IWS - The Information Warfare Site
News Watch Make a  donation to IWS - The Information Warfare Site Use it for navigation in case java scripts are disabled

Witness Testimony
The Honorable Kyle E. McSlarrow
Deputy Secretary
US Department of Energy
1000 Independence Avenue, SW
Washington, DC, 20585

DOE Nuclear Security: What Are the Challenges, and What's Next?"
Subcommittee on Oversight and Investigations
May 11, 2004
2:00 PM


--------------------------------------------------------------------------------


Mr. Chairman and Members of the Subcommittee, thank you for inviting me to testify today about the Department of Energy’s ongoing and planned security activities. This Administration is committed to ensuring that national assets in our custody are safeguarded with robust protection systems. In light of the current world situation and terrorist threat, the task of maintaining effective protection at Department sites demands our continuous, collective, and concentrated effort. For the past three years, and particularly since the terrorist attacks of September 11, 2001, we have focused aggressively on security and counter-terrorism related activities.

The Department of Energy has facilities worth billions of dollars. We have many thousands of employees. Moreover, we are the custodians of national security assets that, simply put, must not be allowed to fall into the wrong hands. We have protected the complex in the past; and we are protecting it now. However, we are convinced that we must make certain changes. We must improve. We must adapt to a world that changed three Septembers ago in order to protect this complex successfully in the future.

Last Friday, Secretary Abraham delivered a major speech outlining his vision for the Department’s future protection program, and initiatives for implementing his vision. The Subcommittee asked that we discuss the issues outlined by the Secretary in that speech. Although the Secretary’s speech focused on the future, the initiatives he announced are just the latest in a series of changes that have been the product of almost continuous review for three years.

Immediately on September 11th, we imposed an elevated Security Condition, or SECON, and increased physical security at all Department of Energy (DOE) facilities, with particular attention to our most sensitive targets. Actions varied from site to site based on unique local characteristics, and because of exigent circumstances, many immediate actions that we undertook were manpower-intensive solutions involving more protective force activities. Today, we remain at a heightened state of alert. Understandably, this has resulted in unprecedented overtime for many of our protective forces, and has had an impact on training and professional development opportunities.

We realize that our protective forces cannot withstand the stress of continuous overtime indefinitely. To relieve this strain on our forces and achieve more cost effective security over the long term, we have accelerated our technology application activities to allow us to employ technology to replace some routine protective force commitments Also, we shared our expertise with other Federal agencies involved in homeland security, and we streamlined the process for them to obtain access to unique DOE counter-terrorism capabilities.

Unclassified Page 2

We have revised our personnel security program so that we are better able to balance our need to hire new professionals with appropriate clearances in this high-threat environment. We are now beginning to experience relief from the long clearance delays after 9/11, and we have gained insight for streamlining these processes even further.

In 2003, we instituted a new Design Basis Threat (DBT), which has and will influence our security posture dramatically. Based in part on The Postulated Threat to U. S. Nuclear Weapons Facilities and Other Selected Strategic Facilities, a report published by the Defense Intelligence Agency in January 2003, the Department’s revised DBT identifies and characterizes potential threats to our facilities and provides design bases and performance standards for our protection systems. The revised DBT is our best assessment of current terrorist capabilities, expanding the number and capability of adversaries and determining our means to overcome them.

The new DBT requires significant upgrades to protection systems at all DOE sites, and is reflected in a substantial increase in our FY 2005 budget request to Congress. The President’s $1.3 billion FY 2005 security budget is just one measure of the importance given to security.

While we are working to implement the requirements of the revised DBT throughout the complex, there are long lead-times and cost considerations. Some sites must undertake major construction projects, and consolidation of target materials will push DBT compliance to Fiscal Year 2006. In the meantime, compensatory measures are in place to protect our assets.

But we are moving quickly to implement DBT requirements where we can now. Therefore, the Secretary recently proposed a $55 million FY 2004 reprogramming. This request is pending with Congressional Committees, and we look forward to its approval so we may move forward on critical activities.

The Department is making structural changes to enhance its security and counter-terrorism capabilities. Last summer, and again in testimony before Congress, the Secretary suggested that our national security would best be served by consolidating the two counterintelligence programs within the Department into one office reporting directly to the Office of the Secretary.

Based on extensive review, we found that the current bifurcated counterintelligence functions between the Department of Energy and the National Nuclear Security Administration (NNSA) could be an impediment to coherent and effective counterintelligence activities. We believe this must be corrected; therefore, we have proposed legislation to the Congress to effect the needed consolidation. The proposal is before the Armed Services Committees of the House and Senate and has been referred to the full House Energy and Commerce Committee. Mr. Chairman, we seek your support for this important security initiative.

