Nuclear Security:

DOE Needs to Resolve Significant Issues Before It Fully Meets the New Design Basis Threat

GAO-04-623: Published: Apr 27, 2004. Publicly Released: Apr 27, 2004.

Additional Materials:

Contact:

Robin M. Nazzaro
(202) 512-6246
contact@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

A successful terrorist attack on Department of Energy (DOE) sites containing nuclear weapons or the material used in nuclear weapons could have devastating consequences for the site and its surrounding communities. Because of these risks, DOE needs an effective safeguards and security program. A key component of an effective program is the design basis threat (DBT), a classified document that identifies the potential size and capabilities of terrorist forces. The terrorist attacks of September 11, 2001, rendered the then-current DBT obsolete. GAO examined DOE's response to the September 11, 2001, terrorist attacks, identified why DOE took almost 2 years to develop a new DBT, analyzed the higher threat in the new DBT, and identified the remaining issues that need to be resolved in order for DOE to meet the threat contained in the new DBT.

DOE took a series of actions in response to the terrorist attacks of September 11, 2001. While each of these has been important, DOE must press forward with additional actions to ensure that it is fully prepared to provide a timely and cost effective defense. DOE took immediate steps to improve physical security in the aftermath of the September 11, 2001, terrorist attacks. DOE's most visible effort involved moving to higher levels of security readiness, known as security condition (SECON) levels. While this effort has increased the visible deterrence at DOE sites, it has been expensive and has resulted in fatigue, retention problems, and less training for most sites' protective forces. In addition, the effectiveness of these increased SECON levels generally have not been assessed using the vulnerability assessment tools, such as computer modeling and full-scale force-on-force exercises, that DOE routinely uses to develop protective force strategies for its sites. Development of the new DBT took almost 2 years because of (1) delays in developing an intelligence community assessment--known as the Postulated Threat--of the terrorist threat to nuclear weapon facilities and (2) DOE's lengthy comment and review process for developing policy. In addition, during the DBT development process, there were sharp debates within DOE and other government organizations over the size and capabilities of future terrorist threats and the availability of resources to meet these threats that contributed to the delay. While the May 2003 DBT identifies a larger terrorist threat than did the previous DBT, the threat identified in the new DBT in most cases is less than the threat identified in the intelligence community's Postulated Threat, on which the DBT has been traditionally based. The new DBT identifies new possible terrorist acts such as radiological, chemical, or biological sabotage. However, the criteria that DOE has selected for determining when facilities may need to be protected against these forms of sabotage may not be sufficient. DOE has been slow to resolve a number of significant issues, such as issuing additional DBT implementation guidance, developing DBT implementation plans, and developing budgets to support these plans, that may affect the ability of its sites to fully meet the threat contained in the new DBT in a timely fashion. Consequently, DOE's deadline to meet the requirements of the new DBT by the end of fiscal year 2006 is probably not realistic for some sites.

Recommendations for Executive Action

  1. Status: Closed - Implemented

    Comments: In its February 2004 comments on GAO's report, DOE stated that it would consider each of GAO's recommendations as part of the Departmental Management Challenges for 2004. DOE has substantially implemented this recommendation through a series of actions, including: (1) requiring each of its sites to develop DBT implementation plans that include funding requirements; (2) requiring sites and program offices to deliver quarterly progress reports on progress against these plans to the Deputy Secretary of Energy; (3) managing DBT implementation plans on project basis; (4) issuing new guidance on protective force policies in 2006 (DOE Policy Manual, 470.3-4, Protective Force) that creates a framework for a new tactical response force that can be tailored to individual DOE sites; (5) creating, funding, and sustaining a security technology deployment program that is recognized by DOE program offices and NNSA as valuable; (6) In 2005, DOE chartered the Nuclear Materials Disposition and Consolidation Coordination Committee to study and plan for the consolidation of DOE's inventory of special nuclear material at fewer sites and the permanent disposition of material it no longer needs. The committee developed a draft strategic plan that will serve as a high level out-year planning document for DOE's program offices to follow in their budgeting ad project planning. The committee is also developing implementation plans will analyze viable alternatives and cost estimates associated with consolidating and disposing of special nuclear material. The implementation plans were completed by December 31, 2008. Committee minutes identify the Office of Secure Transportation as the entity responsible for transporting special nuclear materials during DOE's consolidation and disposal efforts. Although these efforts have never been fully brought together into a single, integrated plan, they have brought much greater transparency to DBT implementation efforts, so that any mismatches between budgets, plans, and policies are often readily apparent. Taken together, they fulfill the intent of our recommendation.

    Recommendation: In order to strengthen DOE's ability to meet the requirements of the new DBT, as well as to strengthen the department's ability to deal with future terrorist threats, the Secretary of Energy should develop and implement a department-wide, multiyear, fully resourced implementation plan for meeting the new DBT requirements that includes important programmatic activities such as the closure of facilities and the transportation of special nuclear materials.

    Agency Affected: Department of Energy

  2. Status: Closed - Implemented

    Comments: In its February 2004 comments on GAO's report, DOE stated that it would consider each of GAO's recommendations as part of the Departmental Management Challenges for 2004. DOE has now implemented its vulnerability assessment (VA) methodology. DOE has incorporated this methodology in its 470 series of Order and Manuals and has also developed a variety of technical documents and guides. In addition, DOE's National Training Center, located in Albuquerque, New Mexico, has developed and currently teaches six VA training classes for VA analysts as well as two VA orientation classes for security managers. DOE completed its review of improvised nuclear device (IND) concerns in early 2004, and as a result, in April 2004 issued far-reaching and immediate orders to enhance the security at its sites with Category I SNM. This guidance was later codified its DOE's 2004 and 2005 Design Basis Threat (DBT) policies. DOE's National labs have continued to study and refine their knowledge of the IND issue and additional clarifying guidance is expected to be issued in DOE's new 2008 DBT.

    Recommendation: In order to strengthen DOE's ability to meet the requirements of the new DBT, as well as to strengthen the department's ability to deal with future terrorist threats, the Secretary of Energy should ensure that all remaining DBT and DBT related-issues, such as the designation of improvised nuclear device concerns and the new vulnerability assessment methodology, are completed on an expedited schedule.

    Agency Affected: Department of Energy

  3. Status: Closed - Implemented

    Comments: In its February 2004 comments on GAO's report, DOE stated that it would consider each of GAO's recommendations as part of the Departmental Management Challenges for 2004. More recently, the Secretary of Energy directed the NNSA Administrator and the Directors of the Office of Security and Safety Performance Assurance and the Office of Intelligence to reexamine the Design Basis Threat. In his April 27, 2004, testimony before the Subcommittee on National Security, Emerging Threats, and International Relations of the House Committee on Government Reform, the Director of the Office of Security and Safety Performance Assurance stated that this action was being taken as the result of GAO's report. In a June 22, 2004, testimony before the same subcommittee, the Director stated that the review was evaluating radiological, chemical and biological sabotage criteria. The work is expected to be completed by August 6, 2004.

    Recommendation: In order to strengthen DOE's ability to meet the requirements of the new DBT, as well as to strengthen the department's ability to deal with future terrorist threats, the Secretary of Energy should reexamine the criteria established in the May 2003 DBT to determine levels of risk from radiological, biological, and chemical sabotage to ensure that they are appropriate from a security standpoint.

    Agency Affected: Department of Energy

  4. Status: Closed - Implemented

    Comments: In its February 2004 comments on GAO's report, DOE stated that it would consider each of GAO's recommendations as part of the Departmental Management Challenges for 2004. More recently, the Secretary of Energy directed the NNSA Administrator and the Directors of the Office of Security and Safety Performance Assurance and the Office of Intelligence to reexamine the Design Basis Threat. In his April 27, 2004, testimony before the Subcommittee on National Security, Emerging Threats, and International Relations of the House Committee on Government Reform, the Director of the Office of Security and Safety Performance Assurance stated that this action was being taken as the result of GAO's report. In a June 22, 2004, testimony before the same subcommittee, the Director stated that the review was evaluating protection strategies for special nuclear material that may be of improvised nuclear device concerns. The work was completed by August 6, 2004.

    Recommendation: In order to strengthen DOE's ability to meet the requirements of the new DBT, as well as to strengthen the department's ability to deal with future terrorist threats, the Secretary of Energy should reexamine the current application of the graded threat approach to sites that may have improvised nuclear device concerns.

