GAO-04-773T, Nuclear Security: DOE Must Address Significant Issues to Meet the Requirements of the New Design Basis Threat


This is the accessible text file for GAO report number GAO-04-773T 
entitled 'Nuclear Security: DOE Must Address Significant Issues to Meet 
the Requirements of the New Design Basis Threat' which was released on 
May 11, 2004.

This text file was formatted by the U.S. General Accounting Office 
(GAO) to be accessible to users with visual impairments, as part of a 
longer term project to improve GAO products' accessibility. Every 
attempt has been made to maintain the structural and data integrity of 
the original printed product. Accessibility features, such as text 
descriptions of tables, consecutively numbered footnotes placed at the 
end of the file, and the text of agency comment letters, are provided 
but may not exactly duplicate the presentation or format of the printed 
version. The portable document format (PDF) file is an exact electronic 
replica of the printed version. We welcome your feedback. Please E-mail 
your comments regarding the contents or accessibility features of this 
document to Webmaster@gao.gov.

This is a work of the U.S. government and is not subject to copyright 
protection in the United States. It may be reproduced and distributed 
in its entirety without further permission from GAO. Because this work 
may contain copyrighted images or other material, permission from the 
copyright holder may be necessary if you wish to reproduce this 
material separately.

Testimony:

Before the Subcommittee on Oversight and Investigations, Committee on 
Energy and Commerce, House of Representatives:

United States General Accounting Office:

GAO:

For Release on Delivery Expected at 2:00 p.m. EDT:

Tuesday, May 11, 2004:

Nuclear Security:

DOE Must Address Significant Issues to Meet the Requirements of the New 
Design Basis Threat:

Statement of Robin M. Nazzaro, 
Director, Natural Resources and Environment Team:

GAO-04-773T:

GAO Highlights:

Highlights of GAO-04-773T, a testimony to the Subcommittee on Oversight 
and Investigations, Committee on Energy and Commerce, House of 
Representatives 

Why GAO Did This Study:

A successful terrorist attack on Department of Energy (DOE) sites 
containing nuclear weapons or the material used in nuclear weapons 
could have devastating consequences for the site and its surrounding 
communities. Because of these risks, DOE needs an effective safeguards 
and security program. A key component of an effective program is the 
design basis threat (DBT), a classified document that identifies, among 
other things, the potential size and capabilities of terrorist forces. 
The terrorist attacks of September 11, 2001, rendered the then-current 
DBT obsolete, resulting in DOE issuing a new version in May 2003.

GAO (1) identified why DOE took almost 2 years to develop a new DBT, 
(2) analyzed the higher threat in the new DBT, and (3) identified 
remaining issues that need to be resolved in order for DOE to meet the 
threat contained in the new DBT.

What GAO Found:

DOE took a series of actions in response to the terrorist attacks of 
September 11, 2001. While each of these has been important, in and of 
themselves, they are not sufficient to ensure that all of DOE’s sites 
are adequately prepared to defend themselves against the higher 
terrorist threat present in the post September 11, 2001 world. 
Specifically, GAO found:

* DOE took almost 2 years to develop a new DBT because of (1) delays in 
developing an intelligence community assessment—known as the Postulated 
Threat—of the terrorist threat to nuclear weapon facilities, (2) DOE’s 
lengthy comment and review process for developing policy, and (3) sharp 
debates within DOE and other government organizations over the size and 
capabilities of future terrorist threats and the availability of 
resources to meet these threats.

* While the May 2003 DBT identifies a larger terrorist threat than did 
the previous DBT, the threat identified in the new DBT, in most cases, 
is less than the threat identified in the intelligence community’s 
Postulated Threat, on which the DBT has been traditionally based. The 
new DBT identifies new possible terrorist acts such as radiological, 
chemical, or biological sabotage. However, the criteria that DOE has 
selected for determining when facilities may need to be protected 
against these forms of sabotage may not be sufficient. For example, for 
chemical sabotage, the 2003 DBT requires sites to protect to “industry 
standards;” however, such standards currently do not exist. In response 
to these concerns, DOE has recently agreed to reexamine some of the key 
aspects and assumptions of the May 2003 DBT.

* DOE has been slow to resolve a number of significant issues, such as 
issuing additional DBT implementation guidance, developing DBT 
implementation plans, and developing budgets to support these plans, 
that may affect the ability of its sites to fully meet the threat 
contained in the new DBT in a timely fashion. Consequently, DOE’s 
deadline to meet the requirements of the new DBT by the end of fiscal 
year 2006 is probably not realistic for some sites.

www.gao.gov/cgi-bin/getrpt?GAO-04-773T.

To view the full product, including the scope and methodology, click on 
the link above. For more information, contact Robin M. Nazzaro at (202) 
512-3841 or nazzaror@gao.gov.