Unclassified Page 3

We believe that having a single counterintelligence office reporting directly to the Secretary of Energy will create a more streamlined and effective program, clarify accountability, and provide a clear line of authority for policy development and implementation. The NNSA Administrator, the National Counterintelligence Executive, the Director of Central Intelligence, and the Director of the Federal Bureau of Investigation join Secretary Abraham and me in this view.

Also in 2003, the Secretary established the Office of Security and Safety Performance Assurance (SSA) to improve security management and foster more collegial relationships between the Headquarters and field offices that form the Department’s safeguards and security network. We know that, while line managers are accountable for implementing security programs, constructive Headquarters and field interactions can accelerate improvement in our protection programs and yield more effective results. The SSA is now serving as the Department’s primary catalyst for increasing the timeliness and effectiveness of protection program upgrades, and ensuring that appropriate technologies can be deployed where and when needed.

A Vision of Security for the 21st Century

By and large, security throughout DOE is excellent. But it has to be better. We are familiar with the reports of poor performance during force-on-force tests, of sleeping on duty, and of lost keys. For the most part, we know that lapses in security are rare. But, any lapses are unacceptable — and the failure of any and all levels of management to address lapses cannot be tolerated.

Our philosophy on security is quite simple: When it comes to the security of the Department with responsibility for maintaining the nuclear weapons stockpile, providing nuclear propulsion for the Navy, and coordinating global nonproliferation efforts, there is no room for error. To ensure that this philosophy guides day-to-day security management in the Department, the Secretary has proposed several initiatives.

Information Security

The first initiative involves information security. In an age of computers, the Internet, and other supercomputing advances, we have to give a 21st century focus to information security. Our nation has become increasingly aware of cyber threats in many critical arenas. The DOE must take actions to protect the confidentiality, integrity, and availability of all our information systems to assure that we can continue to perform our mission even while under cyber attack. To accomplish this, we have several new initiatives.

Unclassified Page 4

First, we have directed the Office of Security and Safety Performance Assurance – or SSA – through its Office of Cyber Security and Special Reviews, to expand performance testing of DOE information systems, including the use of “red teaming,” no-notice vulnerability scanning and penetration testing of unclassified information systems, and expanded testing of classified systems. Only through universal and rigorous performance testing can we identify our actual and potential vulnerabilities to existing and emerging cyber threats, and only by knowing of these vulnerabilities can we eliminate them.

Second, we will implement a Cyber Security Enhancement Initiative to:

• ensure instantaneous dissemination of cyber threat information throughout the Department;

• select and deploy expanded intrusion detection systems to rapidly identify potential hostile cyber attacks;

• develop and implement policies and procedures to minimize the exposure of DOE information systems to Internet threats;

• improve cyber security and cyber security awareness through enhanced workforce training; and

• refine policies and implement processes to enhance operational security of publicly available online information, by assuring that inappropriate collections of information are not available on our web sites and servers.

Most of these actions should be completed within the next year. There are also a number of longer term actions included in this initiative, involving the development and deployment of advanced methods and tools associated with such tasks as intrusion detection, malicious mobile code detection, and improved configuration management and vulnerability scanning of desktops, servers, and networks.

Third, we should work toward a more secure approach for classified desktop computing. We have had problems in the past with classified hard drives and classified disks. To permanently eliminate the threat of such problems, we propose an initiative to move to diskless workstations for classified computing over the next five years. Drawing on the unparalleled expertise of our national laboratories, we have directed the Department’s CIO, in partnership with the NNSA, to evaluate and advance the state of the art in high-speed diskless computing technologies, so that in five years desktop weapons design functions can be performed in a diskless environment.

At that point, no insider would be able to transport classified data in electronic form outside of the site on physical media. All physical media will be controlled under a two-man rule in central locations. The accidental movement of data would be dramatically reduced, and inventory and accountability of classified information will become simpler. In the meantime, we will continue to improve the aggressive accountability programs we have already put in place.

Unclassified Page 5

Security Technology

Other technologies can also be employed to enhance our protection systems and reduce some of the burden currently borne by our protective forces. Technology can serve as a force multiplier to save protective force members from unnecessary risk in case of attack, and provide additional response time to meet and defeat an attack. We must use technology intelligently, and to our advantage.

