Through various contract mechanisms, NNSA provides financial incentives, such as award fees, for contractor performance. NNSA assesses this performance based on the extent contractors meet a set of measures, which are generally established in annual performance plans--so-called performance measures. DOE's Office of Independent Oversight and Performance Assurance supports NNSA in safeguards and security assessments and conducts independent oversight activities in line with DOE and NNSA policies and priorities. Among other things, the office is responsible for evaluating the effectiveness of contractors' performance in safeguards and security. To carry out this function, this office periodically assesses both federal and contractor operations at a site and identifies findings, issues, and opportunities for improvement. It also performs follow-up reviews to ensure corrective actions are effective and that weaknesses in safeguards and security are appropriately addressed. NNSA's Lack of Safeguards and Security Direction in Key Areas Results in Inconsistent Management of Contractors: NNSA has not been fully effective in managing its safeguards and security program in four key areas, and therefore, it cannot be assured that its contractors are working to maximum advantage to protect its sites. First, NNSA has not fully defined safeguards and security roles and responsibilities. Second, without an effective management structure, site offices are uncertain about how to conduct their safeguards and security responsibilities. This uncertainty has resulted in inconsistencies in how site offices comply with DOE orders in assessing contractors. Third, even when assessments are done, NNSA contractors do not consistently conduct required DOE analyses in preparing corrective action plans. Finally, NNSA's shortfalls at its site offices in the total number of staff and expertise could make it more difficult for the site offices to oversee safeguards and security effectively. NNSA Has Not Clearly Defined Roles and Responsibilities, Resulting in Confusion at Sites: Since its creation in March 2000, NNSA's management structure has been in a state of flux, and NNSA expects it will take at least to September 2004 to implement a new management structure. However, NNSA needs a stable structure to establish clear roles and responsibilities for its headquarters and site offices, including safeguards and security oversight. In May 2001, NNSA's Administrator proposed a management structure for his organization,[Footnote 10] but in December 2001, we reported that a clearly delineated overall management structure still did not exist.[Footnote 11] In February 2002, NNSA reported in more detail to Congress on its outline for a new management structure[Footnote 12] to improve NNSA's effectiveness and efficiency. NNSA expected to implement the new structure later in the year. Since then, NNSA headquarters and field officials have been defining safeguards and security roles and responsibilities. In December 2002, NNSA fundamentally changed the management structure for safeguards and security. It abolished operations offices, which had been responsible for conducting the annual, comprehensive surveys as well as other safeguards and security activities. It divided these operations offices' responsibilities among the site offices and a service center, formerly the Albuquerque operations office; headquarters will oversee the performance of the site offices. The restructuring brings day-to- day federal oversight of laboratories and plants closer to the site offices. However, these changes do not complete the management structure. NNSA plans to further streamline its oversight of contractors by reducing site activities. Among other things, NNSA plans to focus more on ensuring that contractors' management systems are valid. Furthermore, NNSA plans to review its policies and practices and decide which site office oversight activities can be reduced or eliminated in order for the site offices to work more efficiently. It has not yet identified which specific activities will be modified. At the time of our review, headquarters could not provide details on how it intends to monitor the NNSA site offices' performance with respect to safeguards and security or address deficiencies. In creating this new management structure, NNSA has not yet developed a Functions, Responsibilities, and Authorities Manual (FRAM), an organizational tool used by managers at federal agencies, including DOE, for defining roles and responsibilities. This manual is to address the functions, responsibilities, and authorities of all elements within NNSA. NNSA headquarters security officials agree that this guidance is crucial and stated that they are currently developing the components of a FRAM, which should be finalized in 2003. NNSA told us that completing the FRAM takes significant time because of the highly detailed planning necessary for determining staff functions at the various sites. According to NNSA site office officials, as they wait for formal guidance from headquarters on conducting security oversight, each office is carrying out oversight activities as it deems appropriate. In addition, these officials told us that they have not received formal notification about the change in their safeguards and security oversight responsibilities, such as responsibilities for the survey program. Officials at several site offices expressed frustration with this lack of direction. NNSA's Security Assessment Processes Differ among Sites