[End of section]

Mr. Chairman and Members of the Subcommittee:

I am pleased to be here today to discuss our work on physical security 
at the Department of Energy (DOE) and the National Nuclear Security 
Administration (NNSA)--a separately organized agency within DOE.

DOE has long recognized that a successful terrorist attack on a site 
containing nuclear weapons or the material used in nuclear 
weapons--called special nuclear material--could have devastating 
consequences for the site and its surrounding communities. Because 
terrorist attacks against sites that contain special nuclear material 
could have such devastating consequences, DOE's effective management of 
the safeguards and security program, which includes developing 
safeguards and security policies, is essential to preventing an 
unacceptable, adverse impact on national security. For[Footnote 1] many 
years, DOE has employed risk-based security practices. To manage 
potential risks, DOE has developed a design basis threat (DBT), a 
classified document that identifies the potential size and capabilities 
of terrorist forces. DOE's DBT is based on an intelligence community 
assessment known as the Postulated Threat. DOE requires the contractors 
operating its sites to provide sufficient protective forces and 
equipment to defend against the threat contained in the DBT. The DBT in 
effect on September 11, 2001, had been DOE policy since June 1999. DOE 
replaced the 1999 DBT in May 2003 to better reflect the current and 
projected terrorist threats that resulted from the September 11, 2001, 
attacks.

Following the September 11, 2001, terrorist attacks, we reviewed 
physical security at DOE sites that have facilities with Category I 
special nuclear material. Category I special nuclear material includes 
specified quantities of plutonium and highly enriched uranium in forms 
of assembled nuclear weapons and test devices, major nuclear 
components, and other high-grade materials such as solutions and 
oxides. Specifically, we examined, among other things, (1) the reasons 
DOE needed almost 2 years to develop a new DBT; (2) the higher threat 
contained in the new DBT; and (3) the remaining issues that need to be 
resolved in order for DOE to fully defend against the threat contained 
in the new DBT.[Footnote 2]

To carry out our objectives, we reviewed draft DBTs, the final May 2003 
DBT, and DOE policy and planning documents, including orders, 
implementation guidance, and reports. We met with officials from DOE 
and NNSA headquarters and field offices. We obtained information 
primarily from DOE's Office of Security, Office of Independent 
Oversight and Performance Assurance, and Office of Environmental 
Management; NNSA's Office of Defense Nuclear Security; and NNSA's 
Nuclear Safeguards and Security Program. We visited all three of NNSA's 
three design laboratories and its two production plants that possess 
Category I special nuclear material, as well as NNSA's Office of Secure 
Transportation. We also visited the four EM sites that, at the time, 
contained Category I special nuclear materials. At each site we met 
with both federal and contractor officials and reviewed pertinent 
supporting documentation. We also discussed postulated terrorist 
threats to nuclear weapon facilities with two Department of Defense 
(DOD) organizations: the Office of the Assistant Secretary of Defense 
for Command, Control, Communications, and Intelligence; and the Defense 
Intelligence Agency. We also reviewed The Postulated Threat to U.S. 
Nuclear Weapon Facilities and Other Selected Strategic Facilities, 
henceforth referred to as the Postulated Threat, which is the 
intelligence community's January 2003 official assessment of potential 
terrorist threats to nuclear weapon facilities.

We performed our work from December 2001 through May 2004 in accordance 
with generally accepted government auditing standards.

In summary, we found that while DOE has taken some important actions in 
its response to the terrorist attacks of September 11, 2001, DOE 
struggled to develop its new DBT. The DBT that DOE ultimately 
developed, however, is substantially more demanding than the previous 
one. Because the new DBT is more demanding and because DOE wants to 
implement new protective strategies within 2 years, DOE must press 
forward with additional actions to ensure that it is fully prepared to 
provide a timely and cost effective defense of its most sensitive 
facilities. Specifically, we found the following:

* Development of the new DBT took almost 2 years because of (1) delays 
in developing an intelligence community assessment--known as the 
Postulated Threat--of the terrorist threat to nuclear weapon 
facilities, (2) DOE's lengthy comment and review process for developing 
policy, and (3) sharp debates within DOE and other government 
organizations over the size and capabilities of future terrorist 
threats and the availability of resources to meet these threats.

* While the May 2003 DBT identifies a larger terrorist threat than did 
the previous DBT, the threat identified in the new DBT, in most cases, 
is less than the threat identified in the intelligence community's 
Postulated Threat, on which the DBT has been traditionally based. The 
new DBT identifies new possible terrorist acts such as radiological, 
chemical, or biological sabotage. However, the criteria that DOE has 
selected for determining when facilities may need to be protected 
against these forms of sabotage may not be sufficient. For example, for 
chemical sabotage, the 2003 DBT requires sites to protect to "industry 
standards;" however, such standards currently do not exist.