We have experienced a number of problems with lost keys and key cards. This is not only unacceptable; it is also unnecessary. We intend to do away with the use of mechanical keys as an element of our protection system. Keyless access control technology exists, and is currently in use at a small number of locations throughout the Department. These include swipe card/PIN combinations, mechanical and electronic cipher locks, and various types of biometric devices. We have not moved to these technologies on a large scale yet.

The Secretary has announced an initiative to identify suitable technology alternatives that will enable the Department to transition, in phases over the next five years, to a keyless security environment, where access is not afforded by any physical item or object that can be lost or stolen. This effort is beginning with a pilot program in the National Nuclear Security Administration, and will later be expanded to appropriate facilities throughout the Department.

The initiative will identify appropriate technological approaches to access control, identify technology areas that require further development, and provide seed funding for NNSA sites to begin our early transition to a keyless environment. The fruits of this initiative will not only result in enhanced security but, over time, will bring greater cost effectiveness to our access control programs. The NNSA Office of Nuclear Safeguards and Security Programs will work jointly with the DOE Office of Security to deploy this technology initiative.

Today, the scientific community is developing new security technologies much faster than we can apply them. To allow us to get ahead of the technology curve, we have directed NNSA and SSA to establish a Blue Sky Commission charged with identifying emerging security technologies that we should invest in, or possibly modify for our use. This will be a long term-effort to complement our near-term proposals, and will focus on technologies that could alter security over the coming decades.

Consolidation of Materials

Now I would like to turn to this Department’s responsibility for safeguarding the nation’s most dangerous nuclear materials at 11 DOE sites around the country – sites that require the highest levels of security.

Unclassified Page 6

Let me begin by strongly emphasizing that these materials are often closely tied to ongoing missions that are critical to our national security. But we do have to be mindful of the risks. Thus, we have a responsibility to balance the important work we do at our facilities, which is often critical to the war on terror, with protecting those very same facilities against the threat of terrorist acts. Ultimately, we need to reduce the number of sites with Special Nuclear Material to the absolute minimum, consistent with carrying out our missions, and to consolidate the material in each of those sites to better safeguard that material.

We are already moving forward to consolidate nuclear materials. We have accelerated a number of projects to close sites more quickly than previously thought possible. Examples include the Rocky Flats Environmental Technology Site, Fernald, K-25, and others. We have a number of other facilities that will be de-inventoried soon in preparation for decontamination and decommissioning. These include F canyon at Savannah River Site, Building 3019 at Oak Ridge National Laboratory, and the 100K basins, Fast Flux Test Facility, and the Plutonium Finishing Plant at Hanford.

Critical to the consolidation effort is the availability of final storage locations. We have been discussing the shipment and storage of Special Nuclear Material with a number of state governors, Congressional delegations, and concerned citizens. Based on these efforts, we believe that we can achieve agreements that will allow our consolidation efforts to continue and even further accelerate in the future.

We have also included in our 2005 budget request funding to increase the transportation assets of the Office of Secure Transportation. This will enable us to maintain current shipment schedules and accommodate additional future shipments. In the meantime, we are considering other opportunities for consolidation.

For example, after operations of three years or perhaps less, the Sandia Pulse Reactor will no longer be needed, because computer simulations will be able to assume its mission. This represents an intelligent substitution of advanced technology for brute force. When its mission is complete, this reactor’s fuel will be removed from Sandia National Laboratory in New Mexico, allowing us to reduce security costs at Sandia and further consolidate our nuclear materials.

Another important activity that we have embarked upon is the construction of the Highly Enriched Uranium Materials Facility at the Y-12 National Security Complex in Tennessee. This building is being designed from the beginning to emphasize not only operational needs, but also to provide unparalleled security to the Special Nuclear Materials stored there. This will be one of the best examples of applying security-oriented construction techniques and technology to the problem of securing materials.

Unclassified Page 7

In addition to providing enhanced protection for the materials within the HEU Materials Facility, completion of this building will allow us to perform an extensive on-site consolidation of the HEU stored at Y-12. In the next several months, the Department will issue a new RFP for construction of this facility on an expedited basis. This consolidation will allow us to remove all the Category I and II Special Nuclear Material from two buildings within the Protected Area, allowing us to shrink the Protected Area to about half its present size. Shrinking the Protected Area will save substantial costs when a newly configured Perimeter Intrusion Detection and Assessment System is installed, and it should allow us to more intelligently deploy our manpower.

Also, as we announced on March 31st of this year, all Category I and II Special Nuclear Material will be removed from Technical Area-18 at Los Alamos National Laboratory. This effort is proceeding, and the first material movements are expected to begin later this year. Once the material has been moved, we will permanently end any use of TA-18 involving Category I or II Special Nuclear Material.

Finally, there have been a number of questions raised about other materials across the complex. We have asked our management team to look at three issues. First, we need to address how to resolve situations where materials are being stored at sites only because they do not meet the acceptance criteria for our longer-term storage sites.

Second, while the requirements of Stockpile Stewardship mean that we must retain nuclear materials at Lawrence Livermore National Laboratory today, over the long term we should look for a better solution. We have previously told the Congress that we will conduct a review of the requirements for the weapons complex over the next 20 years. This study, which we expect to be completed early next year, will examine the implications of the President’s decisions on the size of our stockpile, of the new Design Basis Threat, and of the opportunities for consolidation that we are announcing today. As part of that review, we will consider whether certain essential work performed at Livermore could be relocated to allow us to remove the Category I and II material stored there.

Third, we need to explore whether we can down-blend substantial quantities of our HEU holdings. Potentially, this could yield a number of security benefits, but the programmatic impact of a major campaign of down-blending needs to be assessed. We have also directed NNSA to conduct a study to assess the down-blending of large quantities, perhaps as much as 100 tons, of the HEU stored at Y-12 and to assess the programmatic impacts of such a large campaign.

We have asked that each of these inquiries be completed by the end of the year.

Unclassified Page 8

Protective Forces

Finally, in addition to enhancing technology and consolidating materials, we want to address what we must do to build a modern, efficient, effective guard force able to meet 21st century threats. The threat change most visible to us is reflected in the revised DOE Design Basis Threat that we issued last year. This policy requires us to prepare to fight and defeat an adversary force much larger than we had previously thought. This has a significant impact on protective force members, as well as on all other elements of our protection systems.

We intend continually to review and refine the threat and our responses to it. We have therefore directed the NNSA Administrator and the Directors of the Office of Security and Safety Performance Assurance and the Office of Intelligence to re-examine the Design Basis Threat and the intelligence data supporting it in light of recent events and report back in 90 days. Moreover, we are requiring that this reassessment take place on an annual basis.

We must also address issues specifically affecting our protective forces. We have established a stringent set of common qualification standards for DOE Security Police Officers, and a comprehensive training regimen to ensure that necessary individual and team skills are maintained. Our security personnel represent the very best, not just in the DOE complex, but in the world. But, across the complex, the skill levels and qualifications of protective force members can vary widely.

To staff up our protective forces to meet the current threat, we are depending on too much overtime. To keep the burden as low as possible, local managers have made decisions about what training is absolutely necessary to squeeze into everyone’s schedule, and what posts absolutely must be manned.

After two and a half years of this, there is insufficient uniformity in training. Meanwhile, staffing levels across the complex are no longer based on common criteria. This obviously presents challenges, especially when the protective force at a site needs to be temporarily augmented by protective force members from other sites. At present, we have to depart far from our routine methods of operation to address such needs. But, we are taking a number of steps to address these issues.

First, the Office of Security and Safety Performance Assurance has begun implementing a set of changes at the National Training Center that will more closely focus their programs on basic DOE safeguards and security training. We believe this will soon result in training that is better tailored to the post-9/11 environment we are now facing.

Unclassified Page 9

Second, since 9/11, we have directed all sites to conduct more frequent force-on-force exercises to provide additional training opportunities.

Third, we have obtained authority from the Congress to use the Office of Personnel Management to perform some of our background investigations. This should greatly reduce the time required to complete the process of granting security clearances.

Of course, it is not just the protective forces that need to maintain the highest standards. It is their Federal overseers as well. Recently, Ambassador Brooks asked a commission headed by Admiral Henry Chiles to examine the specific needs of the National Nuclear Security Administration regarding the recruitment, development, and maintenance of security expertise. Based on the recommendations made in Admiral Chiles’s report, we have instructed NNSA to take several immediate steps to implement corrective actions. Most notably, we are establishing a safeguards and security Intern Program to focus on the recruitment of highly qualified technical personnel in the areas of cyber security, nuclear material control, and physical security.

We have also asked NNSA to put together a long-term human capital management program based on the report’s findings. Finally, though the Chiles Report focuses on NNSA, we believe its recommendations can apply to the entire safeguards and security community at the Department of Energy. So we have instructed the top management of the Department to look for ways to extend Admiral Chiles’s recommendations to the entire Department.

Important as they are, these actions are just the beginning. If we are to continue to ensure the protection of our most important national assets, it is vital that we continue to challenge conventional thinking and strive for innovative new ways to enhance our security posture.