and Are Inconsistent with DOE Requirements: NNSA site offices are not consistent in how they assess contractor safeguards and security activities, and they may not be conducting these assessments in accordance with DOE policy. The lack of consistency and the failure to implement DOE policy occurs in part because the site offices have had to assume new oversight responsibilities without, among other things, clear guidance from headquarters on how to carry out these responsibilities. As a result, three offices of the seven NNSA site offices we visited continue to use the traditional survey approach to oversee security activities (Oak Ridge, Savannah River, and NNSA's Office of Transportation Safeguards), while the remaining four have adopted or are adopting a surveillance model---Amarillo, Kirtland, Livermore, and Los Alamos. The distinction between these two activities is important: A survey provides a comprehensive annual review, by a team of experts, of contractor safeguards and security and generally takes about 2 weeks; formerly, the operations offices generally conducted surveys, assisted by experts from throughout the complex, as necessary. In contrast, surveillance relies on a single or small number of NNSA site officials overseeing one or more aspects of a contractor's safeguards and security activities throughout the year, and the documentation from a surveillance or a group of surveillance activities may be used as part of the survey. By relying on surveillance, NNSA may have less assurance that it fully knows the condition of security at its sites and therefore potentially cannot act to correct deficiencies undisclosed by this limited review. Surveillance allows subject matter experts at the sites to evaluate areas of contractor safeguards and security performance more often than the traditional survey process and therefore potentially identify deficiencies faster. However, according to DOE officials, reliance on surveillance is not consistent with DOE orders calling for a comprehensive survey of a contractor's safeguards and security performance. This survey provides a unified assessment of all security- related topical areas.[Footnote 13] Officials from DOE's Office of Security--which developed the policy for conducting surveys--believe the surveillance model does not comply with DOE order survey requirements because it is not comprehensive. Officials from DOE's Office of Independent Oversight and Performance Assurance expressed concern about the site offices' ability to conduct surveillance because of shortfalls in available expertise. Furthermore, the director of NNSA's Office of Defense Nuclear Security acknowledged that although some NNSA site offices, such as the Los Alamos site office, are using the surveillance model, this site and others lacked the necessary personnel to conduct surveillance. According to officials from DOE's Office of Independent Oversight and Performance Assurance and one site office, surveillance is not compatible with the current Safeguards and Security Information Management System, a DOE information database system used to track findings and associated corrective actions, and therefore could pose problems for sites in entering information. On the other hand, NNSA officials at site offices and headquarters argue that using the surveillance model for oversight will produce an annual end of the year survey report and should have the same end result as an annual survey. However, NNSA could have difficulty ensuring consistent and comprehensive assessments because of the difficulties posed by using the surveillance model without appropriate NNSA-wide implementation guidance, site office staffing shortfalls, and database compatibility problems. NNSA's Corrective Action Practices Are Inconsistent with DOE Requirements: Contractors have not consistently prepared effective, formal root cause analyses in developing corrective action plans for identified deficiencies, as DOE policy requires.[Footnote 14] An effective, formal, root cause analysis can enhance the development of corrective actions, as we observed while reviewing some plans. However, less than half of the 43 corrective action plans we reviewed, dated between 1999 and 2002, showed that the contractor had performed the required root cause analysis. Furthermore, in a few cases corrective action plans were based on root cause analyses that were poorly prepared, resulting in confusion and contradictions. For example, NNSA had identified a deficiency at one site of potential entry into a critical facility. The contractor did not fully develop a root cause for this problem but merely rebutted the finding's validity. Nevertheless, the contractor took a corrective action in response to this deficiency--spending about $150,000. However, because the root cause analysis was not fully developed, we could not determine how, or if, the contractor's corrective actions would correct the deficiency. Furthermore, the contractor's staff preparing the analysis did not have formal training in how to conduct root cause analyses. NNSA site officials agreed that the root cause analysis was performed incorrectly and that their oversight review of the analysis had not detected this problem. Despite the problems some contractors have had in preparing root cause analyses, corrective action processes in 2002 at all 7 sites showed that some sites are making progress. For example, in late 2000, the Office of Transportation Safeguards, which is responsible for securely transporting critical NNSA items