Energy confronts the human side of security issue

Energy confronts the human side of security issue

CIO John Gilligan says Energy labs are conducting automated and manual reviews of e-mail.

By Tony Lee Orr

GCN Staff

To turn around a troubling systems security record, senior Energy Department officials must address a chronic lack of accountability and a department culture that gives security demands scant notice, according to a presidential panel.

The President's Foreign Intelligence Advisory Board outlined in lengthy detail a DOE history replete with security gaffes and pointed to a muddled internal bureaucracy and a so-what attitude about security as the chief culprits.

Historically, DOE's employees have been the department's worst enemy in its attempts to maintain security, the panel concluded.

But Energy managers said they are intent on overcoming the cultural barriers. Security is now a front-line management issue, and the line managers have more responsibility, chief information officer John Gilligan said.

'There is a chain of command from headquarters to each of the organizations,' he said. 'When a policy is issued, it is coordinated with the lead program support organization and sent to the field organization.'

Previously, the chain of command was muddled because it often followed the money, he said. Now, no matter where a particular group gets its funds, it always follows the same chain of command for security responsibilities.

Since its inception, Energy has been fraught with security woes, arrogant staff members and a staggering pattern of denial, noted the June 1999 report, Science at Its Best, Security at Its Worst: A Report on Security Problems at the U.S. Department of Energy.

Even in 1994, when physicist Wen Ho Lee allegedly copied enough nuclear secrets to build a functional thermonuclear weapon, reports circulated within the agency lamenting numerous security problems, the report said. Department edicts that threatened, cajoled and demanded action were evidently ignored, the panel said.

'DOE represents the best of America's scientific talent and achievement, but it has also been responsible for the worst security record on secrecy that the members of this panel have ever encountered,' the report said. 'DOE's failure to respond to warnings from its own analysts, much less independent sources, underscores the depth of its managerial weakness and inability to implement legitimate policies regarding well-founded threats.'

Although Energy Secretary Bill Richardson's team has made changes, the panel's report questioned the effect that any action would have on longtime department workers.

'The long traditional and effective method of entrenched DOE and lab bureaucrats is to defeat security reform initiatives by waiting them out. They have been helped in this regard by the frequent changes in leadership at the highest levels of DOE,' the report said.

Richardson's senior staff met with resistance to security initiatives even in the wake of Lee's arrest in connection with alleged security breaches.

'A weapons lab was instructed to monitor its outgoing e-mail for possible security lapses,' the report said. 'The lab took the minimal action necessary; it began monitoring e-mails but did not monitor the files attached to e-mails.'

Energy staff members told the panel that there was a heightened sense of security at the most senior levels but that the response at the middle levels of management was lackluster and business as usual.

Gilligan said the e-mail matter has been resolved.

When the order was issued to inspect e-mail messages, there was an automated program to view them but it failed to check the attachments, he said. Now, officials at the labs are doing automated and manual reviews so they can inspect attachments, he said.

The panel refuted the idea that funding is the problem behind the weak security. 'Money cannot really be an issue. The annual DOE budget is already over $18 billion,' the report noted.

The department needs to continue putting resources into security and making sure managers know the risks Energy faces, the panel said. But changing the cultural mind-set is equally important, it added.

Only a chosen few

'One facet of the culture mentioned more than others is an arrogance borne of the simple fact that nuclear researchers specialize in one of the world's most advanced, challenging and esoteric fields of knowledge,' the report said.

Because of that, it's not surprising that many of Energy's scientists bristle under the restraints and regulations of administrators and bureaucrats who are perceived as not understanding their scientific work, the report said.

The cultural problem noted by the panel can be solved through education, Gilligan said.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.