This is the accessible text file for GAO report number GAO-04-623 entitled 'Nuclear Security: DOE Needs to Resolve Significant Issues Before It Fully Meets the New Design Basis Threat' which was released on April 27, 2004. This text file was formatted by the U.S. General Accounting Office (GAO) to be accessible to users with visual impairments, as part of a longer term project to improve GAO products' accessibility. Every attempt has been made to maintain the structural and data integrity of the original printed product. Accessibility features, such as text descriptions of tables, consecutively numbered footnotes placed at the end of the file, and the text of agency comment letters, are provided but may not exactly duplicate the presentation or format of the printed version. The portable document format (PDF) file is an exact electronic replica of the printed version. We welcome your feedback. Please E-mail your comments regarding the contents or accessibility features of this document to Webmaster@gao.gov. This is a work of the U.S. government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from GAO. Because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. Report to the Chairman, Subcommittee on National Security, Emerging Threats, and International Relations, Committee on Government Reform, House of Representatives: United States General Accounting Office: GAO: April 2004: Nuclear Security: DOE Needs to Resolve Significant Issues Before It Fully Meets the New Design Basis Threat: GAO-04-623: GAO Highlights: Highlights of GAO-04-623, a report to the Chairman, Subcommittee on National Security, Emerging Threats, and International Relations, House Committee on Government Reform Why GAO Did This Study: A successful terrorist attack on Department of Energy (DOE) sites containing nuclear weapons or the material used in nuclear weapons could have devastating consequences for the site and its surrounding communities. Because of these risks, DOE needs an effective safeguards and security program. A key component of an effective program is the design basis threat (DBT), a classified document that identifies the potential size and capabilities of terrorist forces. The terrorist attacks of September 11, 2001, rendered the then-current DBT obsolete. GAO examined DOE’s response to the September 11, 2001, terrorist attacks, identified why DOE took almost 2 years to develop a new DBT, analyzed the higher threat in the new DBT, and identified the remaining issues that need to be resolved in order for DOE to meet the threat contained in the new DBT. What GAO Found: DOE took a series of actions in response to the terrorist attacks of September 11, 2001. While each of these has been important, DOE must press forward with additional actions to ensure that it is fully prepared to provide a timely and cost effective defense. * DOE took immediate steps to improve physical security in the aftermath of the September 11, 2001, terrorist attacks. DOE’s most visible effort involved moving to higher levels of security readiness, known as security condition (SECON) levels. While this effort has increased the visible deterrence at DOE sites, it has been expensive and has resulted in fatigue, retention problems, and less training for most sites’ protective forces. In addition, the effectiveness of these increased SECON levels generally have not been assessed using the vulnerability assessment tools, such as computer modeling and full- scale force-on-force exercises, that DOE routinely uses to develop protective force strategies for its sites. * Development of the new DBT took almost 2 years because of (1) delays in developing an intelligence community assessment—known as the Postulated Threat—of the terrorist threat to nuclear weapon facilities and (2) DOE’s lengthy comment and review process for developing policy. In addition, during the DBT development process, there were sharp debates within DOE and other government organizations over the size and capabilities of future terrorist threats and the availability of resources to meet these threats that contributed to the delay. * While the May 2003 DBT identifies a larger terrorist threat than did the previous DBT, the threat identified in the new DBT in most cases is less than the threat identified in the intelligence community’s Postulated Threat, on which the DBT has been traditionally based. The new DBT identifies new possible terrorist acts such as radiological, chemical, or biological sabotage. However, the criteria that DOE has selected for determining when facilities may need to be protected against these forms of sabotage may not be sufficient. DOE has been slow to resolve a number of significant issues, such as issuing additional DBT implementation guidance, developing DBT implementation plans, and developing budgets to support these plans, that may affect the ability of its sites to fully meet the threat contained in the new DBT in a timely fashion. Consequently, DOE’s deadline to meet the requirements of the new DBT by the end of fiscal year 2006 is probably not realistic for some sites. What GAO Recommends: GAO is making a series of recommendations to the Secretary of Energy to strengthen DOE’s ability to meet the requirements of the new DBT and to strengthen the department’s ability to deal with future terrorist threats. DOE did not comment on the specific recommendations, but said that it would consider them as part of its Departmental Management Challenges for 2004. www.gao.gov/cgi-bin/getrpt?GAO-04-623. To view the full product, including the scope and methodology, click on the link above. For more information, contact Robin M. Nazzaro at (202) 512-3841 or nazzaror@gao.gov. [End of section] Contents: Letter: Results in Brief: Background: DOE Took Immediate Steps to Improve Security in the Aftermath of September 11, 2001, but the Effectiveness of These Steps Is Uncertain: Development of the New DBT Took Almost 2 Years Because of Delays in Developing the Postulated Threat and DOE's Lengthy Review and Comment Process: The May 2003 DBT Identifies a Larger Terrorist Threat, but in Most Cases is Less Than the Terrorist Threat Identified by an Important Intelligence Community Assessment: DOE Has Been Slow to Resolve a Number of Significant Issues That May Affect the Ability of its Sites to Fully Meet the Threat Contained in the New DBT: Conclusions: Recommendations for Executive Action: Agency Comments and Our Evaluation: Appendix I: Comments from the Department of Energy: Appendix II: GAO Contact and Staff Acknowledgments: GAO Contact: Staff Acknowledgments: Abbreviations: DBT: design basis threat: DOD: Department of Defense: DOE: Department of Energy: EM: Office of Environmental Management: NNSA: National Nuclear Security Administration: SECON: security condition: United States General Accounting Office: Washington, DC 20548: April 27, 2004: The Honorable Christopher Shays: Chairman, Subcommittee on National Security, Emerging Threats, and International Relations: Committee on Government Reform: House of Representatives: Dear Mr. Chairman: The Department of Energy (DOE) has long recognized that a successful terrorist attack on a site containing nuclear weapons or the material used in nuclear weapons-called special nuclear material-could have devastating consequences for the site and its surrounding communities. Weapons or special nuclear material are present at the three design laboratories-the Los Alamos National Laboratory in Los Alamos, New Mexico; the Lawrence Livermore National Laboratory in Livermore, California; and the Sandia National Laboratory in Albuquerque, New Mexico-and two production sites-the Pantex Plant in Amarillo, Texas, and the Y-12 Plant in Oak Ridge, Tennessee, operated by the National Nuclear Security Administration (NNSA)-a separately organized agency within DOE. Special[Footnote 1] nuclear material is also present at former production sites, including the Savannah River Site in Savannah River, South Carolina, and the Hanford Site in Richland, Washington. These former sites are now being cleaned up by DOE's Office of Environmental Management (EM). Furthermore, [Footnote 2] NNSA's Office of Secure Transportation transports these materials among the sites and between the sites and Department of Defense (DOD) bases. Contractors operate each site for DOE. NNSA[Footnote 3] and EM have field offices collocated with each site. In fiscal year 2004, NNSA and EM expect to spend nearly $900 million on physical security at their sites. Physical security combines security equipment, personnel, and procedures to protect facilities, information, documents, or material against theft, sabotage, diversion, or other criminal acts. All the sites listed above have facilities that contain Category I special nuclear material. Category I material includes specified quantities of plutonium and highly enriched uranium in the following forms: (1) assembled nuclear weapons and test devices; (2) pure products containing higher concentrations of plutonium or highly enriched uranium, such as major nuclear components and recastable metal; and (3) high-grade materials, such as carbides, oxides, solutions, and nitrates. The risks associated with Category I special nuclear materials vary but include the nuclear detonation of a weapon or test device at or near design yield, the creation of improvised nuclear devices capable of producing a nuclear yield, theft for use in an illegal nuclear weapon, and the potential for sabotage in the form of radioactive dispersal. Because Category I special nuclear material poses such risks, DOE's effective management of the safeguards and security program, which includes developing safeguards and security policies and overseeing contractors' activities, is essential to preventing an unacceptable, adverse impact on national security.[Footnote 4] To manage potential risks, DOE has developed a design basis threat (DBT), a classified document that identifies the potential size and capabilities of terrorist forces. DOE's DBT is based on an intelligence community assessment known as the Postulated Threat. The DBT is a key component of DOE's well-established, risk-based security practices. DOE requires the contractors operating its sites to provide sufficient protective forces and equipment to defend against the threat contained in the DBT. The effectiveness of these protective systems is periodically assessed through a process known as a vulnerability assessment. The DBT in effect on September 11, 2001, had been DOE policy since June 1999. DOE replaced the 1999 DBT in May 2003 to better reflect the current and projected terrorist threats that resulted from the September 11, 2001, attacks. Following the September 11, 2001, terrorist attacks, you asked us to review physical security at DOE sites that have facilities with Category I special nuclear material. Specifically, as agreed with your office, we (1) examined DOE's response to the September 11, 2001, attacks; (2) identified the reasons DOE needed almost 2 years to develop a new DBT; (3) analyzed the higher threat contained in the new DBT; and (4) identified the remaining issues that need to be resolved in order for DOE to fully defend against the threat contained in the new DBT.