and material, had begun to correct significant weaknesses in its process for preparing and tracking corrective actions. According to an official responsible for corrective actions at the office, the new process has already resulted in documented improvements to the quality and completeness of its corrective action plans. For example, the new process for root cause analyses identified additional reasons for a recurring NNSA finding on problems in how three federal agent facilities in NNSA's Office of Transportation Safeguards inspected the vehicles used to transport critical materials across the nation. These inspections are crucial in preventing individuals from attaching explosives or other foreign devices to the vehicles in potential attempts at sabotage or theft. The new process enabled NNSA to identify specific actions to ensure consistent interpretation and implementation of vehicle inspection procedures among the three facilities. Because the finding has not been repeated since July 2000, it appears that the additional corrective actions proved effective. Another site, Sandia National Laboratories, has developed a process for root cause analysis that other sites may find useful. Sandia uses a designated root cause analyst to systematically lead teams of subject matter experts at the laboratory through the steps for determining root cause. With this expert in root cause analyses, Sandia helps ensure that these analyses are consistent and effective. Other analyses and assessments that are critical to planning corrective actions are also not consistently prepared at NNSA sites. In particular, less than 25 percent of the corrective action plans we reviewed showed documentation of other analyses required by the DOE order for corrective action, such as risk assessment or cost-benefit analysis. Without this documentation, we found it difficult to determine what process, if any, the sites had used to determine the risk level of the problem or the cost and relative benefit of implementing corrective actions. Consistency problems are likely to continue without effective NNSA guidance for corrective actions. For example, at four sites we visited, the sites either did not require a risk assessment and cost-benefit analyses or stated that they were optional, depending on the site's evaluation of the need for an analysis. However, the remaining three sites we visited required these analyses for all corrective action plans. This inconsistency resulted in part from differing interpretations of the DOE order governing corrective actions. As a result, NNSA cannot be assured that all contractors are considering the costs of corrective actions in conjunction with the risk posed or the potential benefits to be gained. NNSA officials at some sites stated that, without implementation guidance, the intent of the DOE order requiring these analyses can be interpreted differently from site to site, which contributes to the inconsistent practices we observed. Since we provided our draft report to NNSA in April 2003, it has sent a brief guidance letter on corrective action plans to its site offices, clarifying its analysis and documentation requirements. An NNSA headquarters official stated that issuance of additional guidance for implementing DOE security policies is expected in 2003. And finally, NNSA sites do not consistently measure all performance aspects of contractors' preparation of corrective action plans and may reward contractors simply for closing the finding on schedule. According to our review of performance measures concerning corrective actions, four of the six contractor-operated sites we visited had measures that were primarily based on whether the contractor met the schedule for completing corrective actions, not on whether and how well the contractor had performed the analyses.[Footnote 15] The other two sites did not consider any corrective action performance measures in assessing contractor performance--not even the schedule. However, DOE guidance encourages sites to measure qualitative factors, whenever possible, to minimize the need to rely solely on schedule-driven measures.[Footnote 16] Effective qualitative performance measures would essentially reflect how well the contractor completes root cause analyses, risk assessment, and cost-benefit analyses. The lack of qualitative performance measures affects the quality of the correction plan. For example, in fiscal year 1999, DOE's Office of Independent Oversight and Performance Assurance criticized a site that had schedule-driven performance measures for poorly prepared corrective action plans. Out of the 50 plans reviewed for that site, 27 had inadequate root cause determinations, and 15 had corrective actions that were unlikely to fix the deficiency cited. The performance measures in place for this contractor in fiscal year 1999--and then again in fiscal years 2000 and 2001--did not reflect qualitative aspects of these analyses; instead, they were primarily focused on schedule-driven outcomes. Some contract provisions permit the contractor to forfeit some of the award fee based on other generic performance factors, such as "management failure." However, these generic provisions may not be fully effective in motivating contractors in all aspects of their corrective action performance because these provisions are not explicitly focused on corrective action and are therefore not highly visible. Difficulties in Allocating Staff Could Hinder Effective Safeguards and Security Oversight: NNSA's site offices have shortfalls