In the aftermath of 9-11, we have admired the elite military units defending our country -- units like the Delta Force, the Rangers, or the SEALS. Today, we have units among the DOE protective forces that meet this same high level of excellence. But we foresee a future in which we have transformed all of the protective forces that have direct responsibility for the protection of our most sensitive assets, such as Category I and II Special Nuclear Materials, into a force with that kind of elite mission focus. The hallmark of this force will be advanced tactical skills, intensive training, and the highest professional and physical fitness standards.

Unclassified Page 10

Achieving this vision may be a challenge, but we must have a common standard of excellence throughout our protective forces. There are a number of alternatives we are considering to accomplish this vision. And since the stakes are so high, the Secretary has insisted that everything is on the table.

It may mean implementing common contract language for protective force contracts complex-wide, and requiring all field elements to award independent protective force contracts separate from site management and operating contracts. It may mean awarding a common, complex-wide protective force contract for, at a minimum, those protective force elements that protect Category I and II SNM. And it may mean establishing a special, elite federal force for protection of Category I and II SNM.

After getting input from various quarters and various experts, we will make our decisions and recommendations. We expect that within two years we will have a program that will enable us to improve and build our protective forces into a more-uniform group, capable of fully meeting the immense challenges of an ever changing security environment.

Improvement in Management Culture

Finally, all of the improvements that we seek – in our protective forces, in our cyber security efforts and our application of new technologies, and in how we store nuclear materials – must be accompanied by tangible management improvements that ensure that early warning systems are in place to detect process failures, with accountability and consequences for such failures. That calls for a change in our management culture.

First, we must be willing to take constructive criticism, analyze it, and respond when appropriate. Too often, we have seen a reflexive dismissal of ideas or suggestions not invented at DOE, whether they be from a Member of Congress, a government oversight organization like the GAO, or an outside stakeholder organization like POGO. That is not how a first-class organization behaves.

Second, as the Secretary told a gathering of DOE management two years ago:

“I am concerned that too many employees believe that their only recourse to address system failures is to go to the media or the Inspector General.

And that is a result that should concern us all. It tells me that, fairly or unfairly, many of our employees believe that when they raise issues they will either be ignored, or, worse, harmed in terms of their career.

“That is a failure of leadership. And starting with me, I expect every manager down the line to make clear that we expect these concerns to be taken seriously and addressed quickly and effectively.”

Unclassified Page 11

This is a serious – and absolutely necessary – change. Neither the Secretary’s nor my views has changed since he made those remarks. In our judgment, the system has not changed enough to that effect, but we are working on it. We need a system where management is more responsive and where people don’t need to find a third party to get a fair hearing for their concerns. The reason is plain: People should never have to be worried about the perils of doing their jobs honestly, safely, and correctly. People should not be afraid to bring problems to the attention of management, or worried about facing retribution rather than receptiveness. That is not a healthy working culture – and it sows the seeds of failure and inefficiency in other areas.

Our expectation is that if we are able to implement a system – a culture – where people can legitimately air concerns, then everyone will benefit. Our workforce will be more effective. The public’s confidence in this Department will improve. And America’s security will be greatly enhanced. That is a goal we are all aiming for. It goes hand in glove with the other improvements we seek in constructing an effective 21st century security apparatus.

These are the broad directions in which our security apparatus must move in order to meet the challenges the future holds. We are committed to putting them into effect. We are committed to making bold changes where necessary because, ultimately, the Department of Energy complex, our assets, our employees, and our fellow countrymen deserve and require the highest levels of security.

All of the initiatives highlighted today are designed to build and support the most robust and motivated protective force in the world. We will therefore do what it takes to recruit, train and appropriately compensate the outstanding men and women who have chosen to assume the responsibility of securing this nation’s strategic deterrence capability. In order to recruit and retain expert safeguards and security personnel, we must consider as many options and reforms as possible despite the potential for initial resistance. We welcome any suggestions you, Mr. Chairman, or Members of the Subcommittee may have to share with us.

Conclusion

Mr. Chairman and Members of the Subcommittee, we are fully cognizant of the tremendous responsibility we have for protecting the special materials and information entrusted to us at the Department of Energy. We have worked for more than three years to implement effective new protection programs throughout DOE. We have introduced several worthwhile initiatives to eliminate specific identified risks, and Secretary Abraham and I continue to be fully committed to the Department’s safeguards and security programs. With your help, we are committed to pursuing the initiatives outlined today, in the interest of our national security.

Thank you.