NNSA Should Establish a Clear Vision and Path Forward for Its Security Program
GAO-14-208: Published: May 30, 2014. Publicly Released: Jun 30, 2014.
What GAO Found
Implementation of security reforms from 2009 to 2012 generally varied among National Nuclear Security Administration (NNSA) sites. According to Department of Energy (DOE) and NNSA officials and contractors, some of these efforts helped manage security costs and enhance productivity, among other benefits, but may also have increased security risks and reduced security performance at the Y-12 National Security Complex (Y-12) in Tennessee and other NNSA sites, depending on how the sites implemented the reforms. For example, NNSA's headquarters Office of Defense Nuclear Security (DNS) conducted in-depth reviews at sites and recommended elimination of certain expenditures, for a potential savings of $53 million. However, not all of these cuts were implemented by the sites, and NNSA has limited quantifiable data on the benefits of these or other actions. NNSA officials and contractors at several sites also noted that some recommendations made during the reviews may have encouraged inappropriate risks by, for example, calling for cuts in what some of the officials or contractors described as critical protective force posts and patrols. Other actions to implement the reforms may also have increased risks, particularly at Y-12. Specifically, NNSA issued its own security policies in place of DOE's security directives, giving NNSA's contractors greater authority to make security decisions and accept risks. At the same time, DOE and NNSA scaled back on their security inspections and increased their reliance on contractors to self-monitor and self-evaluate their security performance at NNSA sites. Particularly at Y-12, some of these actions to implement the 2009 to 2012 reforms may have increased risks and reduced security performance. Some of the actions at Y-12 to implement the reforms were also later identified by DOE and NNSA as being among the causes of that site's July 2012 security breach.
After the Y-12 security breach, NNSA took a number of actions designed to improve its security performance and oversight but did so without first developing a clear vision and path forward for its security program and an implementation strategy, including milestones and responsibilities for carrying them out. For example, NNSA initiated actions to reinstate the DOE security directives, which it had previously replaced with its own security policies; started, then discontinued, a security inspection program; and reorganized its headquarters security office twice. According to some DOE and NNSA officials, NNSA undertook these and other actions without first developing the NNSA security “road map” that its Security Task Force had called for in 2012, as a priority recommendation after the Y-12 breach. More specifically, the task force had recommended that NNSA develop a clear vision and path forward for its security program and an implementation strategy, including regular monitoring, to help ensure that its actions will lead to sustainable solutions—a recommendation that mirrors effective practices GAO has previously identified for successfully implementing and sustaining management improvement initiatives. Without a road map for its security program, NNSA may prolong what some of its own officials have described as a “chaotic” or “dysfunctional” period in NNSA's security program since the 2012 security breach. In addition, NNSA risks putting in place short-lived or ineffective responses to its security problems, on which GAO and others have reported for more than a decade.
Why GAO Did This Study
NNSA, a semiautonomous agency in DOE, is responsible for protecting sensitive assets, including classified information and plutonium used at its contractor-operated sites to carry out nuclear weapons-related missions. Contractors provide security at NNSA's sites under the direction and oversight of DNS, NNSA field offices, and DOE. In response to rising security costs and other concerns, from 2009 to 2012, DOE and NNSA initiated various reforms to identify and eliminate potentially unnecessary security costs; realign security requirements that may be impeding sites' productivity; and streamline federal oversight. After a serious security breach at its Y-12 site in July 2012, however, NNSA reexamined some of its reforms and considered additional actions.
GAO was asked to examine NNSA's security reforms. GAO examined (1) DOE, NNSA, and contractors' implementation of the 2009 to 2012 security reforms, including any benefits or drawbacks they identified for NNSA and its sites, and (2) NNSA's actions or plans to improve security performance and oversight after the Y-12 security breach. GAO reviewed DOE and NNSA documents and interviewed DOE and NNSA headquarters officials and NNSA field office officials and contractors at the seven NNSA sites.
What GAO Recommends
GAO recommends NNSA develop a clear vision and path forward for its security program and an implementation strategy including regular monitoring. NNSA agreed with the recommendation.
For more information, contact David C. Trimble at (202) 512-3841 or firstname.lastname@example.org.
Recommendation for Executive Action
Status: Closed - Implemented
Comments: In response to this recommendation, in May 2015, NNSA issued a "2015-2020 Security Roadmap: Strategic Initiatives for Managing the Defense Nuclear Security Program." In the security roadmap, NNSA outlined a future vision for its nuclear security program, including goals for improving the efficiency and effectiveness of the program and for addressing longstanding security issues. In its roadmap, NNSA identified four key strategies that encompass numerous improvement steps in areas ranging from communications and budgeting to security infrastructure and workforce development. Also in June 2015, NNSA issued a separate implementation strategy, including milestones for carrying out the improvements described in the roadmap and a strategy for monitoring the roadmap's implementation. According to NNSA's Director of Security Planning in August 2016, NNSA has continued to implement the security roadmap and monitor its progress.
Recommendation: To help ensure NNSA's actions to improve its security performance and oversight will be successfully implemented and sustained, the Secretary of Energy should direct the NNSA Administrator to develop and implement the NNSA security road map, including a clear vision and path forward for NNSA's security program and an implementation strategy, including regular monitoring, to help ensure that its actions will lead to sustainable solutions.
Agency Affected: Department of Energy