in the total number of staff and in the expertise for effectively overseeing contractors, including covering all topical areas in the annual surveys. At five of the seven sites we visited, NNSA officials told us that they currently have, or will have, two to six vacancies in safeguards and security positions once NNSA fully implements its new management structure; each site believes that it needs from 10 to 14 security-related positions in order to carry out its oversight activities under NNSA's new organization. In particular, some of the site offices are experiencing difficulty in filling positions because some staff consider the site locations less desirable than others and because NNSA has instituted a hiring freeze. Some of these vacancies are for specialists in particular subject areas, such as industrial security systems--a key specialty needed for conducting physical security inspections. Officials in the Office of Independent Oversight and Performance Assurance concurred that NNSA's reorganization and the shifting of responsibilities to the site offices has the potential to weaken security oversight. To offset the lack of some subject matter experts at sites, NNSA field officials indicated that they frequently rely on subject matter experts from headquarters or other site offices to cover site offices that do not have expertise locally. With only a limited number of subject matter experts in the complex, the sites have to coordinate oversight carefully. Coordination is particularly complicated at those sites that have switched to a surveillance model since they may have to rely on particular subject expertise that is only available during certain times. NNSA's new management structure further complicates the problems in staff allocation. NNSA expects to reduce headquarters and field staff by 20 percent by the end of fiscal year 2004. In this restructuring, NNSA plans to share staff expertise, creating a "virtual" organization to cover the needs of site offices and other areas within the complex until a final move of personnel can be made. Headquarters officials told us that it may take 1 to 2 years to move the appropriate safeguards and security persons to the areas where they are needed. Until then, they expect the virtual organization to meet the complex's needs. The virtual organization will include subject matter experts whose knowledge will be needed throughout the nuclear weapons complex and not just at their current sites. Some of these experts will work from the service center or be detailed to site offices as needed. With competing demands for the experts, it is unclear how they will successfully provide assistance to site offices in their surveillance processes. The assistance may be unavailable when needed since components of surveillance are ongoing and may span an entire year. Conclusions: Without effectively managing its safeguards and security program, NNSA cannot be assured that its contractors are working to maximum advantage to protect its nuclear weapons sites. These sites may have critical materials that could be prime terrorist targets. Several factors contribute to this lack of assurance. NNSA continues to change its management structure, making it difficult to define roles and responsibilities clearly. Without a functional management structure, some site offices and contractors may not be carrying out their security responsibilities, as DOE orders require. In particular, NNSA has not fully assured itself that the four sites that rely on surveillance activities, rather than on the DOE-required surveys, are overseeing contractors' security activities in the integrated, comprehensive fashion that are called for in the annual surveys. Moreover, when NNSA site offices allow and reward contractors for closing findings without ensuring that the contractors have correctly identified the root cause, assessed risk, and conducted a cost-benefit analysis, NNSA cannot be assured that the security problem identified was adequately addressed. Finally, to provide effective oversight, NNSA needs to develop an approach, beyond its "virtual" organization, that ensures its limited security resources are able to provide oversight, over the long term, where and when it is needed. Recommendations for Executive Action: In order to strengthen the safeguards and security program of the nuclear weapons complex, we recommend that the NNSA Administrator and Secretary of Energy: * formalize the roles and responsibilities of site offices and headquarters for conducting oversight; * ensure that sites are performing oversight using a survey approach that provides an integrated comprehensive view of security conditions and is consistent with DOE orders; * ensure that contractors' corrective action plans are prepared and documented consistently and are based on qualitative root-cause, risk- assessment, and cost-benefit analyses, and that appropriate incentives are used to help motivate contractors toward effectively addressing findings; and: * develop and implement a plan to ensure that NNSA allocates safeguards and security staff so that it provides effective safeguards and security oversight over the long term. Agency Comments and Our Evaluation: We provided the DOE's NNSA with a draft of this report for review and comment. Overall, NNSA concurred with two of our four recommendations, disagreed with one, and did not indicate agreement or disagreement with the fourth. In the area of concurrence, NNSA concurred with our recommendation to formally establish roles