[Footnote 5] To determine how DOE responded to the terrorist attacks of September 11, 2001, we reviewed relevant DOE policy and planning documents, including orders and guides, particularly DOE Order 470.1 and DOE Notice 473.6. In addition, we met with officials from DOE headquarters and site offices, as well as contractors who operate DOE sites. The primary offices we obtained information from were DOE's Office of Security, DOE's Office of Independent Oversight and Performance Assurance, DOE's Office of Environmental Management, NNSA's Office of Defense Nuclear Security, and NNSA's Nuclear Safeguards and Security Program. To review augmented security measures put into place after September 11, 2001, from March 2002 through June 2003, we visited nine DOE sites and one DOE program office that handle Category I special nuclear material. Specifically, we visited the Los Alamos National Laboratory and the NNSA Office of Los Alamos Site Operations in New Mexico, the Sandia National Laboratory and the NNSA Office of Kirtland Site Operations in New Mexico, the Lawrence Livermore National Laboratory and the NNSA Livermore Site Office in California, the Y-12 Plant and the NNSA Y-12 Site Office in Tennessee, the Pantex Plant and the NNSA Office of Amarillo Site Operations in Texas, and the NNSA's Office of Secure Transportation in New Mexico. We also visited the Savannah River Site and EM's Savannah River Operations Office in South Carolina, the Rocky Flats Environmental Technology Site and EM's Rocky Flats Field Office in Colorado, the Hanford Site and EM's Richland Operations Office in Washington, and the Idaho National Engineering and Environmental Laboratory and EM's Idaho Falls Operations Office in Idaho. To determine why DOE needed almost 2 years to develop a new DBT, we reviewed historical documents, the four draft DBTs produced between May 2002 and April 2003, the final May 2003 DBT, and other threat guidance provided to us by DOE's Office of Security. We also reviewed associated field and program office comments on the draft DBTs and threat guidance. We discussed the DBT development process with DOE's Office of Security, DOE's Office of Independent Oversight and Performance Assurance, EM and NNSA headquarters security offices, and federal and contractor personnel at all of the sites and field offices we visited. We also discussed postulated terrorist threats to nuclear weapon facilities with two DOD organizations: the Office of the Assistant Secretary of Defense for Command, Control, Communications, and Intelligence; and the Defense Intelligence Agency. We also reviewed The Postulated Threat to U.S. Nuclear Weapon Facilities and Other Selected Strategic Facilities, henceforth referred to as the Postulated Threat, which is the intelligence community's January 2003 official assessment of potential terrorist threats to nuclear weapon facilities. From May 2002 to May 2003, DOE denied us access to the draft DBTs it was developing; however, in May 2003, we were able to obtain access to the documents and complete our review. To analyze the higher threat level contained in the new DBT, we examined previous DBTs and related documents provided to us by DOE's Office of Security. We traced how key parameters of the new DBT, such as the size of terrorist forces and the treatment of improvised nuclear devices, evolved during the 2002 through 2003 DBT development process and compared these parameters with previous DBTs and the Postulated Threat. We discussed the higher threat level and other key threat aspects contained in the final 2003 DBT, such as the graded threat approach; improvised nuclear device concerns; and radiological, chemical, and biological sabotage criteria; with DOE's Office of Security; DOE's Office of Independent Oversight and Performance Assurance; EM and NNSA headquarters security offices; federal and contractor personnel at all of the sites and field offices we visited; DOD's Office of the Assistant Secretary of Defense for Command, Control, Communications, and Intelligence; and the Defense Intelligence Agency. In order to determine what industry security standards exist to prevent terrorist acts of sabotage at industrial chemical facilities, we reviewed a report we issued in March 2003 on measures used to protect commercial chemical facilities.: [Footnote 6]To identify the remaining issues that DOE must resolve before it can fully meet the threat contained in the new DBT, we met with DOE, EM, and NNSA headquarters security offices, as well as field security officials. We also reviewed relevant documents these offices provided. In particular, we reviewed recent Office of Independent Oversight and Performance Assurance inspection reports that identified some of the challenges associated with meeting the threat contained in the new DBT. DOE did not provide us with preliminary cost estimates for meeting the requirements of the DBT on the grounds that these costs had not yet been officially determined; however, DOE's Budget Office did outline for us potential mechanisms for funding DBT implementation over the next several years. We performed our work from December 2001 through April 2004 in accordance with generally accepted government auditing standards. Results in Brief: DOE took immediate steps to improve physical security in the aftermath of the September 11, 2001, terrorist attacks. DOE's most visible effort involved moving to higher levels of security readiness, known as security condition (SECON) levels. On September 11, 2001, within a matter of hours, DOE sites went from their then-normal SECON level 4-terrorist threat level low-to SECON level 2-terrorist threat level high. Sites were required to increase, among other things, the number of vehicle inspections and badge checks, the distance between public and sensitive areas to protect against large truck bombs, and the number of protective forces on duty, and to more heavily arm these forces. While sites are now at SECON level 3, most of these requirements still exist. Increased SECON levels have been expensive in both their financial cost and their toll on the readiness of the protective forces. Specifically, operating at the increased SECON levels has resulted in between $18,000 to $200,000 in unplanned costs per week at each site-primarily the result of overtime costs for the protective forces. More importantly, according to a June 2003 DOE Inspector General's report, the large amounts of overtime needed to meet these SECON requirements have resulted in fatigue, retention problems, and less training for protective forces. While [Footnote 7] the SECON levels have increased the visible deterrence at DOE sites, the effectiveness of the SECON levels in place at most sites has not been assessed using the vulnerability assessment tools, such as computer modeling and full-scale force-on-force exercises, that DOE uses to develop protective force strategies for its sites. Consequently, DOE cannot assure itself that these enhanced requirements are providing effective increases in security. In its comments on our report, DOE has agreed to explore procedures to incorporate the evaluation of increased SECON levels into its vulnerability assessments. Development of the DBT took almost 2 years because of delays in developing the Postulated Threat and DOE's lengthy review and comment process for developing policy. DOE's new DBT is based on a study known as the Postulated Threat, which was developed by the U.S. intelligence community. The intelligence community originally planned to complete the Postulated Threat by April 2002; however, the document was not completed and officially released until January 2003, about 9 months behind the original schedule. According to DOE and DOD officials, this delay resulted from other demands placed on the intelligence community after September 11, 2001, as well as from sharp debates among the organizations developing the Postulated Threat over the size and capabilities of future terrorist threats and the resources needed to meet these threats. While waiting for the new Postulated Threat, DOE developed several drafts of its new DBT. During this process, debates, similar to those that occurred during the development of the Postulated Threat, emerged in DOE over the size of the future threat and the availability of resources to meet it. DOE developed the DBT using DOE's policy process, which emphasizes developing consensus through a review and comment process by program offices, such as EM and NNSA. However, many DOE and contractor officials found that the policy process for developing the new DBT was laborious and not timely, especially given the more dangerous threat environment that has existed since September 11, 2001. As a result, during the time it took DOE to develop the new DBT, its sites were only required to defend against the terrorist group defined in the 1999 DBT, which in the aftermath of September 11, 2001, DOE officials realized was obsolete. While the May 2003 DBT identifies a larger terrorist group than did the previous DBT, the threat identified in the new DBT, in most cases, is less than the terrorist threat identified in the intelligence community's Postulated Threat. The Postulated Threat estimated that the force attacking a nuclear weapons site would probably be a relatively small group of terrorists, although it was possible that an adversary might use a greater number of terrorists if that was the only way to attain an important strategic goal. In contrast to the Postulated Threat, DOE is preparing to defend against a significantly smaller group of terrorists attacking many of its facilities. Specifically, only for its sites and operations that handle nuclear weapons, is DOE currently preparing to defend against an attacking force that approximates the lower range of the threat identified in the Postulated Threat. For its other Category I special nuclear material sites, all of which fall under the Postulated Threat's definition of a nuclear weapons site, DOE is requiring these