    Agency Affected: Department of Energy

  5. Status: Closed - Implemented

    Comments: In its February 2004 comments on GAO's report, DOE stated that it would consider each of GAO's recommendations as part of the Departmental Management Challenges for 2004. More specifically, in his April 27, 2004, testimony before the Subcommittee on National Security, Emerging Threats, and International Relations of the House Committee on Government Reform, the Director of the Office of Security and Safety Performance Assurance stated that while he believed the rationale used to develop the DBT was sound and the appropriate approach, he was directing that DOE review this process to determine if this is still the best approach and if there was more DOE should be doing in this area. Since the report was issued, DOE has issued revised DBTs in 2004 and 2005 as well as issued updated implementation guidance in 2004, 2005, and 2007. After determining that DOE's policy-making approach was ill-suited to the post 9/11 security environment, new DBTs and associated guidance have been issued as directives by the Deputy Secretary of Energy instead of going through DOE's arduous policy making process.

    Recommendation: In order to strengthen DOE's ability to meet the requirements of the new DBT, as well as to strengthen the department's ability to deal with future terrorist threats, the Secretary of Energy should review how the DBT is developed to determine if using the current policymaking approach is appropriate given the dynamic post-September 11, 2001, security environment.

    Agency Affected: Department of Energy

  6. Status: Closed - Implemented

    Comments: In its February 2004 comments on GAO's report, DOE stated that it would consider each of GAO's recommendations as part of the Departmental Management Challenges for 2004. In addition, in its specific comments on GAO's report, DOE stated that it would explore procedures to incorporate the evaluation of increased Security Condition (SECON) levels into its vulnerability assessments. Subsequently,in his April 27, 2004, testimony before the Subcommittee on National Security, Emerging Threats, and International Relations of the House Committee on Government Reform, the Director of the Office of Security and Safety Performance Assurance stated that DOE sites were now engaging in employing DOE's rigorous vulnerability assessment methodology to evaluate every aspect of their protective systems, including the the additional measures required to implement enhanced Security Conditions (SECONs). Subsequently, DOE issued a congressionally mandated report in June 2006, that described the actions DOE was taking to implement the Design Basis Threat and to improve security through the deployment of technology and improved protective forces. DOE's new Vulnerability Assessment methodology, which was fully implemented in 2006, takes into account and assesses probability of detection and neutralization for each of the multiple layers of security at DOE nuclear sites. This new methodology captures the effects of SECONs, most of which are implemented in the outer layers (perimeter) of security.

    Recommendation: In order to strengthen DOE's ability to meet the requirements of the new DBT, as well as to strengthen the department's ability to deal with future terrorist threats, the Secretary of Energy should evaluate the cost and effectiveness of existing security conditions and how they are implemented using DOE's vulnerability assessment methodology.

    Agency Affected: Department of Energy

  7. Status: Closed - Implemented

    Comments: In its February 2004 comments on GAO's report, DOE stated that it would consider each of GAO's recommendations as part of the Departmental Management Challenges for 2004. As part of the revised 2004 DBT, DOE required that all sites submit detailed quarterly DBT implementation plans and progress reports to the Deputy Secretary of Energy for review and approval. PL 109-1163, required DOE to submit a report to Congress detailing DBT implementation schedules, costs, and levels of risk, among other things. DOE submitted this report in June 2006, and GAO completed its review of this report in June 2007. In this report, DOE sites not meeting DBT implementation deadlines, and listed incremental annual reductions in risk until the DBT was fully implemented. Deviations from the DBT implementation also require the approval of the Secretary of Energy.

    Recommendation: In order to strengthen DOE's ability to meet the requirements of the new DBT, as well as to strengthen the department's ability to deal with future terrorist threats, the Secretary of Energy should report regularly to relevant congressional oversight committees on: (1) the status of DBT implementation as reflected by the required quarterly DBT implementation progress reports and (2) which sites and facilities are currently considered to be at high risk under the new DBT and what steps are being taken to mitigate these risks to acceptable levels.

    Agency Affected: Department of Energy

 

Explore the full database of GAO's Open Recommendations »

Oct 14, 2014

Sep 30, 2014

Sep 24, 2014

Sep 18, 2014

Sep 17, 2014

Sep 10, 2014

Sep 9, 2014

Sep 8, 2014

Looking for more? Browse all our products here