The National Nuclear Security Administration has yet to finish a congressionally mandated life-cycle physical security infrastructure management plan for its facilities, according to a senior Government Accountability Office official.
There was no immediate word this week on the status of the document lawmakers first requested nearly a decade ago.
The fiscal 2008 National Defense Authorization Act directed the semiautonomous Department of Energy branch to evaluate physical and cyber security threats to the DOE nuclear weapons complex and to each year submit to Congress “a plan for the research and development, deployment, and life-cycle sustainment of the technologies employed within the enterprise to address physical and cyber security threats during the upcoming five-year fiscal period,” GAO Assistant Director Jonathan Gill said last week.
For fiscal 2015, the Senate Armed Services Committee called on the Government Accountability Office to review the agency’s progress in preparing the plan, Gill said during a Feb. 19 panel discussion at the ExchangeMonitor 2016 Nuclear Deterrence Summit. That included studying the extent to which the NNSA has incorporated physical security needs into its budget and planning documents.
While the GAO report has not been finalized, Gill said preliminary observations indicate the NNSA has not completed the physical security plan and has not completely incorporated the issue into its budget and planning process. Progress stalled following an embarrassing 2012 security breach in which an elderly nun and two other peace activists snuck into the Y-12 nuclear weapons plant in Tennessee, Gill said. He said, though, there has been a renewed push to develop this plan since May 2015: “It’s regaining momentum that it has lost.”
“However, considerable work remains to be done to complete this new effort, and full potential costs to address future repair and upgrade needs for NNSA physical security systems will not be fully included in the long-range planning and documents until the agency’s FY 2018 or later budget submission,” Gill said.
Physical security infrastructure encompasses a host of measures such as alarms, cameras, barriers, access control points, and hardened facilities and vaults, all designed to prevent intruders from gaining access to sensitive materials and technologies at sites including Y-12, the Pantex Plant in Texas, and the NNSA’s national laboratories.
The NNSA says it took steps to bolster these defensive systems following the Sept. 11, 2001, terrorist attacks. Upgrades ranged from deploying new technology to increasing barriers and decreasing access to special nuclear materials. The NNSA physical security budget — including funding for site protective forces — spiked from about $360 million in fiscal 2001 to $728 million in fiscal 2008, then dropped moderately afterward, according to the GAO; the agency’s combined physical and cyber security budget request for fiscal 2017 is $846.7 million.
Nonetheless, security has remained a point of concern across the complex due to a number of failures, highlighted by the Y-12 incident that subsequent inquiries found demonstrated inadequate maintenance of security equipment and a slow, insufficient response by security personnel even after alarms were activated. The intrusion occurred the year before the facility completed a $50 million replacement of its outdated security system.
In a May 2014 report, the GAO said the NNSA still lacked “a clear vision and path forward for its security program and an implementation strategy.”
In its fiscal 2017 budget request, the NNSA noted that it might require more than $2 billion over 15 years to deal with “aging and obsolete security infrastructure,” Gill said. A funding plan and list of key security improvements is expected in this year and could be featured in the agency’s fiscal 2018 budget documents, according to the GAO official.
Gill said his official report, which would feature the NNSA response, should be issued around April.
The agency this week did not respond to a request for information regarding the status of the physical security plan, which a Senate Armed Services Committee spokesman said was due to the panel by December of this year.
The NNSA’s 2015-2020 Nuclear Security Road Map, meanwhile, calls for development of a master plan for its physical security systems and infrastructure management.
Speaking at a separate panel at the conference, two senior NNSA officials acknowledged the security challenges facing the agency, but said progress is being made.
“Y-12 does not define the NNSA, it doesn’t define the defense nuclear program. It was an incident, we have learned, and … we concentrate on the future,” said Lewis Monroe III, director of the NNSA Office of Security Operations and Programmatic Planning. “Anybody that wants to can think whatever they want about Y-12, we’re on the inside. We understand what went on, we know what we learned, and we know how to move this program forward, with the help of everybody out there on the ground doing the job.”
Monroe and Jeffrey Johnson, NNSA associate administrator for defense nuclear security, highlighted the importance of the road map in improving security across the weapons complex.
“In order to get to where we want to be in the future, where our vision is, we’re going to have to execute a lot of change over the next five years, over the next 10 years, and probably over the next 15 years,” Johnson said.
The road map document encompasses four key strategies: strive for operational excellence; drive an effective, efficient, and sustainable field nuclear security program; modernize, revitalize, and recapitalize the physical security infrastructure; and develop and sustain a highly capable security workforce, “without which this program will not survive.”
Ongoing efforts to identify and resolve physical security weaknesses include using data analysis, site visits, and other means to establish a clear picture of infrastructure throughout the NNSA complex, according to the road map. The NNSA also intends to develop a 10-year physical security systems management plan that aligns spending with “valid security requirements and strategies.” In addition, beginning in fiscal 2015, the NNSA is assessing developing threats – including drones and electromagnetic pulse strikes – and working on technological solutions to those dangers, the document says.
Improving communication throughout the NNSA nuclear security program, along with partner agencies including DOE and the Department of Defense, will be a core component of the full security effort, according to the document. Specific steps, many of which were scheduled to be initiated in 2015, include assigning a defense nuclear security staffer as a desk officer for each NNSA field office and participating in monthly meetings of the DOE Chief Security Officer Council meetings.
Standardizing security across the complex, while allowing for some site-specific variability, will be key to the overall program, Monroe said.
“Today we have eight security programs. I don’t care what anybody tells you, we have eight security programs,” he said. “What we are trying to build is a single security program that is executed at eight different locations. I’ve seen it done before over a lot more than eight locations.”
Among the other initiatives aimed at carrying out the four strategies are developing a plan for extended work with DOE and DOD to set up a central capability to test, assess, and certify “commonly used security components and systems”; and conduct a staffing study that in this fiscal year will be employed to create a multiyear plan for security staffing and succession throughout the nuclear security complex.
“We’re going to be on this road for a long time, and if we do our job right as people today the people who follow us, they’ll follow the same path,” Monroe said.