sites to be prepared to defend against a terrorist force significantly smaller than was identified in the Postulated Threat. DOE based its departure from the Postulated Threat on the conclusions of its own subject matter experts on what they judged likely to be the most credible, near-term terrorist threats to its facilities. The new DBT also identifies new possible terrorist acts such as radiological, chemical, or biological sabotage. However, the criteria that DOE has selected for determining when facilities may need to be protected against these forms of sabotage may not be sufficient. For example, for chemical sabotage, the 2003 DBT requires sites to protect to “industry standards." However, in March 2003, we reported that such standards currently do not exist. Consequently, without appropriate standards, DOE cannot ensure that its sites and facilities are adequately protected against the full range of consequences that might result from terrorist acts. While DOE issued the final DBT in May 2003, it has been slow to resolve a number of significant issues, such as issuing additional DBT implementation guidance, developing DBT implementation plans, and developing budgets to support these plans, that may affect the ability of DOE sites to fully meet the threat contained in the new DBT. For example, DOE has only recently issued additional DBT implementation guidance-several months behind DOE's original schedule-and developed initial DBT implementation plans. DOE officials currently do not have any official estimates of the overall costs of DBT implementation. In addition, DOE officials believed that budget information provided by sites for inclusion in the fiscal year 2005 budget was of generally poor quality because most sites had not yet completed the necessary vulnerability assessments to determine their resource requirements. Moreover, other important DBT-related issues remain unresolved. For example, the Secretary of Energy has not yet designated, as called for in the new DBT, which, if any, of DOE's sites have improvised nuclear device concerns. If a site is designated to have such a concern, it may be required to shift to a more demanding and costly protection strategy. As a result of these issues, DOE is unlikely to meet its own fiscal year 2006 deadline for full implementation of the requirements of the new DBT. Specifically, some sites estimate that it could take as long as 5 years, given adequate funding, to fully meet the requirements of the new DBT. Because some sites will be unable to effectively counter the threat contained in the new DBT for a period of up to several years, these sites probably are at higher risk under the new DBT than they were under the old DBT. We are making recommendations to the Secretary of Energy that are intended to strengthen DOE's ability to meet the requirements of the new DBT, as well as to strengthen the department's ability to deal with future terrorist threats. We are also recommending that the Secretary report to the Congress on departmental progress in meeting the threat contained in the new DBT and reducing risks to critical facilities at its sites. We provided DOE with a draft of this report for review and comment. In its written comments, DOE said it was committed to the development and promulgation of an accurate and comprehensive DBT policy. DOE did not comment specifically on our recommendations other than to say that the department would consider them as part of its Departmental Management Challenges for 2004. DOE has identified the DBT as a major departmental initiative within the National Security Management Challenge. Background: From the beginning of the Manhattan Project in the 1940s, a primary mission of DOE and its predecessor organizations has been to design, test, and build the nation's nuclear weapons. To accomplish this mission, DOE constructed a vast nuclear weapons complex throughout the United States. Much of this complex was devoted to the production and fabrication of weapons components made from two special nuclear materials-plutonium and highly enriched uranium. The end of the Cold War changed the department's focus from building new weapons to extending the lives of existing weapons, disposing of surplus nuclear material, and cleaning up no longer needed weapons sites. NNSA is responsible for extending the lives of existing weapons in the stockpile and for ultimately disposing of surplus nuclear material, while EM is responsible for cleaning up former nuclear weapons sites. Contractors, who are responsible for protecting classified information, nuclear materials, nuclear weapons, and nuclear weapons components, operate both NNSA and EM sites. In addition to NNSA and EM, DOE has two other important security organizations. DOE's Office of Security develops and promulgates orders and policies, such as the DBT, to guide the department's safeguards and security programs. DOE's Office of Independent Oversight and Performance Assurance supports the department by, among other things, independently evaluating the effectiveness of contractors' performance in safeguards and security. It also performs follow-up reviews to ensure that contractors have taken effective corrective actions and appropriately addressed weaknesses in safeguards and security. The key component of DOE's well-established, risk-based security practices is the DBT, a classified document that identifies the characteristics of the potential threats to DOE assets. The DBT has been traditionally based on a classified, multiagency intelligence community assessment of potential terrorist threats, known as the Postulated Threat. The DBT considers a variety of threats in addition to terrorists. Other adversaries considered in the DBT include criminals, psychotics, disgruntled employees, violent activists, and spies. The DBT also considers the threat posed by insiders, individuals who have authorized, unescorted access to any part of DOE facilities and programs. Insiders may operate alone or may assist an adversary group. Insiders are routinely considered to provide assistance to the terrorist groups found in the DBT. The threat from terrorist groups is generally the most demanding threat contained in the DBT. DOE counters the terrorist threat specified in the DBT with a multifaceted protective system. While specific measures vary from site to site, all protective systems at DOE's most sensitive sites employ a defense-in-depth concept that includes: * a variety of integrated alarms and sensors capable of detecting intruders; * physical barriers, such as fences and antivehicle obstacles; * numerous access control points, such as turnstiles, badge readers, vehicle inspection stations, special nuclear material detectors, and metal detectors; * operational security procedures, such as a “two person" rule that prevents only one person from having access to special nuclear material; * hardened facilities and/or vaults; and: * a heavily armed paramilitary protective force equipped with such items as automatic weapons, night vision equipment, body armor, and chemical protective gear. Depending on the material, protective systems at DOE Category I special nuclear material sites are designed to accomplish the following objectives in response to the terrorist threat: * Denial of access. For some potential terrorist objectives, such as the creation of an improvised nuclear device, DOE may employ a protection strategy that requires the engagement and neutralization of adversaries before they can acquire hands-on access to the assets. * Denial of task. For nuclear weapons or nuclear test devices that terrorists might seek to steal, DOE requires the prevention and/or neutralization of the adversaries before they can complete a specific task, such as stealing such devices. * Containment with recapture. Where the theft of nuclear material (instead of a nuclear weapon) is the likely terrorist objective, DOE requires that adversaries not be allowed to escape the facility and that DOE protective forces recapture the material as soon as possible. This objective requires the use of specially trained and well-equipped special response teams. The effectiveness of the protective system is formally and regularly examined through vulnerability assessments. A vulnerability assessment is a systematic evaluation process in which qualitative and quantitative techniques are applied to detect vulnerabilities and arrive at effective protection of specific assets, such as special nuclear material. To conduct such assessments, DOE uses, among other things, subject matter experts, such as U.S. Special Forces; computer modeling to simulate attacks; and force-on-force performance testing, in which the site's protective forces undergo simulated attacks by a group of mock terrorists. The results of these assessments are documented at each site in a classified document known as the Site Safeguards and Security Plan. In addition to identifying known vulnerabilities, risks, and protection strategies for the site, the Site Safeguards and Security Plan formally acknowledges how much risk the contractor and DOE are willing to accept. Specifically, for more than a decade, DOE has employed a risk management approach that seeks to direct resources to its most critical assets-in this case Category I special nuclear material-and mitigate the risks to these assets to an acceptable level. Levels of risk-high, medium, and low-are assigned classified numerical values and are derived from a mathematical equation that compares a terrorist group's capabilities with the overall effectiveness of the crucial elements of the site's protective forces and systems. Historically, DOE has striven to keep its most critical assets at a low risk level and may insist on immediate compensatory measures should a significant vulnerability develop that increases risk above the low risk level. Compensatory measures could include such things as deploying additional protective forces or curtailing operations until the asset can be better protected. In response to a September 2000 DOE Inspector General's report recommending that DOE establish a policy on what actions are required once high or moderate risk is identified, in September 2003, DOE's Office of Security issued a policy clarification stating that identified high risks at facilities must be formally reported to the Secretary of Energy or Deputy Secretary within 24 hours. In addition, under this policy clarification, identified high and moderate risks require corrective actions and regular reporting. Through a variety of complementary measures, DOE ensures that its safeguards and