* DOE has been slow to resolve a number of significant issues, such as 
issuing additional DBT implementation guidance, developing DBT 
implementation plans, and developing budgets to support these plans, 
that may affect the ability of its sites to fully meet the threat 
contained in the new DBT in a timely fashion. Consequently, DOE's 
deadline to meet the requirements of the new DBT by the end of fiscal 
year 2006 is probably not realistic for some sites.

In our recent report, Nuclear Security: DOE Needs to Resolve 
Significant Issues Before It Fully Meets the New Design Basis Threat 
(GAO-04-623), we made seven recommendations to the Secretary of Energy 
that are intended to strengthen DOE's ability to meet the requirements 
of the new DBT, improve the department's ability to deal with future 
terrorist threats, and better inform Congress on departmental progress 
in meeting the threat contained in the new DBT and reducing risks to 
critical facilities at DOE sites. DOE said that the department would 
consider these recommendations as part of its Departmental Management 
Challenges for 2004. DOE has identified the DBT as a major departmental 
initiative within the National Security Management Challenge. Recently, 
in response to our recommendations, DOE agreed to reexamine some of the 
key aspects and assumptions of the May 2003 DBT.

Background:

Category I special nuclear materials are present at the three design 
laboratories--the Los Alamos National Laboratory in Los Alamos, New 
Mexico; the Lawrence Livermore National Laboratory in Livermore, 
California; and the Sandia National Laboratory in Albuquerque, New 
Mexico--and two production sites--the Pantex Plant in Amarillo, Texas, 
and the Y-12 Plant in Oak Ridge, Tennessee, operated by NNSA. Special 
nuclear material is also present at former production sites, including 
the Savannah River Site in Savannah River, South Carolina, and the 
Hanford Site in Richland, Washington. These former sites are now being 
cleaned up by DOE's Office of Environmental Management (EM). 
Furthermore, [Footnote 3]NNSA's Office of Secure Transportation 
transports these materials among the sites and between the sites and 
DOD bases. Contractors operate each site for DOE. NNSA[Footnote 4] and 
EM have field offices collocated with each site. In fiscal year 2004, 
NNSA and EM expect to spend nearly $900 million on physical security at 
their sites. Physical[Footnote 5] security combines security equipment, 
personnel, and procedures to protect facilities, information, 
documents, or material against theft, sabotage, diversion, or other 
criminal acts.

In addition to NNSA and EM, DOE has other important security 
organizations. DOE's Office of Security develops and promulgates orders 
and policies, such as the DBT, to guide the department's safeguards and 
security programs. DOE's Office of Independent Oversight and 
Performance Assurance supports the department by, among other things, 
independently evaluating the effectiveness of contractors' performance 
in safeguards and security. It also performs follow-up reviews to 
ensure that contractors have taken effective corrective actions and 
appropriately addressed weaknesses in safeguards and security. Under a 
recent reorganization, these two offices were incorporated into the new 
Office of Security and Safety Performance Assurance. Each office, 
however, retains its individual missions, functions, structure, and 
relationship to the other.

The risks associated with Category I special nuclear materials vary but 
include the nuclear detonation of a weapon or test device at or near 
design yield, the creation of improvised nuclear devices capable of 
producing a nuclear yield, theft for use in an illegal nuclear weapon, 
and the potential for sabotage in the form of radioactive dispersal. 
Because of these risks, DOE has long employed risk-based security 
practices.

The key component of DOE's well-established, risk-based security 
practices is the DBT, a classified document that identifies the 
characteristics of the potential threats to DOE assets. The DBT has 
been traditionally based on a classified, multiagency intelligence 
community assessment of potential terrorist threats, known as the 
Postulated Threat. The DBT considers a variety of threats in addition 
to the terrorist threat. Other adversaries considered in the DBT 
include criminals, psychotics, disgruntled employees, violent 
activists, and spies. The DBT also considers the threat posed by 
insiders, those individuals who have authorized, unescorted access to 
any part of DOE facilities and programs. Insiders may operate alone or 
may assist an adversary group. Insiders are routinely considered to 
provide assistance to the terrorist groups found in the DBT. The threat 
from terrorist groups is generally the most demanding threat contained 
in the DBT.

DOE counters the terrorist threat specified in the DBT with a 
multifaceted protective system. While specific measures vary from site 
to site, all protective systems at DOE's most sensitive sites employ a 
defense-in-depth concept that includes sensors, physical barriers, 
hardened facilities and vaults, and heavily armed paramilitary 
protective forces equipped with such items as automatic weapons, night 
vision equipment, body armor, and chemical protective gear.

Depending on the material, protective systems at DOE Category I special 
nuclear material sites are designed to accomplish the following 
objectives in response to the terrorist threat:

* Denial of access. For some potential terrorist objectives, such as 
the creation of an improvised nuclear device, DOE may employ a 
protection strategy that requires the engagement and neutralization of 
adversaries before they can acquire hands-on access to the assets.

* Denial of task. For nuclear weapons or nuclear test devices that 
terrorists might seek to steal, DOE requires the prevention and/or 
neutralization of the adversaries before they can complete a specific 
task, such as stealing such devices.

* Containment with recapture. Where the theft of nuclear material 
(instead of a nuclear weapon) is the likely terrorist objective, DOE 
requires that adversaries not be allowed to escape the facility and 
that DOE protective forces recapture the material as soon as possible. 
This objective requires the use of specially trained and well-equipped 
special response teams.

The effectiveness of the protective system is formally and regularly 
examined through vulnerability assessments. A vulnerability assessment 
is a systematic evaluation process in which qualitative and 
quantitative techniques are applied to detect vulnerabilities and 
arrive at effective protection of specific assets, such as special 
nuclear material. To conduct such assessments, DOE uses, among other 
things, subject matter experts, such as U.S. Special Forces; computer 
modeling to simulate attacks; and force-on-force performance testing, 
in which the site's protective forces undergo simulated attacks by a 
group of mock terrorists.

The results of these assessments are documented at each site in a 
classified document known as the Site Safeguards and Security Plan. In 
addition to identifying known vulnerabilities, risks, and protection 
strategies for the site, the Site Safeguards and Security Plan formally 
acknowledges how much risk the contractor and DOE are willing to 
accept. Specifically, for more than a decade, DOE has employed a risk 
management approach that seeks to direct resources to its most critical 
assets--in this case Category I special nuclear material--and mitigate 
the risks to these assets to an acceptable level. Levels of risk--high, 
medium, and low--are assigned classified numerical values and are 
derived from a mathematical equation that compares a terrorist group's 
capabilities with the overall effectiveness of the crucial elements of 
the site's protective forces and systems.

Historically, DOE has striven to keep its most critical assets at a low 
risk level and may insist on immediate compensatory measures should a 
significant vulnerability develop that increases risk above the low 
risk level. Compensatory measures could include such things as 
deploying additional protective forces or curtailing operations until 
the asset can be better protected. In response to a September 2000 DOE 
Inspector General's report recommending that DOE establish a policy on 
what actions are required once high or moderate risk is identified, in 
September 2003, DOE's Office of Security issued a policy clarification 
stating that identified high risks at facilities must be formally 
reported to the Secretary of Energy or Deputy Secretary within 24 
hours. In addition, under this policy clarification, identified high 
and moderate risks require corrective actions and regular reporting.

Through a variety of complementary measures, DOE ensures that its 
safeguards and security policies are being complied with and are 
performing as intended. Contractors perform regular self-assessments 
and are encouraged to uncover any problems themselves. DOE Orders also 
require field offices to comprehensively survey contractors' operations 
for safeguards and security every year. DOE's Office of Independent 
Oversight and Performance Assurance provides yet another check through 
its comprehensive inspection program. All deficiencies identified 
during surveys and inspections require the contractors to take 
corrective action.

Development of the New DBT Took Almost 2 Years Because of Delays in 
Developing the Postulated Threat and DOE's Lengthy Review and Comment 
Process:

In the immediate aftermath of September 11, 2001, DOE officials 
realized that the then current DBT, issued in April 1999 and based on a 
1998 intelligence community assessment, was obsolete. The September 11, 
2001, terrorist attacks suggested larger groups of terrorists, larger 
vehicle bombs, and broader terrorist aspirations to cause mass 
casualties and panic than were envisioned in the 1999 DOE DBT. However, 
formally recognizing these new threats by updating the DBT was 
difficult and took 21 months because of delays in issuing the 
Postulated Threat, debates over the size of the future threat and the 
cost to meet it, and the DOE policy process.

As mentioned previously, DOE's new DBT is based on a study known as the 
Postulated Threat, which was developed by the U.S. intelligence 
community. The intelligence community originally planned to complete 
the Postulated Threat by April 2002; however, the document was not 
completed and officially released until January 2003, about 9 months 
behind the original schedule. According to DOE and DOD officials, this 
delay resulted from other demands placed on the intelligence community 
after September 11, 2001, as well as from sharp debates among the 
organizations developing the Postulated Threat over the size and 
capabilities of future terrorist threats and the resources needed to 
meet these threats.

While waiting for the new Postulated Threat, DOE developed several 
drafts of its new DBT. During this process, debates, similar to those 
that occurred during the development of the Postulated Threat, emerged 
in DOE. Like the participants responsible for developing the Postulated 
Threat, during the development of the DBT, DOE officials debated the 
size of the future terrorist threat and the costs to meet it. DOE 
officials at all levels told us that concern over resources played a 
large role in developing the 2003 DBT, with some officials calling the 
DBT the “funding basis threat,” or the maximum threat the department 
could afford. This tension between threat size and resources is not a 
new development. According to a DOE analysis of the development of 
prior DBTs, political and budgetary pressures and the apparent desire 
to reduce the requirements for the size of protective forces appear to 
have played a significant role in determining the terrorist group 
numbers contained in prior DBTs.

