Hill blasts DOE security'again

Hill blasts DOE security'again

DOE's Bill Richardson says a department reorganization meets requirements.

Report says nuclear data is still at risk

By Tony Lee Orr

GCN Staff

Despite a law mandating that the Energy Department improve security by spinning off its nuclear programs into a semiautonomous agency, DOE has created an organization whose systems remain vulnerable, a special House panel has concluded.

In the National Defense Authorization Act for Fiscal Year 2000, Congress ordered Energy to establish by last month the National Nuclear Security Administration. The mandate followed a caustic report by the President's Foreign Intelligence Advisory Board that detailed long-standing problems with the department's security practices [GCN, Feb. 21, Page 1].

Now, in a new report, the special oversight panel of the House Armed Services Committee has reiterated the presidential board's findings. And it concluded that the organizational setup of NNSA violates the authorization act's requirements. But Energy Secretary Bill Richardson told Congress last month that he stands by his reorganization strategy.

Energy has created a recipe for disaster by making NNSA's management structure a near clone of the department's executive organization, which historically has fostered security breaches, the panel said in its report, NNSA Implementation Plan: An Assessment.

The new agency suffers from confused lines of authority, poor procedures and a muddled implementation strategy, the panel said.

The panel also questioned whether the fledgling agency would be able to address program, budget and work force problems because many of its officers are responsible for other high-level department affairs. The panel said the dual assignments do not meet the law's requirement that the agency be a nearly independent organization.



NNSA's structure would make it easy for workers at the department's labs to continue ignoring computer security measures, a former high-ranking Energy official said.

'NNSA does not provide adequate security,' said the official, who now works at another Cabinet agency and requested anonymity. 'They need some kind of cop to make sure that security measures are implemented and followed.'

Armed Services created the special oversight panel to monitor the new organization's progress and make recommendations to the committee. The panel cited as a chief problem Richardson's decision to assign some individuals responsibilities in both NNSA and Energy.

'The central purpose of the new organization is to correct the confused lines of authority and responsibility within the DOE nuclear weapons complex that contributed to mismanagement and security problems at the department, and to provide a clear mission focus and accountability for DOE personnel involved in the nuclear weapons program,' the panel said in its report.

But in testimony to the committee last month, Richardson said Energy's NNSA structure is legally correct. He said his department's management process is solid and should be adopted for NNSA.

Double duty

Richardson said giving some managers responsibilities in both NNSA and Energy, which he called dual-hatting, is necessary to maintain clear lines of authority. He declined to comment further, and Energy public-affairs officials said Richardson's testimony makes clear his stance on the issue.


Who's wearing two hats?

'George B. Breznay is director of hearings and appeals for both Energy and NNSA.

'Claudia A. Cross, Energy's executive personnel services director, is headquarters personnel officer for NNSA.

'Edward Curran, Energy's counterintelligence director, is also NNSA's chief of defense nuclear counterintelligence.

'Eric J. Fygi is deputy general counsel at Energy and NNSA.

'John Gilligan, Energy's chief information officer, is NNSA's interim CIO.

'Ralph D. Goldenberg, a general counselor at Energy, is NNSA's agency ethics official.

'Retired Air Force Gen. Eugene Habiger, Energy's security czar, is also NNSA's chief of defense nuclear security.

'Richard Hopf, Energy's director of procurement and assistance management, is NNSA's headquarters procurement officer.

'Poli Marmolejos is the civil rights officer for Energy and NNSA.

'John McBroom directs both Energy's and NNSA's offices of Emergency Operations.

'David M. Michaels, Energy's assistant secretary for environment, safety and health, is NNSA's closure officer.

'Ernest J. Moniz, Energy's undersecretary for energy research, Defense programs, environmental management and civilian radioactive waste management, is NNSA's interim director for implementation of nuclear weapons policy.

'Mary Anne Sullivan is general counsel for Energy and NNSA.

'James M. Turner, G. Leah Dever and Gregory P. Rudy are field managers for Energy and NNSA at the nuclear research facilities in Oakland, Calif., Oak Ridge, Tenn., and Savannah River, Ga., respectively.

'Energy Board of Contract Appeals chairman E. Barclay Van Doren, vice chairman Beryl Gilmore and member Robert McCann all serve on NNSA's Board of Contract Appeals.


'We will not be dual-hatting hundreds of DOE employees as some in the Congress were expecting,' Richardson told House lawmakers.

There are fewer than 20 positions that require officials to oversee responsibilities for both NNSA and Energy, he said. 'These dual hats are necessary to assure the administrative operation of these administrative functions.'

In total, 3,013 Energy officials, researchers and lab scientists now work under NNSA's aegis.

To lead the new agency, the Clinton administration has nominated Air Force Gen. John A. Gordon, the CIA's deputy director, to become deputy administrator for national nuclear security. Gordon is awaiting Senate confirmation.

The panel report said that according to the authorization act, only the deputy administrator is supposed to report to Richardson and is supposed to have direct authority over all other officials in NNSA.

Richardson's NNSA implementation plan, however, consistently emphasizes specific Energy officials' authority over the new agency's functions, the panel report said. For instance, all NNSA lawyers fall under the authority of Energy's general counsel.

For now, all systems and IT security matters at NNSA are the responsibility of Energy chief information officer John Gilligan, whom Richardson assigned to oversee NNSA systems temporarily. If confirmed, Gordon would have to name a new CIO for the nuclear security agency and fill other posts.

The Armed Services panel said that unless Energy made NNSA more autonomous, Congress should expect the government's nuclear programs to continue to suffer systems security weaknesses. The panel concluded that Energy has created an agency that is too weak and dependent on its parent department to act as the guardian of the country's nuclear secrets.

The president's advisory board, in its earlier report, Science at Its Best; Security at Its Worst, noted a disregard for authority and a pattern of denial within Energy about the root cause of the department's security problems.

The board concluded that the indifference toward security created an atmosphere in which systems abuses and data tampering could occur. As an example, the report pointed to the Wen Ho Lee case. The Justice Department has alleged that the Los Alamos National Laboratory physicist downloaded enough classified nuclear information to build a thermonuclear weapon [GCN, March 29, 1999, Page 1].

The former senior Energy official said he had experienced that contempt for systems security firsthand.

'They will tolerate nothing that they feel will slow them down,' he said of the labs' researchers and scientists. During his tenure, he said, he saw lab officials approach members of Congress directly because they were unhappy with high-level department edicts regarding security.'The department's NNSA approach does not do enough to rein in the labs, the former official said, calling it mainly a title-changing initiative.

The Armed Services panel was not unanimous in its findings. In a dissent filed to the panel's report, Rep. John M. Spratt Jr. (D-S.C.) criticized the law establishing NNSA. The creation of a new level of bureaucracy itself muddles authority within Energy, he said.

inside gcn

  • IoT security

    A 'seal of approval' for IoT security?

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above