security policies are being complied with and are performing as intended. Contractors perform regular self-assessments and are encouraged to uncover any problems themselves. In addition to routine oversight, DOE Orders require field offices to comprehensively survey contractors' operations for safeguards and security every year. These surveys, which can draw upon subject matter experts throughout the complex, generally take about 2 weeks to conduct and cover such areas as program management, protection program operations, information security, nuclear materials control and accountability, and personnel security. The survey team assigns ratings of satisfactory, marginal, or unsatisfactory. DOE's Office of Independent Oversight and Performance Assurance provides yet another check through its comprehensive inspection program. This office performs such inspections roughly every 18 months at each DOE site that has specified quantities of Category I special nuclear material. All deficiencies (findings) identified during a survey require the contractors to take corrective action. DOE Took Immediate Steps to Improve Security in the Aftermath of September 11, 2001, but the Effectiveness of These Steps Is Uncertain: DOE took immediate steps to improve physical security in the aftermath of the September 11, 2001, terrorist attacks. These steps included the following: * Raised the level of security readiness. Presidential Decision Directive 39, issued in June 1995, states that the United States shall give the highest priority to developing effective capabilities to detect, prevent, and defeat terrorists seeking nuclear weapons or materials. In response, DOE Notice 473.6 specifies SECONs that have to be implemented at its Category I special nuclear material sites in response to a terrorist threat. On September 11, 2001, within a matter of hours, DOE sites went from their then-normal SECON level 4-terrorist threat level low-to SECON level 2-terrorist threat level high. Sites were required to implement nearly 30 additional measures, such as increasing vehicle inspections and badge checks; increasing stand-off distances between public and sensitive areas to protect against large vehicle bombs; activating and manning emergency operations centers on a continuous basis; and more heavily arming and increasing the number of protective forces on duty. Sites maintained SECON level 2 through October 2001 before dropping to an enhanced SECON level 3. The sites have returned to SECON level 2 several times since September 11, 2001, most recently in December 2003, when the national threat warning system was elevated to Orange Alert. The new baseline for security at DOE sites is generally assumed to be the measures currently associated with SECON level 3. * Denial protection strategies. On October 3, 2001, the Secretary of Energy issued a classified directive ordering all sites to develop and implement plans to move to a denial protection strategy. DOE Manual 5632.1C-1 states that a denial protection strategy should be used where unauthorized access presents an unacceptable risk. In this regard, denial programs are designed to prevent an unauthorized opportunity to credibly initiate a nuclear dispersal or detonation or to use available materials for on-site assembly of an improvised nuclear device. Denial has typically been understood to mean that terrorists would never gain access to certain types of special nuclear material. The October 2001 directive also increased levels of performance testing for the protection of special nuclear material at DOE's most critical facilities to ensure that these denial strategies were effective. * Conducted security reviews, studies, and analyses. DOE conducted a number of security-related reviews, studies, and analyses. For example, within days after the terrorist attacks, DOE and NNSA officials conducted a classified assessment of their facilities' vulnerabilities to an attack by aircraft, such as the attacks that occurred on September 11, 2001, or large vehicle bombs. NNSA also organized a 90- day Combating Terrorism Task Force, composed of 12 federal and contractor employee teams that looked at a number of security areas. One team, the site-by-site security review and vulnerability assessment group, identified and set priorities for over 80 security improvement projects, totaling more than $2 billion, that could be completed within 5 to 6 years. These projects ranged from hiring additional protective forces to consolidating special nuclear material. * Increased liaison with federal, state, and local authorities. Before the September 11 terrorist attacks, DOE headquarters offices and sites maintained a variety of relationships, memoranda of understanding, and other formal and informal communications with organizations such as the Federal Aviation Administration, Federal Bureau of Investigation, and state and local law enforcement and emergency management agencies. After the terrorist attacks, DOE officials increased their communications with these organizations and established direct links through sites' emergency operations centers. Because of the potential threat of aircraft attacks created by the September 11 attacks and because of such attacks' potentially devastating consequences, sites worked closely with the Federal Aviation Administration and the U.S. military. Several benefits have resulted from these immediate measures. With respect to improved security, DOE security officials believe that the implementation of SECON levels 2 and 3 has, for example, increased the visible deterrence at DOE sites by placing more protective forces around the sites. Studies and analyses have also resulted in different and less vulnerable storage strategies for some special nuclear material. For example, one NNSA site purchased special fire and blast- resistant safes to store special nuclear material. Finally, some long- recognized security enhancement projects have received more funding, such as the construction of a new storage facility at an NNSA site, and efforts to control access to public areas and roads adjacent to several NNSA sites. While these measures have produced several positive outcomes, they have also had the following negative impacts: * First, the role of the implemented SECON measures in improving DOE physical security is uncertain. While DOE Notice 473.6, which established the department's SECON levels, does not explicitly require SECON measures to be performance tested, DOE Manual 473.2-2 states that performance tests must be used to realistically evaluate and verify the effectiveness of protective force programs. While some of the SECON measures, such as vehicle inspection checkpoints, have undergone some limited performance testing of their effectiveness, most DOE sites generally have not assessed the SECON level measures in place using the vulnerability assessment tools, such as computer modeling and full- scale force-on-force performance tests, that play such a key role in developing and verifying protective strategies at their sites. Consequently, the effectiveness of SECON measures against other aspects of the 2003 DBT, such as a larger group of well-armed terrorists, is largely unknown. In its comments on our report, DOE agreed to explore procedures to incorporate the evaluation of increased SECON levels into its vulnerability assessments. * Second, increased SECON measures have been expensive. DOE sites estimate that it costs each site from $18,000 to nearly $200,000 per week in unplanned expenditures to implement the required SECON level 2 and 3 measures. Most of these expenses result from overtime pay to protective forces. The costs of the higher SECON levels, however, can be measured in more than just budget dollars. Specifically, a June 2003 DOE Inspector General's report found that the large amounts of overtime needed to meet the higher SECON requirements have resulted in fatigue, reduced readiness, retention problems, reduced training, and fewer force-on-force performance tests for the protective forces. Additional protective forces have been hired and trained in an effort to provide some relief; however, the DOE Inspector General has found that the deployment of additional protective forces has been delayed by slow processing of the necessary security clearances. * Third, the increased operational costs associated with the higher SECON levels can hinder or preclude sites from making investments that could improve their security over the long term. For example, according to a NNSA security official, because of the high costs of maintaining SECON measures, one site had to delay purchasing weaponry and ammunition for its protective forces to use to defeat commercially available armored vehicles that could be used by terrorists. * Fourth, the sites did not complete the implementation of the Secretary's October 3, 2001, denial directive because of confusion over its meaning and because of the projected high costs of implementation. Over the years, DOE has issued varying guidance on denial protection strategies and, as a result, the sites have approached denial protection from different perspectives. For example, some NNSA sites and operations have implemented the most stringent form of denial, which is now defined as denial of access. In contrast, other NNSA sites have plans in place to interrupt terrorists who have gained access to materials, now called a denial of task protection strategy. Most EM sites have practiced containment protection strategies augmented by recapture and recovery capabilities. For sites that did not already have a denial strategy in place, moving to a full denial of access strategy appears to be enormously expensive, with some sites estimating it would cost from about $30 million to $200 million to implement the directive completely. Moreover, the performance testing requirements of this directive have generally not been conducted because of the already large amounts of protective force overtime required by the higher SECON levels. For example, a NNSA security official at one site estimated it would have to conduct as many as 30 full-scale force-on-force performance tests each year to comply with the Secretary's Directive. The 2003 DBT, however, has now replaced this directive by explicitly defining denial of access and denial of task protection strategies and when these strategies should be employed. * Finally, while liaison with other agencies is important, DOE officials anticipate that any terrorist attacks on their facilities will be short and violent and be over before any external responders can arrive. In addition, because