Los Alamos National Laboratory: Long-Term Strategies Needed to Improve Security and Management Oversight

Los Alamos National Laboratory (LANL) developed and issued a comprehensive strategic plan for laboratory security in September 2008. GAO's report discussed several previously identified security problems that, at the time of our report, had not been addressed by LANL or had resurfaced as challenges. All of these previously identified security problems are addressed in LANL's strategic plan for laboratory security. The plan also includes targets, measures, and schedules for addressing these security challenges. The plan itself flows from National Nuclear Security Administration (NNSA) strategic planning guidance to reduce both cyber and physical security vulnerabilities and focuses on security program effectiveness by integrating security evaluation efforts such as self-assessment, security improvement task forces, and security compliance reviews with subject matter experts across multiple security functions. The strategic plan is effective for FY 2009 through FY 2014, and LANL reviews and revises the plan annually to ensure it is responsive to the laboratory's changing security environment. In addition, the Los Alamos Site Office and LANL provide NNSA's Office of Defense Nuclear Security with a quarterly Safeguards and Security Management Systems Assurance Report that tracks security performance and provides status updates on initiatives.

Los Alamos National Laboratory (LANL) developed and issued a comprehensive strategic plan for laboratory security in September 2008. GAO's report discussed several previously identified security problems that, at the time of our report, had not been addressed by LANL or had resurfaced as challenges. All of these previously identified security problems are addressed in LANL's strategic plan for laboratory security. The plan also includes targets, measures, and schedules for addressing these security challenges. The plan itself flows from National Nuclear Security Administration (NNSA) strategic planning guidance to reduce both cyber and physical security vulnerabilities and focuses on security program effectiveness by integrating security evaluation efforts such as self-assessment, security improvement task forces, and security compliance reviews with subject matter experts across multiple security functions. The strategic plan is effective for FY 2009 through FY 2014, and LANL reviews and revises the plan annually to ensure it is responsive to the laboratory's changing security environment. In addition, the Los Alamos Site Office and LANL provide NNSA's Office of Defense Nuclear Security with a quarterly Safeguards and Security Management Systems Assurance Report that tracks security performance and provides status updates on initiatives.

We evaluated NNSA's performance evaluation plans for LANL for fiscal years 2010 and 2011 and found that these plans included meaningful financial incentives for future security performance at the laboratory. In addition, performance evaluation plans incentivized security challenges included in LANL's strategic plan for security that GAO identified as needing to be addressed, such as improved self assessment, executing an effective security program, and improving the control and accountability system for special nuclear material.

In June 2009, NNSA issued its FY 2010 Defense Nuclear Security Program Execution Guidance (PEG) to sites, including LANL, for their use in developing annual operating plans. The PEG links NNSA security requirements and resources to performance expectations for sites. The PEG provides a specific performance objective for reducing the security footprint of sites in order to manage risk to address the spectrum of security threats, such as reduction in classified matter. These performance objectives have been carried forward and updated in PEGs through FY 2012.