[House Hearing, 113 Congress]
[From the U.S. Government Publishing Office]
[H.A.S.C. No. 113-13]
NUCLEAR SECURITY: ACTIONS, ACCOUNTABILITY AND REFORM
__________
HEARING
BEFORE THE
SUBCOMMITTEE ON STRATEGIC FORCES
OF THE
COMMITTEE ON ARMED SERVICES
HOUSE OF REPRESENTATIVES
ONE HUNDRED THIRTEENTH CONGRESS
FIRST SESSION
__________
HEARING HELD
FEBRUARY 28, 2013
[GRAPHIC] [TIFF OMITTED] TONGRESS.#13
U.S. GOVERNMENT PRINTING OFFICE
79-996 WASHINGTON : 2013
-----------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government Printing Office,
http://bookstore.gpo.gov. For more information, contact the GPO Customer Contact Center, U.S. Government Printing Office. Phone 202�09512�091800, or 866�09512�091800 (toll-free). E-mail, [email protected].
SUBCOMMITTEE ON STRATEGIC FORCES
MIKE ROGERS, Alabama, Chairman
TRENT FRANKS, Arizona JIM COOPER, Tennessee
DOUG LAMBORN, Colorado LORETTA SANCHEZ, California
MIKE COFFMAN, Colorado JAMES R. LANGEVIN, Rhode Island
MO BROOKS, Alabama RICK LARSEN, Washington
JOE WILSON, South Carolina JOHN GARAMENDI, California
MICHAEL R. TURNER, Ohio HENRY C. ``HANK'' JOHNSON, Jr.,
JOHN FLEMING, Louisiana Georgia
RICHARD B. NUGENT, Florida ANDRE CARSON, Indiana
JIM BRIDENSTINE, Oklahoma MARC A. VEASEY, Texas
Drew Walter, Professional Staff Member
Leonor Tomero, Counsel
Eric Smith, Clerk
C O N T E N T S
----------
CHRONOLOGICAL LIST OF HEARINGS
2013
Page
Hearing:
Thursday, February 28, 2013, Nuclear Security: Actions,
Accountability and Reform...................................... 1
Appendix:
Thursday, February 28, 2013...................................... 33
----------
THURSDAY, FEBRUARY 28, 2013
NUCLEAR SECURITY: ACTIONS, ACCOUNTABILITY AND REFORM
STATEMENTS PRESENTED BY MEMBERS OF CONGRESS
Cooper, Hon. Jim, a Representative from Tennessee, Ranking
Member, Subcommittee on Strategic Forces....................... 3
Rogers, Hon. Mike, a Representative from Alabama, Chairman,
Subcommittee on Strategic Forces............................... 1
WITNESSES
Alston, Maj Gen C. Donald, USAF (Ret.), Former Commander, 20th
Air Force, Former Air Force Assistant Chief of Staff for
Strategic Deterrence and Nuclear Integration; Brig Gen Sandra
E. Finan, USAF, Commander, Air Force Nuclear Weapons Center,
Former Principal Assistant Deputy Administrator for Military
Applications, National Nuclear Security Administration; and
Hon. Gregory H. Friedman, Inspector General, U.S. Department of
Energy......................................................... 3
Poneman, Hon. Daniel B., Deputy Secretary of Energy, U.S.
Department of Energy; and Hon. Neile L. Miller, Acting
Administrator and Principal Deputy Administrator, National
Nuclear Security Administration................................ 13
APPENDIX
Prepared Statements:
Alston, Maj. Gen. C. Donald (Ret.)........................... 44
Cooper, Hon. Jim............................................. 41
Finan, Brig Gen Sandra E..................................... 72
Friedman, Hon. Gregory H..................................... 91
Poneman, Hon. Daniel B....................................... 101
Rogers, Hon. Mike............................................ 37
Documents Submitted for the Record:
DOE Verbal Shortcuts and Acronyms............................ 111
NNSA Key Personnel........................................... 112
DOE Organization Chart....................................... 113
NNSA Organization Chart...................................... 114
Witness Responses to Questions Asked During the Hearing:
Mr. Cooper................................................... 117
Mr. Garamendi................................................ 117
Questions Submitted by Members Post Hearing:
Mr. Cooper................................................... 139
Mr. Rogers................................................... 121
NUCLEAR SECURITY: ACTIONS, ACCOUNTABILITY AND REFORM
----------
House of Representatives,
Committee on Armed Services,
Subcommittee on Strategic Forces,
Washington, DC, Thursday, February 28, 2013.
