DOE Faces Security Challenges in the Post September 11, 2001, Environment
GAO-03-896TNI: Published: Jun 24, 2003. Publicly Released: Jun 24, 2003.
The attacks of September 11, 2001, intensified long-standing concerns about the adequacy of safeguards and security at DOE and NNSA that facilities store plutonium and uranium in a variety of forms. These contractor-operated facilities can become targets for such actions as sabotage or theft. The Department of Energy (DOE) and the National Nuclear Security Administration (NNSA)--a separately organized agency within DOE--are responsible for these facilities. GAO reviewed how effectively NNSA manages its safeguards and security program, including how it oversees contractor security operations. GAO also reviewed DOE and NNSA's response to the terrorist attacks of September 11, 2001. In this regard, GAO examined (1) DOE and NNSA's immediate response to September 11, (2) DOE's efforts to develop a new design basis threat, a classified document that identifies the potential size and capabilities of the terrorist forces that DOE and NNSA sites must be prepared to defend against, and (3) the challenges DOE and NNSA face in meeting the requirements of the new design basis threat.
NNSA has not been fully effective in managing its safeguards and security program. For example, NNSA has not fully defined clear roles and responsibilities for its headquarters and site operations. Without a functional management structure and with ongoing confusion about roles and responsibilities, inconsistencies have emerged among NNSA sites on how they assess contractors' security activities. Consequently, NNSA cannot be assured that all facilities are subject to the comprehensive annual assessments that DOE policy requires. To compound the problems in conducting security assessments, NNSA contractors do not consistently conduct required analyses in preparing corrective action plans. As a result, potential opportunities to improve physical security at the sites are not maximized because corrective actions are developed without fully considering the problems' root causes, risks posed, or cost versus the benefit of taking corrective action. Finally, NNSA has shortfalls at its site offices in the total number of staff and in expertise, which could make it more difficult for site offices to effectively oversee security activities. GAO made recommendations to improve the management of NNSA's safeguards and security program. NNSA has begun to respond to these recommendations. With respect to DOE and NNSA's response to September 11, the agencies took immediate steps to improve security in the aftermath of the terrorist attacks. For example, DOE and NNSA moved to a higher level of security, which required, among other things, more vehicle inspections and security patrols. While these steps are believed to have improved DOE and NNSA's security posture, they have been expensive and, until fully evaluated, their effectiveness is uncertain. The number and capabilities of the terrorists involved in the September 11 attacks rendered obsolete DOE's design basis threat, last issued in 1999. However, DOE's effort to develop and issue a new design basis threat took almost 2 years; it was issued in May 2003. This effort was slowed by, among other things, disagreements over the size of the potential terrorist group that might attack a DOE or NNSA facility. Successfully addressing the increased threats will take time and resources, as well as new ways of doing business, sound management, and leadership. Currently, DOE does not have a reliable estimate of the cost to fully protect DOE and NNSA facilities. The fiscal year 2006 budget will probably be the first to show the full budgetary impact of the new design basis threat. Once funds become available, most sites estimate that it will take from 2 to 5 years to fully implement, test, validate, and refine strategies for meeting the requirements of the new design basis threat.