some DOE sites are close to airports and/or major flight routes, they may receive little warning of aircraft attacks, and U.S. military aircraft may have little opportunity to intercept these attacks. Development of the New DBT Took Almost 2 Years Because of Delays in Developing the Postulated Threat and DOE's Lengthy Review and Comment Process: Under DOE Order 470.1, the DBT is intended to provide the foundation for all of DOE's protective strategies. For example, DOE Order 473.2 states that protective forces must be trained and equipped to defeat the terrorist groups contained in the DBT. In the immediate aftermath of September 11, 2001, DOE officials realized that the then current DBT, issued in April 1999 and based on a 1998 intelligence community assessment, was obsolete. The September 11, 2001, terrorist attacks suggested larger groups of terrorists, larger vehicle bombs, and broader terrorist aspirations to cause mass casualties and panic than were envisioned in the 1999 DOE DBT. However, formally recognizing these new threats by updating the DBT was difficult because of debates over the size of the future threat, the cost to meet it, and the DOE policy process. The traditional basis for the DBT has been the Postulated Threat, which is conducted by the U.S. intelligence community, principally DOD's Defense Intelligence Agency, and the security organizations of a number of different agencies, including DOE. For example, DOE closely based its 1999 DBT on the 1998 Postulated Threat assessment and adopted the same number of terrorists as identified by the 1998 Postulated Threat as its highest threat to its facilities. Efforts to revise the Postulated Threat began soon after the terrorist attacks of September 11, 2001. The intelligence community originally planned to complete the Postulated Threat by April 2002; however, the document was not completed and officially released until January 2003, about 9 months behind the original schedule. According to DOE and DOD officials, this delay was the result of other post September 11, 2001, demands placed on the intelligence community, as well as sharp debates among the organizations involved with developing the Postulated Threat over the size and capabilities of future terrorist threats and the resources needed to meet these projected threats. While waiting for the new Postulated Threat, DOE developed a number of draft documents that culminated in the final May 20, 2003, DBT. These documents included the following: * December 2001-Interim Joint Threat Policy Statement. DOE and DOD worked on this joint draft document but abandoned this effort later in 2002 because neither agency wanted to act without the benefit of the Postulated Threat. * January 2002-Interim Implementing Guidance. DOE's Office of Security issued this guidance so that DOE programs could begin to plan and budget for eventual increases in the DBT. This interim guidance suggested that sites begin planning for an increased number of adversaries over the 1999 DBT. * May 2002-Draft DBT. DOE produced its first official draft DBT and labeled it an interim product pending the release of the Postulated Threat. * August 2002-Second Draft DBT. This draft introduced the graded threat approach, which is an important feature in the final DBT. * December 2002-Third Draft DBT. * April 2003-Fourth Draft DBT. This draft was the first to consider the final January 2003 Postulated Threat. * May 2003-Final DBT. Like the participants responsible for developing the Postulated Threat, during the development of the DBT, DOE officials debated the size of the future terrorist threat and the costs to meet it. DOE officials at all levels told us that concern over resources played a large role in developing the 2003 DBT, with some officials calling the DBT the “funding basis threat," or the maximum threat the department could afford. This tension between threat size and resources is not a new development. According to a DOE analysis of the development of prior DBTs, political and budgetary pressures and the apparent desire to reduce the requirements for the size of protective forces appear to have played a significant role in determining the terrorist group numbers contained in prior DBTs. Finally, DOE developed the DBT through the standard DOE review and comment process for developing policy as outlined in DOE Order 251.1A and DOE Manual 251.1-1A. This process emphasizes developing consensus and resolving conflicts and involving a wide number of DOE organizations and affected contractors. Once DOE formulates a proposed policy, it typically allows 60 days for review and comment and 60 days for issue resolution. While developing the 2003 DBT, DOE's Office of Security distributed the draft DBTs to DOE program and field offices and invited them to provide comments. Field offices distributed the drafts to contractors, who were also invited to provide comments. DOE's Office of Security considered these comments and often incorporated them into the next version of the DBT. DOE's Office of Security also continued to coordinate with the other federal organizations that have similar assets, chiefly DOD and the Nuclear Regulatory Commission. Having followed this process for 21 months, the Deputy Secretary of Energy signed the revised DBT in May 2003. According to the Director of Policy in DOE's Office of Security, the DBT was developed as fast as possible, given delays in completing the Postulated Threat and the constraints of the DOE policy system. He added that using the DOE policy process was difficult and time-consuming and inevitably added to delays in issuing the new DBT. Many officials in DOE's program offices and sites, as well as contractor officials, also found the process to be laborious and not timely, especially given the more dangerous threat environment that existed after the September 11, 2001, terrorist attacks. During the 21 months it took to develop the DBT, DOE sites still officially followed the 1999 DBT, although their protective posture was augmented by implementing SECON level 2 and 3 measures. EM sites continued to conduct vulnerability assessments and develop Site Safeguards and Security Plans based on the 1999 DBT. In contrast, NNSA largely suspended the development of Site Safeguards and Security Plans pending the issuance of the new DBT, although NNSA did embark on a new vulnerability assessment process, called Iterative Site Analysis. NNSA performed Iterative Site Analysis exercises at a number of its sites. EM also conducted an Iterative Site Analysis at one site. Also during this period, DOE's Office of Independent Oversight and Performance Assurance continued its inspections; however, it initially reduced the amount of force-on-force performance testing it conducted because of the high levels of protective force overtime caused by implementation of SECON level 2 and 3 measures. This office also planned to begin performance testing at levels higher than the 1999 DBT, but it had done so only once before the 2003 DBT was issued. The May 2003 DBT Identifies a Larger Terrorist Threat, but in Most Cases is Less Than the Terrorist Threat Identified by an Important Intelligence Community Assessment: Reflecting the post-September 11, 2001, environment, the May 2003 DBT, among other things, identifies a larger terrorist threat than did the previous DBT. It also mandates specific protection strategies and expands the range of terrorist objectives to include radiological, biological, and chemical sabotage. However, the threat identified in the new DBT, in most cases, is less than the terrorist threat identified in the intelligence community's Postulated Threat. Key features of the 2003 DBT include the following: * Expanded terrorist characteristics and goals. The 2003 DBT assumes that terrorist groups are the following: well armed and equipped; trained in paramilitary and guerrilla warfare skills and small unit tactics; highly motivated; willing to kill, risk death, or commit suicide; and capable of attacking without warning. Furthermore, according to the 2003 DBT, terrorists might attack a DOE or NNSA facility for a variety of goals, including the theft of a nuclear weapon, nuclear test device, or special nuclear material; radiological, chemical, or biological sabotage; and the on-site detonation of a nuclear weapon, nuclear test device, or special nuclear material that results in a significant nuclear yield. DOE refers to such a detonation as an improvised nuclear device. * Increased size of the terrorist group threat. The 2003 DBT increases the terrorist threat levels for the theft of the department's highest value assets-Category I special nuclear materials-although not in a uniform way. Previously, under the 1999 DBT, all DOE sites that possessed any type of Category I special nuclear material were required to defend against a uniform terrorist group composed of a relatively small number of individuals. Under the 2003 DBT, however, the department judges the theft of a nuclear weapon or test device to be more attractive to terrorists, and sites that have these assets are required to defend against a substantially higher number of terrorists than are other sites. For example, an NNSA site that, among other things, assembles and disassembles nuclear weapons, is required to defend against a larger terrorist group. Other NNSA sites, some of which fabricate nuclear weapons components, or EM sites that store excess plutonium, only have to defend against a smaller group of terrorists. However, the number of terrorists in the 2003 DBT is larger than the 1999 DBT number. DOE calls this a graded threat approach. * Mandated specific protection strategies. In line with the graded threat approach and depending on the type of materials they possess and the likely mission of the terrorist group, sites must now implement specific protection strategies, such as denial of access, denial of task, or containment with recapture for their most sensitive facilities and assets. For example, one NNSA site is required under the new DBT to implement a denial of task strategy to prevent terrorists from stealing a nuclear weapon or test device. In contrast, other DOE sites are required to implement a containment with recapture strategy to prevent the theft of special nuclear material. However, if these sites have an improvised nuclear device concern, they will have to implement denial of access or denial of task strategies. Finally, sites will have to develop, for the first time, specific protection strategies for facilities, such as radioactive waste storage areas, wastewater treatment, and science laboratories, against