The subcommittee met, pursuant to call, at 10:30 a.m., in
room 2212, Rayburn House Office Building, Hon. Mike Rogers
(chairman of the subcommittee) presiding.
OPENING STATEMENT OF HON. MIKE ROGERS, A REPRESENTATIVE FROM
ALABAMA, CHAIRMAN, SUBCOMMITTEE ON STRATEGIC FORCES
Mr. Rogers. This hearing of the Armed Services Subcommittee
on Strategic Forces is called to order. I want to say good
morning and welcome everybody to today's hearing on nuclear
security at the Department of Energy's National Nuclear
Security Administration [NNSA]. Before we get into the hearing,
I want to welcome our new members to the committee. First and
foremost, I want to recognize our ranking member, Mr. Cooper of
Tennessee, my friend and colleague of many years. I look
forward to working closely with him over the next 2 years as we
carry out this important work.
I am not sure they are here, but new to our Strategic
Forces Subcommittee on the Republican side are Mr. Coffman of
Colorado, Mr. Wilson of South Carolina, Mr. Nugent of Florida,
Mr. Bridenstine of Oklahoma. On the Democrat side: Mr. Johnson
of Georgia, and Mr. Carson of Indiana, and Mr. Veasey of Texas.
I look forward to working with all of you, as well as my
colleagues who are returning for another 2 years on the
Strategic Forces oversight subcommittee.
This subcommittee has responsibility for many big critical
important issues, and we are going to get into one of them
right now. Today's hearing is part of the committee's
continuing oversight of the aftermath of the security breach at
Y-12 National Security Complex in July of last year. At this
point, the facts of the incident are well established so I
won't repeat them. Needless to say, the intrusion was
astonishing and completely unacceptable.
Through its hearing and closed briefing last September, the
subcommittee is aware of the immediate corrective actions taken
by the NNSA and the DOE [Department of Energy]. Today's hearing
is focused on the broader implications of the incident,
including organizational leadership and structural failures
that enabled it to occur. Reviewing the testimony from our
first witness panel as well as the other reports on DOE nuclear
security stretching back 15 years, I am deeply concerned that
we have been identifying the same problem for more than a
decade.
For instance, in a 1999 report by the President's Foreign
Intelligence Advisory Board, it said the DOE, ``Embodied
science at its very best and security at its worst.''
Highlighting a string of recurring security problems in the
1990s, the board described DOE as a ``dysfunctional bureaucracy
that has proven it is incapable of reforming itself.''
In 2002, a few years after Congress created NNSA in an
effort to address these concerns, another study by the
Commission on Science and Security found the same problems. In
2005, an independent study of NNSA security conducted by
Admiral Richard Mies again made very similar findings saying
that the problems were, ``they are not new, many continue to
exist because of the lack of clear accountability, excessive
bureaucracy, and organizational stovepipes, lack of
collaboration, and unwieldy, cumbersome processes.''
Those reports were from 1999, 2002 and 2005. So where are
we today? To anyone paying attention, the answer is undeniably,
nowhere. The assessments done after the Y-12 incident showed
that the exact same fundamental problems remain. Regardless of
the structural issues, there is also a problem of
accountability. The only people who have been fired as a result
of the Y-12 incident are a few guards, but no Federal officials
have been fired. Some NNSA site and headquarters security
officials have been reassigned to other positions within the
DOD or allowed to retire but not fired. This is not
accountability. It is the exact opposite of what Secretary of
Defense Gates did after the Air Force's nuclear security
problems in 2007 and 2008. His demonstration of accountability
in the Air Force's senior-most leadership is my example of a
firm system of accountability, and it should be everyone's.
Our first panel of witnesses will help us explore what
changes are needed to ensure a breach like Y-12 does not happen
again. They are each the author of separate independent
assessments of the Y-12 incident or broader security issues at
DOD and NNSA. The witnesses are Major General Donald Alston,
former commander, 20th Air Force, and former Air Force
Assistant Chief of Staff, Strategic Deterrence and Nuclear
Integration; Brigadier General Sandra Finan, U.S. Air Force,
Commander of the Air Force Nuclear Weapons Center, and former
Principal Deputy Assistant Administrator for Military
Applications, National Nuclear Security Administration; and the
Honorable Gregory Friedman, Inspector General, U.S. Department
of Energy. I want to thank our witnesses for appearing today
and the time they have put in preparing their testimony. I know
it is a labor, but we do appreciate it.
