Sandia Corp., the management and operations contractor for the Sandia National Laboratories, is working to improve its program to prevent the unauthorized disclosure of classified information following a review by the Department of Energy’s (DOE) Office of Enterprise Assessments (EA) that revealed some issues.
EA evaluated two such incidents of unauthorized disclosure that Sandia Corp. reported in January, identifying two issues with the site’s incidents of security concern program, according to a Sept. 7 enforcement letter to Sandia Corp. President and lab Director Jill Hruby from EA Office of Enforcement Director Steven Simonson.
The first problem, EA said, was that the two incidents were categorized as “Non-Events,” which means that information thought to be unclassified was sent for classification review through unclassified means, but later determined to contain classified information. The two incidents “constituted [incidents of security concern] and therefore must be categorized and responded to in accordance with Departmental directives,” the letter said.
The second issue, EA said, was that the individuals responsible for the two incidents were instructed to sanitize their own contaminated equipment, which is against Sandia procedures; electronic equipment should be taken to the lab for sanitization. The incidents “revealed a weakness in Sandia’s personal conflict of interest process, as well as shortcomings in employee training on DOE’s Publication of Nuclear Weapon Information,” the letter said.
Sandia is conducting corrective actions for the personal conflict of interest process, it said, and will update its annual ethnics training for employees with security clearances. The letter also noted that DOE will not pursue further enforcement activity and instead will monitor Sandia’s security performance progress.
“Sandia takes any mishandling of classified information seriously and has made changes in its procedures for identifying and reporting such issues and for sanitizing computers,” Sandia spokesman Jim Danneskiold said by email. “Sandia also is correcting weaknesses in training and in classification reviews.”
The contractor was issued a final notice of violation last July and incurred a $577,500 penalty for six classified information security violations.
Sandia Corp. is a wholly owned subsidiary of Lockheed Martin; its management and operations contract for the laboratory expires next April. Responses to the NNSA’s request for proposals for the follow-on prime contract were due in July and a decision is expected by the end of the year.
Lockheed Martin bid for the contract in partnership with Purdue, New Mexico State, and New Mexico Tech universities. The only other publicly acknowledged bid is from a Battelle-Boeing team that includes the University of New Mexico, and the University of Texas and Texas A&M systems.
