For other versions of this document, see http://wikileaks.org/wiki/CRS-RS20243 ------------------------------------------------------------------------------ Order Code RS20243 Updated July 23, 1999 CRS Report for Congress Received through the CRS Web DOE Security: Protecting Nuclear Material and Information Zachary S. Davis Specialist Resources, Science, and Industry Division Summary Congress is focusing on problems with security at the Department of Energy's (DOE) national security facilities, especially the nuclear weapon laboratories. Problems include espionage from within the labs and protection of nuclear material and facilities from outside attack. This report describes the main components of DOE's security system and reviews current efforts to address shortcomings. This report will be updated as events warrant. Issues for Congress Several committees of the House and Senate are investigating security problems at DOE facilities. A long history of problems has prompted efforts by Congress and the Executive Branch to improve DOE security. A special House committee established in 1998 investigated Chinese spying at the DOE national laboratories.1 The Senate Select Committee on Intelligence also conducted an investigation, and other committees have held hearings. Serious breaches of security involving Chinese efforts to acquire sensitive nuclear and missile technology from the labs have come to light. The CIA, the FBI, DOE, and the President's Foreign Intelligence Advisory Board have confirmed there were serious losses of classified information from the DOE labs.2 1 Report of the Select Committee on U.S. National Security and Military/Commercial Concerns with the People's Republic of China, House of Representatives, Report 105-851, May 25, 1999. Hereafter referred to as the Cox Report. 2 The Cox Report; The Intelligence Community Damage Assessment on the Implications of China's Acquisition of US nuclear Weapons Information on the Development of Future Chinese Weapons, April 30, 1999, unclassified; Science at its Best, Security at its Worst, A Report on Security Problems at the U.S. Department of Energy, President's Foreign Intelligence Advisory Board, June, 1999. Congressional Research Service ~ The Library of Congress CRS-2 A related issue involves the security of nuclear weapon materials at DOE facilities. Concerns about inadequate protection of weapon materials intensified after reports that military plutonium at DOE's Rocky Flats facility, near Denver, Colorado, could be vulnerable to terrorist attack. 3 The director of DOE's Office of Safeguards and Security, Ed McCallum, and contractors responsible for security at Rocky Flats attempted to call attention to the problems, but their concerns were reportedly not heeded by DOE headquarters. Subsequently, the contractor filed suit against DOE, which placed Mr. McCallum on administrative leave for allegedly disclosing classified information in telephone discussions with the contractor.4 DOE maintains that security is adequate at Rocky Flats, but has agreed to improve physical security at weapons-related sites. To address problems with DOE security, the President issued Presidential Decision Directive (PDD)-61 in February 1998. In April 1998, Secretary of Energy Bill Richardson announced new security measures for the national laboratories. To address a backlog of longstanding security problems, on May 11, 1999, Secretary Richardson announced a reorganization that would consolidate DOE security functions into a new central security office. In June, the President's Foreign Intelligence Advisory Board recommended creating an autonomous or semi-autonomous nuclear weapon agency. Richardson initially opposed creating a new agency, but now supports a Senate-backed plan to establish a semi-autonomous agency. Congress is currently considering whether these steps are adequate to address the problems of DOE security. Several alternatives to the Administration's initial security reform package have been introduced, including legislation to move the nuclear weapons program out of DOE, restrict foreign visits to the labs, and improve the accountability of DOE contractors. On June 9, the House unanimously passed the Defense Authorization for FY2000 (H.R. 1401) which contained 26 of the 38 recommendations of the House Select Committee on U.S. National Security and Military/Commercial Concerns with the People's Republic of China.5 The Senate passed the Intelligence Authorization for FY2000 (H.R. 1555) that would establish a semi-autonomous nuclear weapon agency. This report reviews the main problems of DOE security and summarizes proposed remedies. Missions of DOE Labs and the Nuclear Weapons Complex The primary mission of DOE's nuclear complex is to maintain the U.S. nuclear weapons stockpile. DOE produces nuclear weapons for the Department of Defense (DOD). The division of responsibilities between DOE and DOD preserves a longstanding policy of keeping nuclear weapons under civilian authority. The DOE nuclear complex consists of eight government-owned, contractor-operated sites which contribute to the production, maintenance, and retirement of nuclear weapons, materials, and components. Three labs -- Los Alamos, Sandia, and Livermore -- play the 3 Peter Eisler, "Reduced Budgets Erode Security at Nuke Plants," USA Today, October 22, 1997. 