I have a longer version of my statement that I am, without
objection, going to offer for the record. Hearing none, it is
so ordered. And with that, I want to turn to my friend and
colleague from Tennessee, Mr. Jim Cooper, for any opening
comments that he may have.
[The prepared statement of Mr. Rogers can be found in the
Appendix on page 37.]
STATEMENT OF HON. JIM COOPER, A REPRESENTATIVE FROM TENNESSEE,
RANKING MEMBER, SUBCOMMITTEE ON STRATEGIC FORCES
Mr. Cooper. Thank you, Chairman Rogers, I look forward to
working with you and our colleagues on these important issues
this year. I would just like to ask, in view of the shortness
of the time, that my opening statement be inserted in the
record.
[The prepared statement of Mr. Cooper can be found in the
Appendix on page 41.]
Mr. Rogers. Thank you, sir. In concert with that, as you
all may have been told before the hearing we will be called for
votes in a little while, so we will dispense with the reading
of your opening statements; they will be submitted for the
record without objection, and we will go straight to the
questioning of the witnesses. The witness order will be General
Alston, sorry, we won't let you stay retired; General Finan,
thanks for putting your NNSA hat on one last time to help the
subcommittee understand these issues, and Mr. Friedman.
[The prepared statements of General Alston, General Finan,
and Mr. Friedman can be found in the Appendix beginning on page
44.]
MAJ GEN C. DONALD ALSTON, USAF (RET.), FORMER COMMANDER, 20TH
AIR FORCE, FORMER AIR FORCE ASSISTANT CHIEF OF STAFF FOR
STRATEGIC DETERRENCE AND NUCLEAR INTEGRATION; BRIG GEN SANDRA
E. FINAN, USAF, COMMANDER, AIR FORCE NUCLEAR WEAPONS CENTER,
FORMER PRINCIPAL ASSISTANT DEPUTY ADMINISTRATOR FOR MILITARY
APPLICATIONS, NATIONAL NUCLEAR SECURITY ADMINISTRATION; AND
HON. GREGORY H. FRIEDMAN, INSPECTOR GENERAL, U.S. DEPARTMENT OF
ENERGY
Mr. Rogers. We will begin with 5-minute rounds of questions
and then we will have a second panel after that. I will start
the questions here.
General Alston, you and Mr. Augustine and Dr. Meserve seem
to have read the many reports and independent reviews of DOE
security that have been conducted previously. Your letter to
Secretary Chu calls it, ``The considerable body of work that
has been done on the subject over the past decade.'' In
particular, you mention the review done by Admiral Mies in
2005. You heard me, in my opening statement, mention a few
others, but there are many more. How do your findings and
recommendations compare to those contained in the findings of
all the previous reports?
General Alston. Mr. Chairman, thank you very much.
Mr. Rogers. Your microphone needs to be turned on, please.
General Alston. Need coaching and I am trainable. Mr.
Chairman, thank you for the question, I would say that probably
the most disturbing thing that Dr. Meserve, Mr. Augustine, and
I found was the recurring evidence of problems that have
existed before. And when you take a close look at Admiral Mies'
work that he did, I count about 111 recommendations that the
Department of Energy showed us, a matrix, we had grades on
them, and without doing an exhaustive detailed cross-check of
what Admiral Mies found and what we were finding but doing a
rather cursory look at that, I would take issue with a variety
of those assessments in terms of the health of those particular
findings.
Of course, since 2005, there has been a lot of time over
the course of those 8 years, and I can't say that I saw any
evidence of reaching back to the Mies reports. So I don't know
how fresh the management of the Mies findings and
recommendations was. I don't know the last time they revisited
that or if that is a regular phenomenon that they do revisit
all those findings. But just a few of them that point towards
culture and things that we found to be a legacy of challenges
in the Department of Energy: no team approach toward security,
struggling to succeed in an atmosphere of conflicting
viewpoints, headquarters versus the field, lab versus lab, site
office versus contractor, academic versus operational, union
versus management, and then non-NNSA elements in the Department
of Energy.
There have been recurring challenges as site field offices
would see a need to upgrade security. We saw lack of
discipline, that Admiral Mies found as well, in terms of having
a broad strategic vision for what the overall security
requirements and standards should be, and a sensitivity to
elevate the unique features of each site as opposed to having
standardized common security requirements being the principal
focus and the site offices having to defend wanting to be
different. But without discipline and strong central management
of that, then folks could conceive, design, develop, and deploy
systems that might not be as fully vetted and ready as they
need to be, and I think Y-12 is a good example of that.