the threat of radiological, chemical, or biological sabotage. Previously, in an April 1998 policy clarification, DOE's Office of Security had stated that, assuming that baseline security requirements were met, radiological dispersal sabotage events were not considered attractive to terrorists. * Addressed the potential for improvised nuclear device concerns. The new DBT establishes a team to report to the Secretary of Energy on each site's potential for improvised nuclear devices. Based on the teams' advice, the Secretary of Energy will have to designate whether a site has such a concern. This official designation should help address the general dissatisfaction with previous DOE policies for improvised nuclear devices, knowledge of which is carefully controlled and not shared widely with security officials. For example, some EM sites have had no information at all on their potential for this risk, and at least one NNSA site official believed that scenarios for such risks have not been fully characterized. * Introduced aircraft threats and mitigation measures. In the 1999 DBT, DOE only acknowledged the risk for unspecified air attacks but did not lay out any protective measures to mitigate this risk. In the 2003 DBT, DOE considers aircraft as airborne improvised explosive devices. DOE's new policy is to rely on other federal government agencies, such as the Departments of Homeland Security and Defense, to defeat such a threat. DOE sites are expected, however, to consider measures, such as how they handle and store their materials, to mitigate the consequences of an aircraft attack on existing facilities, and new DOE facility designs are expected to include features to mitigate the consequences of an attack. While DOE's 2003 DBT makes some important advances, aspects of the DBT raise several important issues. First, while the May 2003 DBT identifies a larger terrorist group than did the previous DBT, the threat identified in the new DBT in most cases is less than the terrorist threat identified in the intelligence community's Postulated Threat. The Postulated Threat applies to nuclear weapons sites, which the Postulated Threat defines as research and development facilities with nuclear weapons, components, or special nuclear material; weapons production facilities; sites for long-term storage of nuclear weapons; and nuclear weapons in transport. With respect to these sites, the Postulated Threat specified the following: * There is a credible threat to U.S. facilities with nuclear or chemical weapons or biological agents. * A well-organized terrorist group presents the greatest and most likely threat in most circumstances. * Terrorists may use aircraft as weapons. * Terrorists may use multiple vehicle bombs loaded with explosives. * Terrorist groups would probably consist of a small to medium sized group of well-armed and trained members. A larger force is possible if the group thought this was necessary to attain an important strategic goal. * Terrorist objectives include the theft of a weapon, detonation of a nuclear weapon in place, radiological sabotage, mass casualties, and/or public panic. In contrast to the Postulated Threat, DOE is preparing to defend against a significantly smaller group of terrorists attacking most of its facilities. Specifically, only for its sites and operations that handle nuclear weapons, is DOE currently preparing to defend against an attacking force that approximates the lower range of the threat identified in the Postulated Threat. For the other DOE sites that have Category I special nuclear material-all of which fall under the Postulated Threat's definition of a nuclear weapons site-DOE is currently only preparing to defend against a smaller number terrorists-or approximately the same number contained in its DBT in the early 1980s. Second, and more critically, some of these sites may have improvised nuclear device concerns that, if successfully exploited by terrorists, could result in a nuclear detonation. Nevertheless, under the graded threat approach, DOE requires these sites only to be prepared to defend against a smaller force of terrorists than was identified by the Postulated Threat. DOE's Office of Security cited subject matter expert opinion as support for this distinction. However, according to officials in DOE's Office of Independent Oversight and Performance Assurance, sites with improvised nuclear device concerns should be held to the same requirements as facilities that possess nuclear weapons and test devices since the potential worst-case consequence at both types of facilities would be the same-a nuclear detonation. Some DOE officials and an official in DOD's Office of the Assistant Secretary of Defense for Command, Control, Communications, and Intelligence disagreed with the overall graded threat approach, believing that the threat should not be embedded in the DBT by adjusting the number of terrorists that might attack a particular target. DOE Office of Security officials cited three reasons for why the department departed from the Postulated Threat's assessment of the potential size of terrorist forces. First, these officials stated that they believed that the Postulated Threat only applied to sites that handled completed nuclear weapons and test devices. However, both the 2003 Postulated Threat, as well as the preceding 1998 Postulated Threat, state that the threat applies to nuclear weapons and special nuclear material without making any distinction between them. Second, DOE Office of Security officials believed that the higher threat levels contained in the 2003 Postulated Threat represented the worst potential worldwide terrorist case over a 10-year period. These officials noted that while some U.S. assets, such as military bases, are located in parts of the world where terrorist groups receive some support from local governments and societies, thereby allowing for an expanded range of capabilities, DOE facilities are located within the United States, where terrorists would have a more difficult time operating. Furthermore, DOE Office of Security officials stated that the DBT focuses on a nearer-term threat of 5 years. As such, DOE Office of Security officials said that they chose to focus on what their subject matter experts believed was the maximum, credible, near-term threat to their facilities. However, while the 1998 Postulated Threat made a distinction between the size of terrorist threats abroad and those within the United States, the 2003 Postulated Threat, reflecting the potential implications of the September 2001 terrorist attacks, did not make this distinction. Finally, DOE Office of Security officials stated that the Postulated Threat document represented a reference guide instead of a policy document that had to be rigidly followed. The Postulated Threat does acknowledge that it should not be used as the sole consideration to dictate specific security requirements and that decisions regarding security risks should be made and managed by decision makers in policy offices. However, DOE has traditionally based its DBT on the Postulated Threat. For example, the prior DBT, issued in 1999, adopted exactly the same terrorist threat size as was identified by the 1998 Postulated Threat. Finally, the department's criteria for determining the severity of radiological, chemical, and biological sabotage may be insufficient. For example, the criterion used for protection against radiological sabotage is based on acute radiation dosages received by individuals. However, this criterion may not fully capture or characterize the damage that a major radiological dispersal at a DOE site might cause. For example, according to a March 2002, DOE response to a January 23, 2002, letter from Representative Edward J. Markey, a worst-case analysis at one DOE site showed that while a radiological dispersal would not pose immediate, acute health problems for the general public, the public could experience measurable increases in cancer mortality over a period of decades after an event. Moreover, releases at the site could also have environmental consequences requiring hundreds of millions to billions of dollars to clean up. Contamination could also affect habitability for tens of miles from the site, possibly affecting hundreds of thousands of residents for many years. Likewise, the same response showed that a similar event at a NNSA site could result in a dispersal of plutonium that could contaminate several hundred square miles and ultimately cause thousands of cancer deaths. For chemical sabotage standards, the 2003 DBT requires sites to protect to industry standards. However, we reported last year that such standards currently do not exist. Specifically, we found that no federal laws explicitly require chemical facilities to assess vulnerabilities or take security actions to safeguard their facilities against terrorist attack. Finally, the protection criteria for biological sabotage are based on laboratory safety standards developed by the U.S. Centers for Disease Control, not physical security standards. DOE Has Been Slow to Resolve a Number of Significant Issues That May Affect the Ability of its Sites to Fully Meet the Threat Contained in the New DBT: While DOE issued the final DBT in May 2003, it has been slow to resolve a number of significant issues that may affect the ability of its sites to fully meet the threat contained in the new DBT in a timely fashion. Fully resolving these issues may take several years and the total cost of meeting the new threats is currently unknown. Because some sites will be unable to effectively counter the higher threat contained in the new DBT for up to several years, these sites should be considered to be at higher risk under the new DBT than they were under the old DBT. In order to undertake the necessary range of vulnerability assessments to accurately evaluate their level of risk under the new DBT and implement necessary protective measures, DOE recognized that it had to complete a number of key activities. DOE only recently completed two of these key activities. First, in February 2004, DOE issued its Adversary Capabilities List, which is a classified companion document to the DBT, that lists the potential weaponry, tactics, and capabilities of the terrorist group described in the DBT. This document has been amended to include, among other things, heavier weaponry and other capabilities that are potentially available to terrorists who might attack DOE facilities. DOE is continuing to review relevant intelligence information for possible incorporation into future revisions of the Adversary