4 Jim Carrier, "Flats Security Lax, Ex-Officials Warn," The Denver Post, May 20, 1997, p.A-1; 5 Juliet Eilperin and Vernon Loeb, "Weapons Lab Reforms Backed," Washington Post, June 10, 1999, p. 4. CRS-3 lead role in weapons activities, although other facilities such as Oak Ridge and Y-12 make major contributions. Although they are federally funded and accountable to DOE headquarters, the labs are operated by contractors and exercise a high degree of autonomy. The high degree of autonomy often results in inconsistent implementation of DOE policies, including security policy. Since the moratorium on nuclear testing in 1992 and signing of a Comprehensive Test Ban Treaty (CTBT) in 1996, U.S. nuclear weapons are maintained through the Stockpile Stewardship Program. Scientists at the DOE national labs utilize a broad-based scientific approach to ensure the safety and reliability of U.S. nuclear weapons, without testing.6 The DOE also utilizes nuclear and scientific expertise to support U.S. nonproliferation and arms control policy. For example, the labs provide expertise on foreign nuclear programs, export controls, and efforts to strengthen controls on nuclear weapons and materials in Russia and other FSU countries. The U.S.-Russia Lab-to-Lab program has played a central role in U.S. Cooperative Threat Reduction programs (CTR). Lab scientists have installed material protection, control, and accounting (MPC&A) equipment at numerous Russian and FSU facilities to reduce the risk of theft or diversion in Russia.7 The labs also maintain a broad array of basic scientific research programs in fields such as computing, materials science, energy, physics, and others which are critical to maintaining the expertise needed to support Stockpile Stewardship and the other national security missions.8 However, the free exchange of information that is typical of unclassified scientific research sometimes clashes with the requirements of classified weapon-related activities. The participation of foreign citizens -- particularly from sensitive countries such as China, Russia, and India -- in unclassified laboratory research raises concerns about the security of classified and sensitive information. Legislation has been introduced in the Senate and House to put new restrictions on foreign visitors to the labs.9 DOE Security: Protecting Against Insider and Outsider Threats The Department of Energy maintains several types of security systems to protect U.S. national security assets -- information, materials, and weapons -- from theft or 6 Jonathan Medalia, Nuclear Weapon Production Capability Issues, CRS Report 98-529, June 8, 1998; Richard Rowberg, National Ignition Facility and Stockpile Stewardship: Highlights and Issues, CRS Report 98-464. 7 Department of Energy, Office of Arms Control and Nonproliferation, Russia/NIS Nuclear Materials Security Task Force, "Significant Milestones in Securing and Controlling Nuclear Materials," April 1999. 8 Richard Rowberg, DOE and DOD research, CRS Report RL30054. 9 H.R. 1348, Department of Energy Foreign Visitors Program Moratorium Act of 1999; S. 887, Sensitive Country Foreign Visitors Moratorium Act of 1999. CRS-4 diversion. Security systems are intended to deter, detect, and defeat efforts from inside or outside DOE facilities to gain unauthorized access to these assets. Physical Protection: Safeguards and Security Physical security includes guard forces, fences, alarms, barriers, surveillance, seals, monitoring, containment, and other measures. Such systems are employed to protect buildings, facilities, personnel, equipment, information, communications, and transport related to nuclear weapons. Physical protection of nuclear weapons is maintained by the Nuclear Explosive and Weapon Surety Program in conjunction with other measures. DOE's Material Control and Accountability (MC&A) system tracks the quantities and whereabouts of nuclear materials throughout the DOE complex. Congress, the GAO, and DOE internal reviews have identified numerous problems with DOE's safeguards and security system.10 The problems include weak security for classified information, concerns about foreign visitors and their possible access to classified information, and failures of the nuclear materials tracking system to account for weapon- usable material. Many of the problems have persisted for years, despite repeated efforts to spur DOE to take action.11 Recently, the problems have resurfaced in connection with reports of Chinese espionage at the labs and reports of weak security for nuclear weapons material (plutonium) at the Rocky Flats site. Cyber Security Computer security is a major challenge for DOE. In addition to protecting its computers from hackers, DOE faces some unique problems. Like other agencies that handle classified information, DOE and its labs maintain separate computer systems for classified and unclassified information. The technical challenge is to prevent the transfer of classified information to an unclassified system, which is often in close proximity. This type of transfer apparently occurred at Los Alamos when a lab employee, Wen Ho Lee, reportedly copied classified files to a disk and put them on an unsecure computer, where they were vulnerable to unauthorized access. The FBI found that the files had been accessed, but have not determined by whom. A technical solution used by some agencies is to remove the hard drive so that nothing can be downloaded from the classified system, except when authorization to install or unlock the hard drive has been granted. Such a solution, however, would not prevent people from transferring classified information onto an unclassified computer by memorizing it or copying it on paper first. The policy question is where to draw the line between classified and unclassified research. Some unclassified research in areas such as computing and high-energy physics is relevant to the weapons program. It is also possible to create classified information by combining unclassified sources. DOE scientists must continually distinguish between 10 Department of Energy: Key Factors Underlying Security Problems at DOE Facilities, GAO Testimony Before the Subcommittee on Oversight and Investigations, Committee on Commerce, House of Representatives, April 20, 1999. 