Nuclear Security: DOE Needs to Improve Control Over Classified Information
Highlights
The Department of Energy (DOE) maintains millions of classified documents containing highly sensitive nuclear weapons design and production information. Allegations that the Peoples Republic of China obtained nuclear warhead designs from an employee of DOE's Los Alamos National Laboratory, as well as the disappearance of two computer hard drives containing highly sensitive weapons information from that same laboratory, have raised concerns about how effectively DOE protects classified information, particularly the most sensitive classified information that is contained in vaults and computer systems. DOE's security program consists of many strategies for protecting and controlling classified information, such as controlling access to classified information through physical and administrative barriers and determining whether a person's work requires a "need to know" the information. DOE has recently increased protection for top-secret documents by revising its Classified Matter Protection and Control Manual, which provides detailed requirements for the protection and control of classified matter. This report reviews the (1) extent to which DOE's Sandia and Los Alamos National Laboratories have implemented DOE's established access controls and need-to-know requirements for classified vaults and computer systems containing the most sensitive classified information as well as the adequacy of these requirements and (2) steps DOE is taking to upgrade the protection of its classified information. GAO found that the Los Alamos and Sandia National Laboratories have implemented DOE's access controls and need-to-know requirements for both vaults and classified computer systems containing the most sensitive classified information. However, DOE's requirements for documenting need to know lack specificity, allowing laboratory managers wide variations in interpretation and implementation and. DOE has recently taken, and continues to take, steps to upgrade protection and control over its classified information, but additional steps are needed.
Recommendations
Recommendations for Executive Action
Agency Affected | Recommendation | Status |
---|---|---|
Department of Energy | To improve classified document security and accountability, the Secretary of Energy should issue more specific requirements for documenting need-to-know determinations. | Our review of DOE's control over classified information resulted from allegations that the Peoples Republic of China obtained nuclear warhead designs from an employee of Los Alamos National Laboratory. We found that DOE's order and manual for controlling classified matter lacked specific need-to-know requirements for access to classified removable electronic media (CREM--including computer hard drives and disks) and classified documents at Los Alamos and Sandia National Laboratories. In 2004, Los Alamos severely restricted access to classified information by (1) establishing 19 centralized CREM vaults; (2) reducing the number of staff with direct access to CREM by 99 percent to only 50... people; and (3) tightening controls by requiring the line supervisor to approve access by certifying that the employee has the appropriate clearance, training, and need to know. Los Alamos has also reduced its total CREM inventory from 80,000 pieces to 20,000 pieces. The Los Alamos actions fulfill the intent of our recommendation.
View More |
Department of Energy | To improve classified document security and accountability, the Secretary of Energy should provide guidance on 2when the use of "blanket" need-to-know approvals for large numbers of employees is appropriate and how it should be documented. | In its August 2001 report entitled "Nuclear Security: DOE Needs to Improve Control Over Classified Information," GAO made a number of recommendations to improve classified document security and accountability. Among other things, GAO recommended that the Secretary of Energy provide guidance on when the use of "blanket" need-to-know approvals for large numbers of employees is appropriate and how it should be documented. In November 2001, the Department issued a letter to the Chairman, Committee on Appropriations, United States Senate regarding GAO's recommendation, which stated that if their review of this issue found that clarification on the roles and responsibilities for the use of...
|
Department of Energy | To improve classified document security and accountability, the Secretary of Energy should conduct cost-benefit analyses for reinstituting the requirements for top secret control officers, top secret access lists and approval for reproduction of top secret documents. | DOE is not responsive. DOE did not agree with the recommendation to conduct a formal cost-benefit analysis for the reinstitution of the requirement regarding specific top secret control, top secret access lists and pre-approval for the reproduction of top secret information. DOE stated that current policy reasonably and responsibly defined the objectives and requirements for protecting classified information, including top secret, as defined in all applicable laws, regulations, and Executive Orders. DOE believes that these objectives and requirements have been promulgated in departmental policy, and the program offices and individual sites understand their responsibilities in executing...
|
Department of Energy | To improve classified document security and accountability, the Secretary of Energy should ensure the issuance of the revised Control of Weapon Data order establishing Sigma 16 by fall 2001. |
DOE agreed with the recommendation and, in early 2002, issued its Control of Weapon Data policy that established Sigma 16.
|