Capabilities List. Second, DOE also only recently provided additional DBT implementation guidance. In a July 2003 report, DOE's Office of Independent Oversight and Performance Assurance noted that DOE sites had found initial DBT implementation guidance confusing. For example, when the Deputy Secretary of Energy issued the new DBT in May 2003, the cover memo said the new DBT was effective immediately but that much of the DBT would be implemented in fiscal years 2005 and 2006. According to a 2003 report by the Office of Independent Oversight and Performance Assurance, many DOE sites interpreted this implementation period to mean that they should, through fiscal year 2006, only be measured against the previous, less demanding 1999 DBT. In particular, the 2003 report found that one NNSA site was planning to conduct certain operations starting in 2003 that involved special nuclear material using security plans that did not comply with even the 1999 DBT. Consequently, the Office of Independent Oversight and Performance Assurance recommended that the site suspend these planned operations until it had adequate security plans that reflected the new DBT. NNSA security officials concurred with this recommendation and postponed the site's proposed operations. In response to this confusion, the Deputy Secretary issued further guidance in September 2003 that called for the following, among other things: * DOE's Office of Security to issue more specific guidance by October 22, 2003, regarding DBT implementation expectations, schedules, and requirements. DOE issued this guidance January 30, 2004. * Quarterly reports showing sites' incremental progress in meeting the new DBT for ongoing activities. * Immediate compliance with the new DBT for new and reactivated operations. Other important DBT-related issues remain unresolved. First, as noted earlier, a special team created in the 2003 DBT, composed of weapons designers and security specialists, finalized its report on each site's improvised nuclear device vulnerabilities. The results of this report were briefed to senior DOE officials in March 2004. Based on this team's report, the Secretary may officially designate some sites as having an improvised nuclear device concern. If this designation is made, some sites may be required under the 2003 DBT to shift to a denial of access or denial of task protection strategy, which could be very costly. This special team's report may most affect EM sites because their improvised nuclear device potential had not been explored until this review, and their formal protection strategy remains at the less demanding containment with recapture and recovery level. DOE officials have not identified when the Secretary will make these designations. Second, DOE's Office of Security has not completed all of the activities associated with the new vulnerability assessment methodology it has been developing for over a year. DOE's Office of Security believes this methodology, which uses a new mathematical equation for determining levels of risk, will result in a more sensitive and accurate portrayal of each site's defenses-in-depth and the effectiveness of sites' protective systems (i.e., physical security systems and protective forces) when compared with the new DBT. DOE's Office of Security decided to develop this new equation because its old mathematical equation had been challenged on technical grounds and did not give sites credit for the full range of their defenses-in-depth. While DOE's Office of Security completed this equation in December 2002, officials from this office believe it will probably not be completely implemented at the sites for at least another year for two reasons. First, site personnel who implement this methodology will require additional training to ensure they are employing it properly. DOE's Office of Security conducted initial training in December 2003, as well as a prototype course in February 2004, and has developed a nine-course vulnerability assessment certification program. Second, sites will have to collect additional data to support the broader evaluation of their protective systems against the new DBT. Collecting these data will require additional computer modeling and force-on-force performance testing. Because of the slow resolution of some of these issues, DOE has not developed any official long-range cost estimates or developed any integrated, long-range implementation plans for the May 2003 DBT. Specifically, neither the fiscal year 2003 nor 2004 budgets contained any provisions for DBT implementation costs. However, during this period, DOE did receive additional safeguards and security funding through budget reprogramming and supplemental appropriations. DOE used most of these additional funds to cover the higher operational costs associated with the increased SECON measures. DOE has gathered initial DBT implementation budget data and has requested additional DBT implementation funding in the fiscal year 2005 budget: $90 million for NNSA, $18 million for the Secure Transportation Asset within the Office of Secure Transportation, and $26 million for EM. However, DOE officials believe the budget data collected so far has been of generally poor quality because most sites have not yet completed the necessary vulnerability assessments to determine their resource requirements. Consequently, the fiscal year 2006 budget may be the first budget to begin to accurately reflect the safeguards and security costs of meeting the requirements of the new DBT. Reflecting these various delays and uncertainties, in September 2003, the Deputy Secretary changed the deadline for DOE program offices, such as EM and NNSA, to submit DBT implementation plans from the original target of October 2003 to the end of January 2004. NNSA and EM approved these plans in February 2004. A DOE Office of Budget official told us that current DBT implementation cost estimates do not include items such as closing unneeded facilities, transporting and consolidating materials, completing line item construction projects, and other important activities that are outside of the responsibility of the safeguards and security program. For example, EM's Security Director told us that, for EM to fully comply with the DBT requirements in fiscal year 2006 at one of its sites, it will have to: * close and de-inventory two facilities, * consolidate excess materials into remaining special nuclear materials facilities, and: * move consolidated Category I special nuclear material, which NNSA's Office of Secure Transportation will transport, to another site. Likewise, the EM Security Director told us that to meet the DBT requirements at another site, EM will have to accelerate the closure of one facility and transfer special nuclear material to another facility on the site. The costs to close these facilities and to move materials within a site are borne by the EM program budget and not by the EM safeguards and security budget. Similarly, the costs to transport the material between sites are borne by NNSA's Office of Secure Transportation budget and not by EM's safeguards and security budget. A DOE Office of Budget official told us that a comprehensive, department- wide approach to budgeting for DBT implementation that includes such important program activities as described above is needed; however, such an approach does not currently exist. The department plans to complete DBT implementation by the end of fiscal year 2006. However, most sites estimate that it will take 2 to 5 years, if they receive adequate funding, to fully meet the requirements of the new DBT. During this time, sites will have to conduct vulnerability assessments, undertake performance testing, and develop Site Safeguards and Security Plans. Consequently, full DBT implementation could occur anywhere from fiscal year 2005 to fiscal year 2008. Some sites may be able to move more quickly and meet the department's deadline of the end of fiscal year 2006. For example, one NNSA site already has developed detailed plans and budgets to meet the new DBT requirements. While this site may be already close to meeting the new DBT requirements, other DOE sites are at higher risk to the threats specified under the 2003 DBT than they were under the old 1999 DBT. For example, the Office of Independent Oversight and Performance Assurance has concluded in recent inspections that at least two DOE sites face fundamental and not easily resolved security problems that will make meeting the requirements of the new DBT difficult. For other DOE sites, their level of risk under the new DBT remains largely unknown until they can conduct the necessary vulnerability assessments. Because some sites will be unable to effectively counter the threat contained in the new DBT for a period of up to several years, these sites should be considered to be at higher risk under the new DBT than they were under the old DBT. Conclusions: DOE took a series of immediate actions in response to the terrorist attacks of September 11, 2001. While each of these actions have been important, in and of themselves, we believe they are not sufficient to ensure that all of DOE's sites are adequately prepared to defend themselves against the higher terrorist threat present in a post September 11, 2001 world. Rather, DOE must press forward with a series of actions to ensure that it is fully prepared to provide a timely and cost effective defense. First, DOE needs to know the effectiveness of its most immediate response to September 11, 2001-the move to higher SECON levels. The higher SECON levels, while increasing the level of visible deterrence, have come at a significant cost in budget dollars and protective force readiness. We believe that DOE needs to follow its own policies and use its well-established vulnerability assessment methodology to evaluate the effectiveness of these additional security measures. Second, because the September 11, 2001, terrorist attacks suggested larger groups of terrorists with broader aspirations of causing mass casualties and panic, we believe that the DBT development process that was used requires reexamination. While DOE may point to delays in the development of the Postulated Threat as the primary reason for the almost 2 years it took to develop a new DBT, DOE was also working on the DBT itself for most of that time. We believe the difficulty associated with developing a consensus using DOE's traditional policy- making process was a key factor in the time it took to develop a new DBT. During this extended period, DOE's sites were only being defended against what was widely recognized as an obsolete