and responsibilities, and it plans to do so in 2003. NNSA also concurred that corrective action plans must be prepared in accordance with established standards and policy and based on documented root cause analysis, risk assessments, and cost-benefit analysis. Since we provided our draft report to NNSA, it has sent its site offices a guidance letter on corrective action plans that clarifies its analysis and documentation requirements. NNSA now allows required elements to be omitted from corrective action plans, but only if the contractors document the rationale for the exclusion as a formal part of their plan. We believe this guidance letter is a positive step in clarifying some implementation aspects of the DOE requirements, and we encourage continued management attention to this area. NNSA did not comment on the portion of this recommendation concerning the use of appropriate incentives to motivate contractors to address findings effectively. NNSA disagreed with the conclusion that led to our recommendation to conduct oversight using a survey approach, which provides an integrated, comprehensive view of security conditions and is consistent with DOE orders. Specifically, NNSA disagreed with our conclusion that it was not ensuring the comprehensive annual assessments of contractors' performance that DOE policy requires. As we reported, four of the seven site offices no longer conduct comprehensive, integrated surveys to assess security but instead rely on surveillance activities. NNSA believed that these surveillance activities were also comprehensive; however, NNSA provided no evidence--such as implementation guidance to the sites that are conducting surveillances- -that would ensure that the sites' surveillance activities conform to DOE's policies. Without such guidance, NNSA cannot be fully assured that surveillance activities, as presently conducted, provide the comprehensive assessment DOE requires in its surveys. Our recommendation therefore is intended to focus NNSA management attention on ensuring that site offices conduct security assessments that are integrated, comprehensive, and on par with the survey approach previously used and currently described in DOE orders. Furthermore, NNSA asserted, incorrectly, that we found its security posture to be at risk. Assessing NNSA's security posture was not the objective of this report. Rather, our objective was to assess the way NNSA manages its overall security program. We have clarified the report, where appropriate. Finally, regarding our recommendation that NNSA develop and implement a plan to ensure that it effectively allocates staff to provide safeguards and security oversight, NNSA commented that managers have staffing plans and that its virtual organization and additional hiring will address sites' need for certain types of skilled personnel. Reliance on the virtual approach may be effective in the short term. However, the continuing vacancies at some sites indicate that NNSA may have difficulty attracting and retaining necessary expertise at specific, understaffed locations over the long term. NNSA's comments do not indicate that it fully understands the need to address this longer- term problem. We have modified our recommendation to target this specific long-term concern. We modified our report, where appropriate, to reflect NNSA's comments and to clarify some of our conclusions. NNSA's comments on our draft report are presented in appendix I. As arranged with your office, unless you publicly announce its contents earlier, we plan no further distribution of this report until 30 days after the date of this letter. At that time, we will send copies of the report to the Secretary of Energy, the Administrator of NNSA, the Director of the Office of Management and Budget, and appropriate congressional committees. We will make copies available to others on request. In addition, the report will also be available at no charge on the GAO Web site at http://www.gao.gov. If you or your staff have any questions about this report, please call me at (202) 512-3841. Major contributors to this report are listed in appendix II. Sincerely yours, Robin M. Nazzaro Director, Natural Resources and Environment: Signed by Robin M. Nazzaro: [End of section] Appendix I: Comments from the National Nuclear Security Administration: Department of Energy: National Nuclear Security Administration Washington, DC 20585: APR 25 2003: Ms. Robin Nazzaro Director: Natural Resources and Environment U.S. General Accounting Office Washington, D.C. 20548: Dear Ms. Nazzaro: The National Nuclear Security Administration (NNSA) appreciated the opportunity to have reviewed draft report GAO-03-471, "Nuclear Security: NNSA Needs to Better Manage Its Safeguards and Security Program." While many of the recommendations can help to improve areas of security program management, we categorically disagree with the GAO's conclusion and implications in sections throughout the draft report that NNSA cannot be assured that it is protecting its nuclear weapons' sites. The report addresses the structure to manage security and the methodology to carry out security review processes. It does not include any information or basis on which to make a judgment or inference regarding the effectiveness of the NNSA security programs and infrastructure. Numerous internal and independent external reviews, including rigorous force-on-force and in-depth analysis and evaluation of protection system effectiveness across all of the NNSA sites have verified that the security