Finally, DOE developed the DBT using DOE's policy process, which 
emphasizes developing consensus through a review and comment process by 
program offices, such as EM and NNSA. However, many DOE and contractor 
officials found that the policy process for developing the new DBT was 
laborious and not timely, especially given the more dangerous threat 
environment that has existed since September 11, 2001. As a result, 
during the time it took DOE to develop the new DBT, its sites were only 
required to defend against the terrorist group defined in the 1999 DBT, 
which, in the aftermath of September 11, 2001, DOE officials realized 
was obsolete.

The May 2003 DBT Identifies a Larger Terrorist Threat, but in Most 
Cases is Less Than the Terrorist Threat Identified by the Postulated 
Threat:

While the May 2003 DBT identifies a larger terrorist group than did the 
previous DBT, the threat identified in the new DBT, in most cases, is 
less than the terrorist threat identified in the intelligence 
community's Postulated Threat. The Postulated Threat estimated that the 
force attacking a nuclear weapons site would probably be a relatively 
small group of terrorists, although it was possible that an adversary 
might use a greater number of terrorists if that was the only way to 
attain an important strategic goal. In contrast to the Postulated 
Threat, DOE is preparing to defend against a significantly smaller 
group of terrorists attacking many of its facilities. Specifically, 
only for its sites and operations that handle nuclear weapons is DOE 
currently preparing to defend against an attacking force that 
approximates the lower range of the threat identified in the Postulated 
Threat. For its other Category I special nuclear material sites, all of 
which fall under the Postulated Threat's definition of a nuclear 
weapons site, DOE is requiring preparations to defend against a 
terrorist force significantly smaller than was identified in the 
Postulated Threat. DOE calls this a graded threat approach.

Some of these other sites, however, may have improvised nuclear device 
concerns that, if successfully exploited by terrorists, could result in 
a nuclear detonation. Nevertheless, under the graded threat approach, 
DOE requires these sites only to be prepared to defend against a 
smaller force of terrorists than was identified by the Postulated 
Threat. Officials in DOE's Office of Independent Oversight and 
Performance Assurance disagreed with this approach and noted that sites 
with improvised nuclear device concerns should be held to the same 
requirements as facilities that possess nuclear weapons and test 
devices since the potential worst-case consequence at both types of 
facilities would be the same--a nuclear detonation. Other DOE officials 
and an official in DOD's Office of the Assistant Secretary of Defense 
for Command, Control, Communications, and Intelligence disagreed with 
the overall graded threat approach, believing that the threat should 
not be embedded in the DBT by adjusting the number of terrorists that 
might attack a particular target.

DOE Office of Security officials cited three reasons for why the 
department departed from the Postulated Threat's assessment of the 
potential size of terrorist forces. First, these officials stated that 
they believed that the Postulated Threat only applied to sites that 
handled completed nuclear weapons and test devices. However, both the 
2003 Postulated Threat, as well as the preceding 1998 Postulated 
Threat, state that the threat applies to nuclear weapons and special 
nuclear material without making any distinction between them. Second, 
DOE Office of Security officials believed that the higher threat levels 
contained in the 2003 Postulated Threat represented the worst potential 
worldwide terrorist case over a 10-year period. These officials noted 
that while some U.S. assets, such as military bases, are located in 
parts of the world where terrorist groups receive some support from 
local governments and societies thereby allowing for an expanded range 
of capabilities, DOE facilities are located within the United States, 
where terrorists would have a more difficult time operating. 
Furthermore, DOE Office of Security officials stated that the DBT 
focuses on a nearer-term threat of 5 years. As such, DOE Office of 
Security officials said that they chose to focus on what their subject 
matter experts believed was the maximum, credible, near-term threat to 
their facilities. However, while the 1998 Postulated Threat made a 
distinction between the size of terrorist threats abroad and those 
within the United States, the 2003 Postulated Threat, reflecting the 
potential implications of the September 2001 terrorist attacks, did not 
make this distinction. Finally, DOE Office of Security officials stated 
that the Postulated Threat document represented a reference guide 
instead of a policy document that had to be rigidly followed. The 
Postulated Threat does acknowledge that it should not be used as the 
sole consideration to dictate specific security requirements and that 
decisions regarding security risks should be made and managed by 
decision makers in policy offices. However, DOE has traditionally based 
its DBT on the Postulated Threat. For example, the prior DBT, issued in 
1999, adopted exactly the same terrorist threat size as was identified 
by the 1998 Postulated Threat.

