Los Alamos National Laboratory:
Information on Security of Classified Data, Nuclear Material Controls, Nuclear and Worker Safety, and Project Management Weaknesses
GAO-08-173R: Published: Jan 10, 2008. Publicly Released: Feb 11, 2008.
The Los Alamos National Laboratory (LANL), which is operated by the National Nuclear Security Administration (NNSA), is responsible for, among other things, designing nuclear weapons. Over the past decade, we have documented numerous security, safety, and project management weaknesses at NNSA's nuclear weapons complex, including LANL. In particular, LANL has experienced a series of high-profile security incidents that have drawn attention to the laboratory's inability to account for and control classified information and maintain a safe work environment. In July 2004, LANL's director declared a suspension--or stand-down--of laboratory operations to address immediate concerns, including the loss of classified computer disks. During the stand-down, laboratory teams identified more than 3,400 security and safety issues. As a result of systemic management concerns, and the fact that the laboratory contractor--the University of California--did not adequately address these problems, the Department of Energy (DOE) decided in 2003 to allow other organizations to compete for the management contract at LANL. The University of California, which had been the exclusive management and operating contractor since the 1940s, was replaced in June 2006 by Los Alamos National Security, LLC, (LANS). LANS is a consortium of contractors that includes Bechtel National, Inc.; the University of California; BWX Technologies, Inc.; and the Washington Group International, Inc. In this context, Congress asked us to provide information detailing recent security, safety, and management problems at LANL. We provided Congressional staffs with information on these issues. This report summarizes and formally transmits the information provided to Congressional staffs. As requested, this report provides information on (1) security incidents that compromised or potentially compromised classified information, (2) incidents involving the loss of or failure to properly account for special nuclear material (highly enriched uranium or plutonium) and radiological material, (3) nuclear safety concerns at the laboratory, (4) safety accidents involving LANL employees or contractor personnel, and (5) project management weaknesses that may have resulted in significant cost overruns.
In summary, LANL experienced 57 reported security incidents involving the compromise or potential compromise of classified information from October 1, 2002, through June 30, 2007, according to DOE's ITAC database. Thirty-seven (or 65 percent) of these reported incidents posed the most serious threat to U.S. national security interests. Of the remaining 20 incidents, 9 involved the confirmed or suspected unauthorized disclosure of secret information, which posed a significant threat to U.S. national security interests. The remaining 11 reported security incidents involved the confirmed or suspected unauthorized disclosure of confidential information, which posed threats to DOE security interests. Examples of the most serious types of security incidents reported by DOE include the following: (1) LANL could not account for nine classified removable electronic media items, including data disks, during the relocation of these items to a different on-site facility. DOE concluded that these items were likely destroyed prior to their relocation; and (2)A law enforcement search of a LANL subcontractor's home in Los Alamos, New Mexico, recovered classified information in the form of a USB "thumb drive" and documents. The subcontractor, who possessed a DOE security clearance, had removed the information from a highly classified facility at the laboratory. In response to this incident, in July 2007, enforcement actions were taken by DOE, including the issuance of (1) a preliminary notice of violation to the University of California with a proposed civil penalty in the amount of $3 million, (2) a separate preliminary notice of violation to LANS with a proposed civil penalty in the amount of $300,000, and (3) a Secretarial Compliance Order to LANS. The preliminary notice of violation cited both the University of California and LANS for serious violations of DOE's classified information and cyber security requirements. In response to security weaknesses in the handling and processing of classified data, LANL officials told us they have implemented a number of measures to strengthen controls since June 2006, including the following: (1) destroying an estimated 1.4 million "legacy" classified documents; (2) reducing the number of accountable electronic classified items from 87,000 to 4,472; (3) reducing the number of vaults and vault-type rooms holding classified data from 142 to 114; and (4) consolidating classified material and classified processing operations into a "Super Vault Type Room." There were no reported incidents involving the loss or diversion of special nuclear or radiological material from LANL from October 1, 2002, through June 30, 2007. However, a number of security concerns with the inventory and accounting of these materials have been documented, most recently in a DOE Inspector General report issued in September 2007.