posture is and remains strong and effective. We urge you to edit the document, including its proposed title, to appropriately reflect this. A central focus of NNSA, since its establishment, has been to improve management of its programs. During the period of time that the draft GAO report was being developed, NNSA has made significant progress not only in the structure of the safeguards and security organization, but throughout the entire organization. Our lines of authority have been strengthened to provide accountability at all levels of the NNSA. Our business practices reflect the new management philosophy to achieve effective efficiencies that include implementing "best practices" or changing long-standing, less efficient processes. An example of this philosophical change is GAO's discussion of security surveillance versus security surveys. The NNSA management model is designed to streamline oversight, increase governmental efficiency, and provide greater management flexibility to contractors, while maintaining accountability. The surveillance methodology is only one of a number of assessment mechanisms that can be used to help assure timely understanding of security system performance as well as procedural compliance. The GAO's recommendation on formally establishing roles and responsibilities under the new NNSA management structure is appropriate. A draft functions, responsibilities and authorities document reflecting the recently announced NNSA reengineering, has been put together and will be finalized with the NNSA field activities this year. However, it is very important that GAO also acknowledge that there is a sixty-year base of safeguards and security program policies, orders, implementation and organizational roles and responsibilities. This was not suspended on the stand-up of the NNSA or in the recently announced reengineering in late December 2002. It is this very base of safeguards and security programs and operations on which NNSA now, through its reengineering efforts, is working to further improve the effectiveness and efficiency of its safeguards and security and all other program activities. NNSA disagrees with the conclusions in the GAO report regarding the appropriate manner in which site security activities are assessed and the comprehensiveness of those assessments as it applies to Security Surveys versus Security Surveillances. We do no fully agree with the comment that "...NNSA sites that rely on surveillance activities, rather than the DOE required surveys, are not overseeing contractors' security activities in the integrated comprehensive fashion that the annual surveys call for." Surveillances are only a part of the planned oversight and evaluation activities. A vital element of a surveillance program is the scoping of the topical and sub-topical elements to ensure that a comprehensive review of the critical program elements will be accomplished during the surveillance cycle. Areas not addressed in the current surveillance cycle are automatically included in the next cycle. When completed, a comprehensive report incorporating all surveillance activities of the safeguards and security program, including findings and observations, is forwarded to Headquarters. Regarding the adequate staffing of comprehensive surveillances, effective use of matrix support between NNSA site offices and support service contractors has afforded the use of well-qualified subject matter experts for the conduct of surveillance activities. NNSA agrees with the GAO that corrective action plans must be prepared, implemented, and evaluated through resolution. We also agree that the causal effect must be established and addressed. This can be achieved by root-cause analysis or risk assessment with the accompanying cost- benefit analysis when appropriate. A guidance letter on this issue has been sent to NNSA activities by the Chief, Defense Nuclear Security, this week. With a continual contractor performance evaluation system supplemented by Federal oversight, NNSA will achieve a level of confidence that corrective action plans are appropriately developed and closed in a timely, and cost-effective manner. Please be assured that the focus of the NNSA is on effective safeguards and security performance. Oversight is a tool that is used to identify opportunities for improvement Additionally, NNSA Headquarters, through Policy Letters or other means, will provide the NNSA specific guidance for all programmatic and business functions. An example of this process is evidenced by the draft Policy Letter, "NNSA Line Oversight and Contractor's Assurance System.": The size of the Federal staff within NNSA is being reduced. As part of the re-engineering effort, each Site Manager, the Service Center Manager, and the Deputy/Associate Administrators have prepared staffing plans for their specific areas of responsibility. Safeguards and security is an important part of this NNSA effort. Where critical vacancies exist; hiring, support from the service center, other site offices and/or headquarters are all available options to assure each NNSA site has the appropriate skills mix to effectively execute their safeguards and security program assessment responsibilities. Finally, while the draft report references comments from the Department of Energy's Office of Independent Oversight and Performance Assurance regarding the potential to weaken security oversight if staffing and expertise at site offices are not addressed; they have also stated that NNSA's reorganization steps, to date, have