Finally, the department's criteria for determining the severity of 
radiological, chemical, and biological sabotage may be insufficient. 
For example, the criterion used for protection against radiological 
sabotage is based on acute radiation dosages received by individuals. 
However, this criterion may not fully capture or characterize the 
damage that a major radiological dispersal at a DOE site might cause. 
For example, according to a March 2002 DOE response to a January 23, 
2002, letter from Representative Edward J. Markey, a worst-case 
analysis at one DOE site showed that while a radiological dispersal 
would not pose immediate, acute health problems for the general public, 
the public could experience measurable increases in cancer mortality 
over a period of decades after such an event. Moreover, releases at the 
site could also have environmental consequences requiring hundreds of 
millions to billions of dollars to clean up. Contamination could also 
affect habitability for tens of miles from the site, possibly affecting 
hundreds of thousands of residents for many years. Likewise, the same 
response showed that a similar event at a NNSA site could result in a 
dispersal of plutonium that could contaminate several hundred square 
miles and ultimately cause thousands of cancer deaths. For chemical 
sabotage standards, the 2003 DBT requires sites to protect to industry 
standards. However, we reported March 2003 year that such standards 
currently do not exist.[Footnote 6] Specifically, we found that no 
federal laws explicitly require chemical facilities to assess 
vulnerabilities or take security actions to safeguard their facilities 
against a terrorist attack. Finally, the protection criteria for 
biological sabotage are based on laboratory safety standards developed 
by the U.S. Centers for Disease Control and not physical security 
standards.

In response to our concerns, DOE recently agreed to reexamine some of 
the key aspects and assumptions of the May 2003 DBT. DOE expects to 
complete this review by June 30, 2004.

DOE Has Been Slow to Resolve a Number of Significant Issues That May 
Affect the Ability of its Sites to Fully Meet the Threat Contained in 
the New DBT:

While DOE issued the final DBT in May 2003, it has only recently 
resolved a number of significant issues that may affect the ability of 
its sites to fully meet the threat contained in the new DBT in a timely 
fashion and is still addressing other issues. Fully resolving all of 
these issues may take several years, and the total cost of meeting the 
new threats is currently unknown. Because some sites will be unable to 
effectively counter the higher threat contained in the new DBT for up 
to several years, these sites should be considered to be at higher risk 
under the new DBT than they were under the old DBT.

In order to undertake the necessary range of vulnerability assessments 
to accurately evaluate their level of risk under the new DBT and 
implement necessary protective measures, DOE recognized that it had to 
complete a number of key activities. DOE only recently completed three 
of these key activities. First, in February 2004, DOE issued its 
revised Adversary Capabilities List, which is a classified companion 
document to the DBT, that lists the potential weaponry, tactics, and 
capabilities of the terrorist group described in the DBT. This document 
has been amended to include, among other things, heavier weaponry and 
other capabilities that are potentially available to terrorists who 
might attack DOE facilities. DOE is continuing to review relevant 
intelligence information for possible incorporation into future 
revisions of the Adversary Capabilities List.

Second, DOE also only recently provided additional DBT implementation 
guidance. In a July 2003 report, DOE's Office of Independent Oversight 
and Performance Assurance noted that DOE sites had found initial DBT 
implementation guidance confusing. For example, when the Deputy 
Secretary of Energy issued the new DBT in May 2003, the cover memo said 
the new DBT was effective immediately but that much of the DBT would be 
implemented in fiscal years 2005 and 2006. According to a 2003 report 
by the Office of Independent Oversight and Performance Assurance, many 
DOE sites interpreted this implementation period to mean that they 
should, through fiscal year 2006, only be measured against the 
previous, less demanding 1999 DBT.

In response to this confusion, the Deputy Secretary issued further 
guidance in September 2003 that called for the following, among other 
things:

* DOE's Office of Security to issue more specific guidance by October 
22, 2003, regarding DBT implementation expectations, schedules, and 
requirements. DOE issued this guidance January 30, 2004.

* Quarterly reports showing sites' incremental progress in meeting the 
new DBT for ongoing activities. The first series of quarterly progress 
reports may be issued in July 2004.

* Immediate compliance with the new DBT for new and reactivated 
operations.

A third important DBT-related issue was just completed in early April 
2004. A special team created in the 2003 DBT, composed of weapons 
designers and security specialists, finalized its report on each site's 
improvised nuclear device vulnerabilities. The results of this report 
were briefed to senior DOE officials in March 2004 and the Deputy 
Secretary of Energy issued guidance, based on this report, to DOE sites 
in early April 2004. As a result, some sites may be required under the 
2003 DBT to shift to enhanced protection strategies, which could be 
very costly. This special team's report may most affect EM sites 
because their improvised nuclear device potential had not previously 
been explored.

Fourth, as mentioned earlier, DOE recently agreed to reexamine some of 
the key aspects and assumptions of the new DBT. DOE expects to complete 
this review by June 30, 2004. If DOE's reexamination results in a 
revised DBT that contains increases in terrorist threat levels or 
changed assumptions regarding the threats it faces, DOE sites could 
need additional security funding.

Finally, DOE's Office of Security has not completed all of the 
activities associated with the new vulnerability assessment methodology 
it has been developing for over a year. DOE's Office of Security 
believes this methodology, which uses a new mathematical equation for 
determining levels of risk, will result in a more sensitive and 
accurate portrayal of each site's defenses-in-depth and the 
effectiveness of sites' protective systems (i.e., physical security 
systems and protective forces) when compared with the new DBT. DOE's 
Office of Security decided to develop this new equation because its old 
mathematical equation had been challenged on technical grounds and did 
not give sites credit for the full range of their defenses-in-depth. 
While DOE's Office of Security completed this equation in December 
2002, officials from this office believe it will probably not be 
completely implemented at the sites for at least another year for two 
reasons. First, site personnel who implement this methodology will 
require additional training to ensure they are employing it properly. 
DOE's Office of Security conducted initial training in December 2003, 
as well as a prototype course in February 2004, and has developed a 
nine-course vulnerability assessment certification program. Second, 
sites will have to collect additional data to support the broader 
evaluation of their protective systems against the new DBT. Collecting 
these data will require additional computer modeling and force-on-force 
performance testing.

Because of the slow resolution of some of these issues, DOE has not 
developed any official long-range cost estimates or developed any 
integrated, long-range implementation plans for the May 2003 DBT. 
Specifically, neither the fiscal year 2003 nor 2004 budgets contained 
any provisions for DBT implementation costs. However, during this 
period, DOE did receive additional safeguards and security funding 
through budget reprogramming and supplemental appropriations. DOE is 
using most of these additional funds to cover the higher operational 
costs associated with the increased security condition (SECON) 
measures. DOE has gathered initial DBT implementation budget data and 
has requested additional DBT implementation funding in the fiscal year 
2005 budget: $90 million for NNSA, $18 million for the Secure 
Transportation Asset within the Office of Secure Transportation, and 
$26 million for EM. However, DOE officials believe the budget data 
collected so far has been of generally poor quality because most sites 
have not yet completed the necessary vulnerability assessments to 
determine their resource requirements. Consequently, the fiscal year 
2006 budget may be the first budget to begin to accurately reflect the 
safeguards and security costs of meeting the requirements of the new 
DBT.

Reflecting these various delays and uncertainties, in September 2003, 
the Deputy Secretary changed the deadline for DOE program offices, such 
as EM and NNSA, to submit DBT implementation plans from the original 
target of October 2003 to the end of January 2004. NNSA and EM approved 
these plans in February 2004. DOE's Office of Security has reviewed 
these plans and is planning to provide implementation assistance to 
sites that request it. DOE officials have described these plans as 
being ambitious in terms of the amount of work that has to be done 
within a relatively short time frame and dependent on continued 
increases in safeguards and security funding, primarily for additional 
protective force personnel. However, some plans may be based on 
assumptions that are no longer valid. Revising these plans could 
require additional resources, as well as add time to the DBT 
implementation process.

A DOE Office of Budget official told us that current DBT implementation 
cost estimates do not include items such as closing unneeded 
facilities, transporting and consolidating materials, completing line 
item construction projects, and other important activities that are 
outside of the responsibility of the safeguards and security program. 
For example, EM's Security Director told us that for EM to fully comply 
with the DBT requirements in fiscal year 2006 at one of its sites, it 
will have to:

* close and de-inventory two facilities,

* consolidate excess materials into remaining special nuclear materials 
facilities, and:

* move consolidated Category I special nuclear material, which NNSA's 
Office of Secure Transportation will transport, to another site.

Likewise, the EM Security Director told us that to meet the DBT 
requirements at another site, EM will have to accelerate the closure of 
one facility and transfer special nuclear material to another facility 
on the site. The costs to close these facilities and to move materials 
within a site are borne by the EM program budget and not by the EM 
safeguards and security budget. Similarly, the costs to transport the 
material between sites are borne by NNSA's Office of Secure 
Transportation budget and not by EM's safeguards and security budget. A 
DOE Office of Budget official told us that a comprehensive, department-
wide approach to budgeting for DBT implementation that includes such 
important program activities as described above is needed; however, 
such an approach does not currently exist.

The department plans to complete DBT implementation by the end of 
fiscal year 2006. However, most sites estimate that it will take 2 to 5 
years, if they receive adequate funding, to fully meet the requirements 
of the new DBT. During this time, sites will have to conduct 
vulnerability assessments, undertake performance testing, and develop 
Site Safeguards and Security Plans. Consequently, full DBT 
implementation could occur anywhere from fiscal year 2005 to fiscal 
year 2008. Some sites may be able to move more quickly and meet the 
department's deadline of the end of fiscal year 2006.