terrorist threat level. Third, we are concerned about two aspects of the resulting DBT. We are not persuaded that there is sufficient difference, in its ability to achieve the objective of causing mass casualties or creating public panic, between the detonation of an improvised nuclear device and the detonation of a nuclear weapon or test device at or near design yield that warrants setting the threat level at a lower number of terrorists. Furthermore, while we applaud DOE for adding additional requirements to the DBT such as protection strategies to guard against radiological, chemical, and biological sabotage, we believe that DOE needs to reevaluate its criteria for terrorist acts of sabotage, especially in the chemical area, to make it more defensible from a physical security perspective. Finally, because some sites will be unable to effectively counter the threat contained in the new DBT for a period of up to several years, these sites should be considered to be at higher risk under the new DBT than they were under the old DBT. Consequently, DOE needs to take a series of actions to mitigate these risks to an acceptable level as quickly as possible. To accomplish this, it is important for DOE to resolve a number of DBT and DBT-related issues and go about the hard business of a comprehensive department-wide approach to implementing needed changes in its protective strategy. Because the consequences of a successful terrorist attack on a DOE site could be so devastating, we believe it is important for DOE to inform the Congress about what sites are at high risk and what progress is being made to reduce these risks to acceptable levels. Recommendations for Executive Action: In order to strengthen DOE's ability to meet the requirements of the new DBT, as well as to strengthen the department's ability to deal with future terrorist threats, we are making the following seven recommendations to the Secretary of Energy: * Evaluate the cost and effectiveness of existing SECONs and how they are implemented using DOE's vulnerability assessment methodology. * Review how the DBT is developed to determine if using the current policy-making approach is appropriate given the dynamic post-September 11, 2001, security environment. * Reexamine the current application of the graded threat approach to sites that may have improvised nuclear device concerns. * Reexamine the criteria established in the May 2003 DBT to determine levels of risk from radiological, biological, and chemical sabotage to ensure that they are appropriate from a security standpoint. * Ensure that all remaining DBT and DBT related-issues, such as the designation of improvised nuclear device concerns and the new vulnerability assessment methodology, are completed on an expedited schedule. * Develop and implement a department-wide, multiyear, fully resourced implementation plan for meeting the new DBT requirements that includes important programmatic activities such as the closure of facilities and the transportation of special nuclear materials. * Report regularly to relevant congressional oversight committees on: (1) the status of DBT implementation as reflected by the required quarterly DBT implementation progress reports and (2) which sites and facilities are currently considered to be at high risk under the new DBT and what steps are being taken to mitigate these risks to acceptable levels. Agency Comments and Our Evaluation: We provided DOE with a draft of the classified version of this report for review and comment. In its written comments, DOE said it was committed to the development and promulgation of an accurate and comprehensive DBT policy. DOE did not comment specifically on our recommendations other than to say that the department would consider them as part of its Departmental Management Challenges for 2004. DOE has identified the DBT as a major departmental initiative within the National Security Management Challenge. In an enclosure attached to its comments, DOE also provided some additional technical information that we incorporated where appropriate. DOE's letter commenting on our draft report is presented in appendix I. We are sending copies of this report to the Secretary of Energy, the Director of the Office of Management and Budget, and appropriate congressional committees. We also will make copies available to others upon request. In addition, the report will be available at no charge on the GAO Web site at http://www.gao.gov. If you or your staff have any questions about this report, please call me at (202) 512-3841. Major contributors to this report are listed in appendix II. Sincerely yours, Signed by: Robin M. Nazzaro, Director, Natural Resources and Environment: [End of section] Appendix I: Comments from the Department of Energy: Department of Energy Washington, DC 20585: February 9, 2004: Ms. Robin Nazzaro: Director, Natural Resources and Environment United States General Accounting Office 441 G Street, NW: Washington, DC 20548: Dear Ms. Nazzaro: The Department of Energy (DOE) appreciates the opportunity to review and comment on the General Accounting Office (GAO) draft report, "DOE Needs to Resolve Significant Issues Before it Fully Meets the New Design Basis Threat (U)," transmitted by your letter dated January 23, 2004, GAO-04-273C. DOE is committed to the development and promulgation of an accurate and comprehensive Design Basis Threat (DBT) policy. The DBT is developed by the Office of Security and Safety Performance Assurance based on information from the intelligence organizations, both internal and external to DOE, national security information, and technical exchanges with the Department of Defense (DoD) and the Nuclear Regulatory Commission (NRC). The DBT is developed to consider all Departmental nuclear assets and the potential consequences of the loss or compromise of those assets. With respect to the recommendations in the draft report, we will consider each of them as part of the Departmental Management Challenges for 2004. For the National Security Management Challenge, the DBT has already been identified as a major Departmental initiative. Our specific comments are included in Enclosure 1. The comments provide additional information for consideration in the report and a suggested correction to one minor inaccuracy. Please contact Marshall Combs, Director, Office of Security, at 202-586-3345 if you have any additional questions. Sincerely, Signed by: Glenn S. Podonsky, Director Office of Security and Safety Performance Assurance: Enclosure (as stated): cc: K. McSlarrow, DS L. Brooks, NA-1 R. Card, US: T. Johnson, NA-1 B. Desmond, NA-55 M. Combs, SO-1 M. Kilpatrick, OA-1: [End of section] Appendix II: GAO Contact and Staff Acknowledgments: GAO Contact: James Noel (202) 512-3591: Staff Acknowledgments: In addition to the individuals named above, Jonathan Gill, Chris Pacheco, Andrea Miller, Chris Abraham, Jill Berman, Carol Hernstadt Shulman, Joyce Evans, and Gail Traynham also made key contributions to this report. FOOTNOTES [1] NNSA is responsible for the nation's nuclear weapons, nonproliferation, and naval reactors programs. We did not include Naval Reactors in our review because that office is a semiautonomous entity with a unique security structure and program. [2] At the time of our review, the Rocky Flats Environmental Technology Site in Rocky Flats, Colorado, was in the process of shipping its remaining Category I special nuclear material primarily to the Savannah River Site. This has now been completed. In addition, responsibility for the Idaho National Engineering and Environmental Laboratory, in Idaho Falls, Idaho, which is also a Category I special nuclear material site, was transferred from DOE's EM to DOE's Office of Nuclear Energy in May 2003. [3] Federal employees instead of contractors operate the assets of the Office of Secure Transportation. [4] See U.S. General Accounting Office, Nuclear Security: NNSA Needs to Better Manage Its Safeguards and Security Program, GAO-03-471 (Washington, D.C.: May 30, 2003). [5] We testified on these issues before the Subcommittee on National Security, Emerging Threats, and International Relations, House Committee on Government Reform, on June 24, 2003. See U.S. General Accounting Office, Nuclear Security: DOE's Response to the September 11, 2001 Terrorist Attacks, GAO-03-898TC (Washington, D.C.: June 24, 2003). [6] See U.S. General Accounting Office, Homeland Security: Voluntary Initiatives Are Under Way at Chemical Facilities, but the Extent of Security Preparedness Is Unknown, GAO-03-439 (Washington, D.C.: Mar. 14, 2003). [7] Audit Report: Management of the Department's Protective Forces, DOE/IG-0602, Department of Energy, Office of the Inspector General, June 2003. GAO's Mission: The General Accounting Office, the investigative arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO's commitment to good government is reflected in its core values of accountability, integrity, and reliability. Obtaining Copies of GAO Reports and Testimony: The fastest and easiest way to obtain copies of GAO documents at no cost is through the Internet. GAO's Web site ( www.gao.gov ) contains abstracts and full-text files of current reports and testimony and an expanding archive of older products. The Web site features a search engine to help you locate documents using key words and phrases. You can print these documents in their entirety, including charts and other graphics. Each day, GAO issues a list of newly released reports, testimony, and correspondence. GAO posts this list, known as "Today's Reports," on its Web site daily. The list contains links to the full-text document files. To have GAO e-mail this list to you every afternoon, go to www.gao.gov and select "Subscribe to e-mail alerts" under the "Order GAO Products" heading. Order by Mail or Phone: The first copy of each printed report is free. Additional copies are $2 each. A check or money order should be made out to the Superintendent of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or more copies mailed to a single address are discounted 25 percent. Orders should be sent to: U.S. General Accounting Office 441 G Street NW, Room LM Washington, D.C. 20548: To order by Phone: Voice: (202) 512-6000: TDD: (202) 512-2537: Fax: (202) 512-6061: To Report Fraud, Waste, and Abuse in Federal Programs: Contact: Web site: www.gao.gov/fraudnet/fraudnet.htm E-mail: fraudnet@gao.gov Automated answering system: (800) 424-5454 or (202) 512-7470: Public Affairs: Jeff Nelligan, managing director, NelliganJ@gao.gov (202) 512-4800 U.S. General Accounting Office, 441 G Street NW, Room 7149 Washington, D.C. 20548: