Nuclear Security: Improvements Needed in DOE's Safeguards and Security Oversight

RCED-00-62 February 24, 2000
Full Report (PDF, 32 pages)     Recommendations (HTML)

Summary

The Department of Energy (DOE), which is in charge of the nation's nuclear weapons program, owns several facilities that carry out classified weapons research and related activities. This report evaluates DOE's safeguards and security oversight at the Los Alamos National Laboratory and the Lawrence Livermore National Laboratory. GAO discusses (1) the monitoring and tracking of findings resulting from DOE's oversight activities; (2) the correction, validation, and closing of findings resulting from such activities; and (3) the consistency of various DOE assessments of the laboratories' safeguards and security programs.

GAO noted that: (1) DOE's Office of Security and Emergency Operations maintains a centralized management information system to track and monitor safeguards and security findings and the related corrective actions; (2) this system would be of more value if it contained information on all security findings; (3) the findings developed from 1995-1998 by DOE's Office of Independent Oversight and Performance Assurance (IOPA) are not included in the system nor are the findings and recommendations developed by GAO and other outside organizations; (4) the system is not directly accessible by safeguards and security staff at DOE's area offices and the laboratories; (5) each laboratory has developed its own information systems, which contain data on all the findings that relate to it; (6) as a result, information about problems at one location is not available to safeguards and security staff at other locations; (7) DOE requires that the laboratories conduct a risk assessment, a root cause analysis, and a cost-benefit analysis as part of their process to correct safeguards and security problems found by DOE's oversight activities; (8) these analyses help to ensure that problems with safeguards and security are corrected in an economic and efficient manner; (9) these assessments and analyses have not always been conducted; (10) in the past, IOPA has generally not worked with the laboratories to develop corrective plans for its safeguards and security findings; (11) IOPA is not required to validate the corrective action, verify that the problem was corrected, and certify that its findings were closed and has not been formally involved in these activities; (12) there was no assurance that the problem was understood, adequately corrected, and closed; (13) during the past year, IOPA has worked with the laboratories to develop corrective action plans and has conducted follow-up reviews of its findings that are being corrected, validated, verified, or closed by the operations offices; (14) IOPA still does not become involved in validating and verifying corrective actions and certifying that findings are closed; (15) from 1994-1999, the laboratories' safeguards and security performance has received many inconsistent ratings from oversight and other DOE organizations; (16) this inconsistency can send a mixed or erroneous message to safeguards and security policy makers and managers; (17) this inconsistency results partially from various organizations' use of different criteria and the timing of the rating; and (18) DOE has changed the rating criteria for the safeguards and security contract performance rating for 2000, which could decrease rating inconsistency in future years.



Recommendations

Our recommendations from this work are listed below with a Contact for more information. Status will change from "In process" to "Implemented" or "Not implemented" based on our follow up work.

Director:
Team:
Phone:
No director on record
No team on record
No phone on record


Recommendations for Executive Action


Recommendation: To improve the oversight of safeguards and security activities at DOE's laboratories, the Secretary of Energy should require that DOE's safeguards and security information system contain IOPA's and operations offices' safeguards and security findings. To the extent practical, the key findings of other organizations, such as DOE's Inspector General, should be included.

Agency Affected: Department of Energy

Status: Implemented

Comments: A March 2000 change to DOE Order 470.2A, "Security and Emergency Management Independent Oversight and Performance Assurance Program," now requires that IOPA findings and associated corrective actions be tracked in the Safeguards and Security Information Management System.

Recommendation: To improve the oversight of safeguards and security activities at DOE's laboratories, the Secretary of Energy should provide for access to the system by DOE's area-office and laboratory safeguards and security staff with a legitimate need. Such access should be in accordance with DOE's security restrictions.

Agency Affected: Department of Energy

Status: Implemented

Comments: DOE agrees with the spirit of this recommendation, but states that implementing it creates a number of practical and security-related concerns. The Office of Security Affairs is currently training DOE area office personnel who will be provided access to the system. Prior to providing contractors access to the system, the Office of Security Affairs is conducting an evaluation to compare the cost of reconfiguring the system to control need-to-know versus the benefits of this change.

Recommendation: To improve the oversight of safeguards and security activities at DOE's laboratories, the Secretary of Energy should require IOPA to verify and validate correction of its findings and continue its involvement in developing corrective actions for findings resulting from its inspections. The Secretary should also make these responsibilities binding by incorporating them into the DOE directives system.

Agency Affected: Department of Energy

Status: Implemented

Comments: DOE Order 470.2A, entitled "Security and Emergency Management Independent Oversight and Performance Assurance Program" was revised as of March 1, 2000, to formalize DOE's corrective action plan process, including establishing a role for the Independent Oversight Office in verifying and validating corrective actions.

Recommendation: To improve the oversight of safeguards and security activities at DOE's laboratories, the Secretary of Energy should ensure, to the extent possible, that rating criteria used by the various safeguards and security oversight organizations are more consistent and accurately reflect the effectiveness of safeguards and security at all DOE's nuclear facilities.

Agency Affected: Department of Energy

Status: Implemented

Comments: In the report, GAO noted that some action was already underway to correct the problem. Contract performance criteria, on some contracts, is now more closely linked to rating and the results of IOPA inspections and operations office surveys. The Office of Security Affairs has also taken steps to ensure that ratings included in the Annual Report to the President are derived from the results of IOPA inspections and operations office surveys. However, it not clear when or if all contracts will contain performance criteria that can be linked to security ratings.