Because some sites will be unable to effectively counter the threat 
contained in the new DBT for a period of up to several years, these 
sites should be considered to be at higher risk under the new DBT than 
they were under the old DBT. For example, the Office of Independent 
Oversight and Performance Assurance has concluded in recent inspections 
that at least two DOE sites face fundamental and not easily resolved 
security problems that will make meeting the requirements of the new 
DBT difficult. For other DOE sites, their level of risk under the new 
DBT remains largely unknown until they can conduct the necessary 
vulnerability assessments.

In closing, while DOE struggled to develop its new DBT, the DBT that 
DOE ultimately developed is substantially more demanding than the 
previous one. Because the new DBT is more demanding and because DOE 
wants to implement it by end of fiscal year 2006--a period of about 29 
months--DOE must press forward with a series of additional actions to 
ensure that it is fully prepared to provide a timely and cost effective 
defense of its most sensitive facilities.

First, because the September 11, 2001, terrorist attacks suggested 
larger groups of terrorists with broader aspirations for causing mass 
casualties and panic, we believe that the DBT development process that 
was used requires reexamination. While DOE may point to delays in the 
development of the Postulated Threat as the primary reason for the 
almost 2 years it took to develop a new DBT, DOE was also working on 
the DBT itself for most of that time. We believe the difficulty 
associated with developing a consensus using DOE's traditional policy-
making process was a key factor in the time it took to develop a new 
DBT. During this extended period, DOE's sites were only being defended 
against what was widely recognized as an obsolete terrorist threat 
level.

Second, we are concerned about two aspects of the resulting DBT. We are 
not persuaded that there is sufficient difference, in its ability to 
achieve the objective of causing mass casualties or creating public 
panic, between the detonation of an improvised nuclear device and the 
detonation of a nuclear weapon or test device at or near design yield 
that warrants setting the threat level at a lower number of terrorists. 
Furthermore, while we applaud DOE for adding additional requirements to 
the DBT such as protection strategies to guard against radiological, 
chemical, and biological sabotage, we believe that DOE needs to 
reevaluate its criteria for terrorist acts of sabotage, especially in 
the chemical area, to make it more defensible from a physical security 
perspective. We are encouraged that the Department has agreed to 
reexamine the May 2003 DBT.

Finally, because some sites will be unable to effectively counter the 
threat contained in the new DBT for a period of up to several years, 
these sites should be considered to be at higher risk under the new DBT 
than they were under the old DBT. As a result, DOE needs to take a 
series of actions to mitigate these risks to an acceptable level as 
quickly as possible. To accomplish this, it is important for DOE to go 
about the hard business of a comprehensive department-wide approach to 
implementing needed changes in its protective strategy. Because the 
consequences of a successful terrorist attack on a DOE site could be so 
devastating, we believe it is important for DOE to better inform 
Congress about what sites are at high risk and what progress is being 
made to reduce these risks to acceptable levels.

Mr. Chairman, this concludes our prepared statement. We would be happy 
to respond to any questions that you or Members of the Subcommittee may 
have.

GAO Contact and Staff Acknowledgments:

For further information on this testimony, please contact Robin M. 
Nazzaro at (202) 512-3841. James Noel and Jonathan Gill also made key 
contributions to this testimony.

FOOTNOTES

[1] See U.S. General Accounting Office, Nuclear Security: NNSA Needs to 
Better Manage Its Safeguards and Security Program, GAO-03-471 
(Washington, D.C.: May 30, 2003).

[2] We testified on these issues before the Subcommittee on National 
Security, Emerging Threats, and International Relations, House 
Committee on Government Reform, on June 24, 2003. See U.S. General 
Accounting Office, Nuclear Security: DOE's Response to the September 
11, 2001 Terrorist Attacks, GAO-03-898TC (Washington, D.C.: June 24, 
2003).

[3] At the time of our review, the Rocky Flats Environmental Technology 
Site in Rocky Flats, Colorado, was in the process of shipping its 
remaining Category I special nuclear material primarily to the Savannah 
River Site. This has now been completed. In addition, responsibility 
for the Idaho National Engineering and Environmental Laboratory, in 
Idaho Falls, Idaho, which is also a Category I special nuclear material 
site, was transferred from DOE's EM to DOE's Office of Nuclear Energy 
in May 2003. 

[4] Federal employees instead of contractors operate the assets of the 
Office of Secure Transportation.

[5] Other DOE program offices, such as the Office of Science and Office 
of Nuclear Energy operate sites that contain Category I special nuclear 
material. In fiscal year 2004, these program offices expect to spend 
$118 million on security.

[6] See U.S. General Accounting Office, Homeland Security: Voluntary 
Initiatives Are Under Way at Chemical Facilities, but the Extent of 
Security Preparedness is Unknown, GAO-03-439 (Washington, D.C.: Mar. 
14, 2003).