The Department of Energy operates sites that hold special nuclear material—such as highly enriched uranium—which can be used to make nuclear weapons. Due to the sensitive nature of these sites, DOE must annually report on the status of their security infrastructure to Congress.
DOE's reports identified challenges that could affect the security at some of its sites, and we found that the agency is not fully prepared to address these challenges. Among other things, we recommended that DOE develop a plan to address physical security infrastructure needs—such as fences, alarms, and sensors—at its sites.
Photo of the Department of Energy building in Washington, DC.
What GAO Found
The Department of Energy's (DOE) and the National Nuclear Security Administration's (NNSA) annual reports for 2014 and 2015 on the security of nuclear facilities holding special nuclear material did not fully meet the definition of quality information under the federal internal control standards. These standards define quality information as appropriate, current, complete, accurate, accessible, and provided on a timely basis. GAO found that, in general, while the reports were based on current information and were accessible to Congress, they did not fully meet quality information standards because the reports:
- did not always contain complete information on the assessments used to support the agencies' certifications that sites are secure and
- were not provided to Congress in a timely manner.
For example, DOE's 2015 annual security report did not mention whether an important assessment was conducted at two of its four sites or include information regarding the date or outcome of the assessment at three of its four sites. NNSA's 2015 annual security report noted its sites conducted these assessments; however, it did not provide information regarding the date or outcome at one site. Without complete information on the assessments used to determine each site's overall security assessment, it was not always possible to determine the basis for the site security certification solely using the information contained in the reports. In addition, GAO found that DOE's and NNSA's annual 2014 and 2015 security reports were issued several months late. DOE officials told GAO the delay was partly due to the lengthy internal review process. DOE and NNSA stated that they would promptly report any serious security issues to Congress using means other than the annual security reports. When the reports are issued late, however, Congress may not routinely receive timely notice of issues so that it can take actions to improve sites' security.
GAO's review of the annual security status reports and interviews with agency officials indicated that DOE and NNSA share significant challenges that could affect their ability to maintain physical security at sites and certify them as secure. For example, security infrastructure, such as fences, alarms, and sensors, at many DOE and NNSA facilities is outdated and requires extensive maintenance to ensure proper functioning. NNSA is developing a physical security infrastructure plan to be issued in spring 2017, but DOE has not fully developed plans or estimated costs to address its needs. Additionally, DOE has not fully implemented a June 2011 order, which could result in some nuclear materials requiring additional security. GAO found that even though the order called for implementation plans within 6 months of its issuance, one DOE site, with the approval of the Deputy Secretary of Energy, will not have an implementation plan until 2018. Based on GAO's review and the comments of agency officials, neither the 2014 and 2015 security reports provided comprehensive risk and potential vulnerability information to Congress nor had these issues been communicated through other means.
Why GAO Did This Study
DOE and NNSA operate sites with facilities holding special nuclear material that can be used to make nuclear weapons. The National Defense Authorization Act of 2014 requires the Secretary of Energy to submit to congressional committees a report detailing the status of security at sites holding key quantities of special nuclear material, along with a certification that the sites meet DOE's security standards and requirements by December 1 of each year. The law requires DOE's reports to include a similar report from NNSA. A report accompanying the legislation included a provision for GAO to evaluate these efforts. This report examines (1) the extent to which these DOE and NNSA reports meet the definition of quality information under federal internal control standards, and (2) any significant physical security challenges at sites that the reports or agency officials identified and the extent to which the agencies have addressed them. GAO reviewed the 2014 and 2015 reports and interviewed agency officials.
GAO recommends that DOE include more complete information in the reports, better align the review process and mandated deadlines, plan for infrastructure needs, and inform Congress of the reason for delays in implementing its June 2011 order and any identified vulnerabilities. DOE raised concerns with the first recommendation, generally agreed with the second and the third, and stated it had already implemented the fourth. In response, GAO modified the first recommendation and will assess DOE's implementation of the fourth.
Recommendations for Executive Action
|Department of Energy||1. The Secretary of Energy, working with the Administrator of the National Nuclear Security Administration, should include more complete information on the assessments--that is, security plans, vulnerability assessments, independent assessments, and other assessments--used in the annual reports to support the agencies' assessments that DOE and NNSA sites are secure.|
|Department of Energy||2. The Secretary of Energy, working with the Administrator of the National Nuclear Security Administration, should better align the internal review process and mandated report publication deadlines.|
|Department of Energy||3. Additionally, the Secretary of Energy should develop a plan for addressing the physical security infrastructure needs at DOE sites. Similar to a report under development by NNSA, this plan could identify cost and time frames and enable DOE and the Congress to prioritize these projects.|
|Department of Energy||4. Additionally, the Secretary of Energy should, in future annual security certification reports, inform Congress of the reasons for the delayed implementation of the June 2011 DOE material control and accountability order at some sites, as well as the steps DOE and its sites are taking to implement it. DOE should also provide Congress with information on any vulnerabilities or deficiencies in the security at sites that may potentially exist while the sites complete implementation of the order as well as information on any concomitant adjustment to their security posture that is required.|