Alissa Tabirian
NS&D Monitor
1/15/2016
Department of Energy (DOE) sites demonstrated effective security performance overall in fiscal 2015 but should improve emergency management systems, contractor oversight, corrective action management, and other issues, according to the DOE Office of Enterprise Assessments’ (EA) fiscal 2015 Independent Oversight Activities Overview report to Congress released on Jan. 8. In the last fiscal year, EA completed 15 safeguards and security assessments at 10 DOE sites, 10 information security assessments at 12 sites, and 26 cybersecurity assessments at 22 sites. It also completed 36 nuclear safety assessments at 15 sites, six worker safety and health assessments at three sites, and nine emergency management assessments at eight sites.
The EA investigations included a review of an emergency response exercise at the Pantex plant, which lacked timely information dissemination and exercise procedure specificity, and a review of the fire protection program at Pantex and the Y-12 National Security Complex, which were found to be vulnerable due to age-related infrastructure degradation and deficiencies in fire protection system surveillance testing. An audit of the DOE’s cybersecurity risk management framework found that certain programs did not have adequate security controls, while a review of the Sandia National Laboratories’ work planning and control – which governs planning and processes for work at different hazard levels – found that some work activities did not meet safety requirements. A review of Y-12’s work planning and control found that activities were carried out by well-trained personnel but featured some lapses in disciplined operations, such as “not suspending work for an unexpected condition, failure to follow procedures and postings, and inconsistent application of some radiological practices.”
Of the 102 reports EA produced in fiscal 2015 on safety and security at 28 DOE sites, it “did not identify any immediate or major risks that warranted shutdown of operations,” the report said. However, it recommended DOE make improvements on “continued senior level management attention to safety and security performance; line management attention to contractor oversight; emphasis on corrective action management; compliance with safety and security requirements; improving emergency management systems; and enhancements to cyber security and insider threat programs.”