helped to clarify roles and responsibilities for security oversight and that future plans have the potential to further strengthen security oversight. We would welcome the opportunity to meet with the GAO staff that prepared the draft report in order to expand on the above comments and link them to the specific areas of the draft report. Sincerely, Anthony R. Lane Associate Administrator for Management and Administration: Signed by Anthony R. Lane: [End of section] Appendix II: GAO Contact and Staff Acknowledgments: GAO Contact: James Noel (202) 512-3591: Acknowledgments: In addition to the individual named above, Christopher R. Abraham, Jill Berman, Jonathan M. Gill, Andrea R. Miller, Christopher M. Pacheco, and Carol Herrnstadt Shulman made key contributions to this report. FOOTNOTES [1] U.S. General Accounting Office, Nuclear Security: Lessons to Be Learned from Implementing NNSA's Security Enhancements, GAO-02-358 (Washington, D.C.: March 29, 2002). [2] Commission on Science and Security, Center for Strategic and International Studies, Science and Security in the 21st Century: A Report to the Secretary of Energy on the Department of Energy Laboratories (Washington, D.C.: Apr. 2002). [3] Physical security is the combination of operational and security equipment, personnel, and procedures used to protect facilities, information, documents, or material against theft, sabotage, diversion, or other criminal acts. [4] A surveillance is generally conducted by a single or small number of subject matter experts, and the documentation from a surveillance or group of surveillance activities may be used as part of the survey. [5] We did not include naval reactors in our review because it is a semiautonomous entity within NNSA with a unique security structure and program. [6] Although the Savannah River Site is still an Environmental Management designated site, according to site officials, it will likely become an NNSA site once the accelerated cleanup is complete. Because of its present role as a key DOE nuclear weapons production site, we included it in our review of site offices. [7] One of the seven sites--Transportation Safeguards----is operated by NNSA, not a contractor. [8] National Defense Authorization Act for Fiscal Year 2000, Pub. L. No. 106-65, tit. 32 (also known as the National Nuclear Security Administration Act). [9] The core skill sets needed to address the safeguards and security elements at a facility include program management and planning; protective force operations; classified matter protection and control; physical security; technical security and security systems; nuclear material control and accountability; and safeguards and security program infrastructure. [10] National Nuclear Security Administration, Report to Congress on the Plan for Organizing the National Nuclear Security Administration (Washington, D.C.: May 3, 2001). [11] U.S. General Accounting Office, NNSA Management: Progress in the Implementation of Title 32, GAO-02-93R (Washington, D.C.: Dec. 12, 2001). [12] National Nuclear Security Administration, Report to Congress on the Organization and Operations of the National Nuclear Security Administration (Washington, D.C.: Feb. 25, 2002). [13] The frequency of survey schedules can be modified if the site being surveyed meets certain criteria. [14] DOE Order 470.1 Safeguards and Security Program; Sept. 28, 1995. [15] One site, the Office of Transportation Safeguards is federally operated and therefore performance award fees are not applicable. [16] U.S. Department of Energy, Guidelines for Performance Measurement, DOE G 120.1-5 (Washington, D.C.: June 30, 1996). GAO's Mission: The General Accounting Office, the investigative arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO's commitment to good government is reflected in its core values of accountability, integrity, and reliability. Obtaining Copies of GAO Reports and Testimony: The fastest and easiest way to obtain copies of GAO documents at no cost is through the Internet. GAO's Web site ( www.gao.gov ) contains abstracts and full-text files of current reports and testimony and an expanding archive of older products. The Web site features a search engine to help you locate documents using key words and phrases. You can print these documents in their entirety, including charts and other graphics. Each day, GAO issues a list of newly released reports, testimony, and correspondence. GAO posts this list, known as "Today's Reports," on its Web site daily. The list contains links to the full-text document files. To have GAO e-mail this list to you every afternoon, go to www.gao.gov and select "Subscribe to e-mail alerts" under the "Order GAO Products" heading. Order by Mail or Phone: The first copy of each printed report is free. Additional copies are $2 each. A check or money order should be made out to the Superintendent of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or more copies mailed to a single address are discounted 25 percent. Orders should be sent to: U.S. General Accounting Office 441 G Street NW, Room LM Washington, D.C. 20548: To order by Phone: Voice: (202) 512-6000: TDD: (202) 512-2537: Fax: (202) 512-6061: To Report Fraud, Waste, and Abuse in Federal Programs: Contact: Web site: www.gao.gov/fraudnet/fraudnet.htm E-mail: fraudnet@gao.gov Automated answering system: (800) 424-5454 or (202) 512-7470: Public Affairs: Jeff Nelligan, managing director, NelliganJ@gao.gov (202) 512-4800 U.S. General Accounting Office, 441 G Street NW, Room 7149 Washington, D.C. 20548: