The Department of Energy (DOE) maintains millions of classified documents containing highly sensitive nuclear weapons design and production information. Allegations that the Peoples Republic of China obtained nuclear warhead designs from an employee of DOE's Los Alamos National Laboratory, as well as the disappearance of two computer hard drives containing highly sensitive weapons information from that same laboratory, have raised concerns about how effectively DOE protects classified information, particularly the most sensitive classified information that is contained in vaults and computer systems. DOE's security program consists of many strategies for protecting and controlling classified information, such as controlling access to classified information through physical and administrative barriers and determining whether a person's work requires a "need to know" the information. DOE has recently increased protection for top-secret documents by revising its Classified Matter Protection and Control Manual, which provides detailed requirements for the protection and control of classified matter. This report reviews the (1) extent to which DOE's Sandia and Los Alamos National Laboratories have implemented DOE's established access controls and need-to-know requirements for classified vaults and computer systems containing the most sensitive classified information as well as the adequacy of these requirements and (2) steps DOE is taking to upgrade the protection of its classified information. GAO found that the Los Alamos and Sandia National Laboratories have implemented DOE's access controls and need-to-know requirements for both vaults and classified computer systems containing the most sensitive classified information. However, DOE's requirements for documenting need to know lack specificity, allowing laboratory managers wide variations in interpretation and implementation and. DOE has recently taken, and continues to take, steps to upgrade protection and control over its classified information, but additional steps are needed.
Recommendations for Executive Action
|Department of Energy||1. To improve classified document security and accountability, the Secretary of Energy should issue more specific requirements for documenting need-to-know determinations.|
|Department of Energy||2. To improve classified document security and accountability, the Secretary of Energy should provide guidance on 2when the use of "blanket" need-to-know approvals for large numbers of employees is appropriate and how it should be documented.|
|Department of Energy||3. To improve classified document security and accountability, the Secretary of Energy should conduct cost-benefit analyses for reinstituting the requirements for top secret control officers, top secret access lists and approval for reproduction of top secret documents.|
|Department of Energy||4. To improve classified document security and accountability, the Secretary of Energy should ensure the issuance of the revised Control of Weapon Data order establishing Sigma 16 by fall 2001.|