Los Alamos National Laboratory:

Long-Term Strategies Needed to Improve Security and Management Oversight

GAO-08-694: Published: Jun 13, 2008. Publicly Released: Jul 15, 2008.

Additional Materials:

Contact:

Eugene E. Aloise
(202) 512-3000
contact@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

In 2006, a Los Alamos National Laboratory (LANL) contract employee unlawfully removed classified information from the laboratory. This was the latest in a series of high-profile security incidents at LANL spanning almost a decade. LANL conducts research on nuclear weapons and other national security areas for the National Nuclear Security Administration (NNSA). GAO was asked to (1) identify LANL's major programs and activities and how much they rely on classified resources; (2) identify initiatives LANL is taking to reduce and consolidate its classified resources and physical footprint and the extent to which these initiatives address earlier security concerns; and (3) determine whether its new management approaches will sustain security improvements over the long-term. To carry out its work, GAO analyzed LANL data; reviewed policies, plans, and budgets; and interviewed officials.

With fiscal year 2007 budget authority of about $2.7 billion, LANL conducts work on over 175 programs that can be grouped into three major program categories--Nuclear Weapons Science, Threat Reduction Science and Support, and Fundamental Science and Energy--and two support program categories--Environmental Programs and Safeguards and Security. Respectively, LANL's major programs serve to ensure the safety, performance, and reliability of the U.S. nuclear deterrent; support nonproliferation and counterproliferation efforts; and address energy security and other emerging national security challenges. LANL's Nuclear Weapons Science programs are the primary users of the facilities housing classified resources. For example, the Nuclear Weapons Science programs are the primary users of 14 facilities that store special nuclear material while LANL's other major programs are the primary users of only 7 such facilities. LANL has over two dozen initiatives under way that are principally aimed at reducing, consolidating, and better protecting classified resources, as well as reducing the physical footprint of the laboratory by closing unneeded facilities. While many of these initiatives address security concerns identified through past external evaluations--such as efforts to consolidate storage of classified documents and media into fewer secure facilities and to destroy unneeded classified nuclear weapon parts--significant security problems at LANL have received insufficient attention. Specifically, LANL has not implemented complete security solutions to address either classified parts storage in unapproved storage containers or weaknesses in its process for ensuring that actions taken to correct security deficiencies are completed. LANL intends to use three management approaches to sustain the security improvements it has been able to achieve to this point over the long-term: (1) undertake management actions required of LANL under the Compliance Order issued by the Secretary of Energy as a result of the 2006 security incident, (2) develop a Contractor Assurance System to measure and improve LANL's performance and management, and (3) implement annual performance evaluation plans NNSA uses to measure LANL's performance and determine a contract award fee. These approaches contain weaknesses that raise doubts about their ability to sustain security improvements over the long-term. Specifically, the actions LANL has proposed to take to meet the terms of the Compliance Order are only short-term--with completion planned for December 2008. Further, according to LANL officials, the Contractor Assurance System is not fully deployed and the measures it includes may not be fully effective. Finally, the annual performance evaluation plans do not sufficiently reward improving long-term security program effectiveness.

Status Legend:

More Info
  • Review Pending-GAO has not yet assessed implementation status.
  • Open-Actions to satisfy the intent of the recommendation have not been taken or are being planned, or actions that partially satisfy the intent of the recommendation have been taken.
  • Closed-implemented-Actions that satisfy the intent of the recommendation have been taken.
  • Closed-not implemented-While the intent of the recommendation has not been satisfied, time or circumstances have rendered the recommendation invalid.
    • Review Pending
    • Open
    • Closed - implemented
    • Closed - not implemented

    Recommendations for Executive Action

    Recommendation: To ensure sustained improvement of LANL's security program, the Administrator of NNSA should provide meaningful financial incentives in future performance evaluation plans for implementation of this comprehensive strategic plan for laboratory security.

    Agency Affected: Department of Energy: National Nuclear Security Administration

    Status: Closed - Implemented

    Comments: We evaluated NNSA's performance evaluation plans for LANL for fiscal years 2010 and 2011 and found that these plans included meaningful financial incentives for future security performance at the laboratory. In addition, performance evaluation plans incentivized security challenges included in LANL's strategic plan for security that GAO identified as needing to be addressed, such as improved self assessment, executing an effective security program, and improving the control and accountability system for special nuclear material.

    Recommendation: To improve security at Los Alamos National Laboratory, the Secretary of Energy and the Administrator of NNSA should require LANL to develop a comprehensive strategic plan for laboratory security that (1) addresses all previously identified security weaknesses, (2) contains specific and objective measures for developing and implementing solutions that address previously identified security weaknesses and against which performance can be evaluated, (3) takes an integrated view of physical and cyber security, (4) focuses on improving security program effectiveness, and (5) provides for periodic review and assessment of the strategic plan to ensure LANL identifies any additional security risks and addresses them.

    Agency Affected: Department of Energy: National Nuclear Security Administration

    Status: Closed - Implemented

    Comments: Los Alamos National Laboratory (LANL) developed and issued a comprehensive strategic plan for laboratory security in September 2008. GAO's report discussed several previously identified security problems that, at the time of our report, had not been addressed by LANL or had resurfaced as challenges. All of these previously identified security problems are addressed in LANL's strategic plan for laboratory security. The plan also includes targets, measures, and schedules for addressing these security challenges. The plan itself flows from National Nuclear Security Administration (NNSA) strategic planning guidance to reduce both cyber and physical security vulnerabilities and focuses on security program effectiveness by integrating security evaluation efforts such as self-assessment, security improvement task forces, and security compliance reviews with subject matter experts across multiple security functions. The strategic plan is effective for FY 2009 through FY 2014, and LANL reviews and revises the plan annually to ensure it is responsive to the laboratory's changing security environment. In addition, the Los Alamos Site Office and LANL provide NNSA's Office of Defense Nuclear Security with a quarterly Safeguards and Security Management Systems Assurance Report that tracks security performance and provides status updates on initiatives.

    Recommendation: To improve security at Los Alamos National Laboratory, the Secretary of Energy and the Administrator of NNSA should require LANL to develop a comprehensive strategic plan for laboratory security that (1) addresses all previously identified security weaknesses, (2) contains specific and objective measures for developing and implementing solutions that address previously identified security weaknesses and against which performance can be evaluated, (3) takes an integrated view of physical and cyber security, (4) focuses on improving security program effectiveness, and (5) provides for periodic review and assessment of the strategic plan to ensure LANL identifies any additional security risks and addresses them.

    Agency Affected: Department of Energy

    Status: Closed - Implemented

    Comments: Los Alamos National Laboratory (LANL) developed and issued a comprehensive strategic plan for laboratory security in September 2008. GAO's report discussed several previously identified security problems that, at the time of our report, had not been addressed by LANL or had resurfaced as challenges. All of these previously identified security problems are addressed in LANL's strategic plan for laboratory security. The plan also includes targets, measures, and schedules for addressing these security challenges. The plan itself flows from National Nuclear Security Administration (NNSA) strategic planning guidance to reduce both cyber and physical security vulnerabilities and focuses on security program effectiveness by integrating security evaluation efforts such as self-assessment, security improvement task forces, and security compliance reviews with subject matter experts across multiple security functions. The strategic plan is effective for FY 2009 through FY 2014, and LANL reviews and revises the plan annually to ensure it is responsive to the laboratory's changing security environment. In addition, the Los Alamos Site Office and LANL provide NNSA's Office of Defense Nuclear Security with a quarterly Safeguards and Security Management Systems Assurance Report that tracks security performance and provides status updates on initiatives.

    Recommendation: To enhance security initiatives already under way at LANL, the NNSA should require that future laboratory plans for footprint reduction include specific criteria for evaluating facilities' security risks when making initial selections of facilities for footprint reduction.

    Agency Affected: Department of Energy: National Nuclear Security Administration

    Status: Closed - Implemented

    Comments: In June 2009, NNSA issued its FY 2010 Defense Nuclear Security Program Execution Guidance (PEG) to sites, including LANL, for their use in developing annual operating plans. The PEG links NNSA security requirements and resources to performance expectations for sites. The PEG provides a specific performance objective for reducing the security footprint of sites in order to manage risk to address the spectrum of security threats, such as reduction in classified matter. These performance objectives have been carried forward and updated in PEGs through FY 2012.

    Mar 27, 2014

    Mar 6, 2014

    Feb 20, 2014

    Jan 24, 2014

    Oct 29, 2013

    Sep 30, 2013

    Sep 26, 2013

    Jul 29, 2013

    Jul 24, 2013

    Jul 10, 2013

    Looking for more? Browse all our products here