11 Peter Eisler, "Mistrust Foils U.S. Nuclear Security," USA Today, May 19, 1999. CRS-5 classified and unclassified information in their interactions with uncleared and foreign colleagues. Computer interaction through email remains a particular concern, despite existing rules and procedures governing such contacts. Counterintelligence Counterintelligence includes measures to prevent and detect espionage by foreign countries. DOE's counterintelligence apparently failed to effectively detect or prevent spying at DOE facilities, despite many warnings. Foreign spying on the U.S. nuclear program began during the Manhattan Project in the 1940s (which was managed by the U.S. Army) and continued through the 1950s, when several Soviet agents penetrated the Los Alamos lab. In the 1970s, Chinese spies apparently penetrated Livermore national lab and acquired information on U.S. nuclear weapons. DOE inherited the weapons program when it was created in 1974. Chinese espionage at U.S. nuclear facilities reportedly continued through the 1980s and 1990s, and succeeded in acquiring detailed information on most U.S. nuclear weapons as well as other advanced weapons. 12 Various Executive Branch agencies, including DOE itself, and Congress have criticized DOE's counterintelligence efforts. Some of the criticism dates back nearly 20 years.13 Problems have included lax handling of classified documents, inadequate background checks on lab personnel, mishandled investigations, and problems associated with foreign visitors. According to recent investigations, some problems stemmed from years of mismanagement and from the low priority given to counterintelligence by DOE's top management.14 Some problems resulted from inconsistent security practices at the labs and from the disconnect between DOE headquarters and the labs. PDD-61 and Secretary Richardson's reform package seek to restore confidence in DOE's counterintelligence office by increasing its budget and authority and by putting a seasoned FBI counterintelligence official in charge. The director of the new Office of Counterintelligence, Ed Curran, has direct access to the Secretary, and the Directors of the FBI and the CIA.15 12 Cox Report, pp. 69, 74. 13 Department of Energy: Key Factors Underlying Security Problems at DOE Facilities, GAO Testimony Before the Subcommittee on Oversight and Investigations, Committee on Commerce, House of Representatives, April 20, 1999, p. 4; Pete Eisler, "U.S. Has Let Its Guard Down For 20 Years," USA Today, June 16, 1999, p, 10. 14 Walter Pincus, "Panel Urges Some Autonomy for Nuclear Weapons Program," Washington Post, June 15, 1999, p.2. 15 Status of DOE Counterintelligence Plan Implementation (PDD-61), DOE Fact Sheet, May 12, 1999. CRS-6 Secretary Richardson's Reform Package On May 11, 1999, Secretary of Energy Richardson announced a reform package intended to address the problems of DOE security and fully implement PDD-61. The package centralizes responsibility for all DOE security in a new Office of Security and Emergency Operations. The new security "czar" is responsible for protecting all DOE materials, information, and facilities. On June 16, Secretary Richardson named retired Air Force General Eugene Habiger as DOE's security czar. The DOE Chief Information Officer is responsible for cyber security at the labs. A new office of Foreign Visits and Assignments is responsible for security aspects of foreigners at the labs. A new Office of Plutonium, Uranium and Special Material Inventory is responsible for keeping track of the nuclear materials throughout the DOE complex. The reform package also includes security training, improved background security checks, expanded use of polygraphs, accelerated upgrades of physical security, increased reviews for declassification, and strengthening of the Security Management Board -- an interagency panel that oversees DOE safeguards and security measures. Secretary Richardson initially opposed establishing an autonoumous or semi- autonomous agency, but eventually accepted a Senate proposal for a semi-autonomous agency. Legislation Congress is considering a wide range of actions to improve DOE security. These include moving the weapons program out of DOE to form an independent agency, restricting foreign visits, increasing accountability of lab contractors, and abolishing DOE altogether and giving the weapons program to the Department of Defense. S. 1059, Defense Authorization for FY2000, Sen. Warner, Title XXXI Department of Energy National Security Programs, Subtitle D, Department of Energy Facilities Safeguards Security and Counterintelligence S. 1186, Sen. Domenici, Energy and Water Appropriations for FY2000, funding for DOE programs, including proposed security reforms H.R. 1555, Intelligence Authorization for FY2000, Rep. Goss, contains measures to reorganize DOE and strengthen counterintelligence capabilities, includes S.1009. H.R. 1649, A bill to abolish the Department of Energy, Rep. Tiahrt H.R. 2032, A bill to create a Nuclear Security Administration, Rep. Thornberry H.R. 1348, Moratorium on Foreign Visitors Program, Rep. Ryun H.R. 1401, Defense Authorization for FY2000, Rep. Spence, contains amendments to implement the recommendations of the Cox Committee and an amendment by Rep. Costello to increase accountability of DOE facility contractors. ------------------------------------------------------------------------------ For other versions of this document, see http://wikileaks.org/wiki/CRS-RS20243