Mr. Rogers. Why do you think this culture was allowed to
continue? Because it did happen over years. In your opinion,
after each of these studies, were there any consequences and
then they would lapse back into this culture or were there
never any consequences?
General Alston. We found it difficult to have traceable
authority from the field up the chain of command to find
unambiguous certainty that somebody was in charge of one
element of security or another. And because that seemed
ambiguous, and because there was a prevailing notion that it is
an eyes-on/hands-off surveillance mantra, that the field--the
sites have, over time, enjoyed being distanced from the
headquarters and sort of being alone and unafraid, and
certainly, I was in a military organization and we didn't like
interference from the headquarters.
However, when it comes to security, I think there are
benefits to having good central management that may not be true
for science, but I do believe it is true for security.
Mr. Rogers. Do you believe that if there had been somebody
at the top of the command chain held responsible for the
findings of any of these earlier studies in a significant way
by termination that it would have helped to eliminate that
culture's continuance?
General Alston. Well, sir, that would be one action that
could be taken, but that action alone I don't think would
necessarily have resulted in all of the fundamental changes
that would have had to occur.
Mr. Rogers. Why?
General Alston. Well, I think that gets everybody's
attention. I showed up on the Air Staff the same weekend that
we had our unauthorized munitions transfer from Minot to
Barksdale, a very epic failure for our Air Force. So, I was
there for the next 3 years working that particular problem. The
Air Force did not--we worked the problem hard for the first
year, but when we lost the Chief and the Secretary, life was
different, and the entire Air Force had to rally around not a
security problem, but an enterprise failure. And because we
looked at this in the largest context, I believe that after
spending 9 months working the problem to no one's satisfaction,
that it certainly was an extraordinary accountability action by
Secretary Gates which had the Air Force focus on that problem
in a way that we had failed to focus on it before, this is
absolutely true.
Mr. Rogers. Thank you very much. The chair now recognizes
the ranking member for any questions he may have.
Mr. Cooper. Thank you, Mr. Chairman. There are lots of
issues here, too much red tape in the bureaucracy, questionable
contractor performance. But I think that one thing folks back
home understand is what do we get for taxpayer dollars? And the
inspector general [IG] pointed out that DOE-wide we are
spending something like $1 billion a year just in protection of
facilities. And he mentions in his testimony that $700 million
per year spent on complex-wide protective force of about 4,000
workers, contract professionals; that would be $175,000
compensation for each guard; that is a lot. And a lot of folks
back home would ask, well, we paid all these people, did we get
any security and result in return?
The focus, of course, of today's hearing is the Y-12
facility, which we discover now wasn't even nun-proofed, much
less terrorist-proofed. And the expenditures are called for the
Y-12 facility, we just spent $150 million a year protecting
that one plant, and yet we couldn't catch two 70-year-olds and
one 80-year-old as they breached the perimeter. And as the
chairman has quite correctly pointed out, it is hard to find
that anybody was punished except the lowest level guard, and it
doesn't seem like this is a fair way to treat a security lapse
of this type.
So I know that time is of the essence, I just want to
encourage the IG and I appreciate the work of Meserve and Finan
to help us understand this. But the bottom line is taxpayers
need to get results for their dollars. Right now in DOE, it
doesn't seem like we are getting those results. Welcome a
comment, but I know that time is short.
Mr. Friedman. Mr. Cooper, are you asking me for a comment?
I think you have synthesized the high points, several of the
high points in our reports over time. I might point out that
safeguards and security, from our perspective, has been a
management challenge at the Department of Energy for at least
the last decade, so this is a continuing problem. And if I may
respond subsequently to a question from the chairman to General
Alston, we have found over time that, I think the chairman
phrased it exactly correctly, that there has been a lack of
sustained effort to cure a problem. There has been sort of a
short-term fix and then the fix, and the effort to fix
evaporates over time.
And secondly, if I can, security cannot be a sideline, it
has got to be integrated into the very essence of a production
plant like Y-12 and all the other department facilities. So it
has to be an integrated approach from the get-go to the end
rather than a separate function. So I think those are two
highlights, and your issue that you have highlighted, Mr.
Cooper, about costs are ones of course that concern us a great
deal.
Mr. Cooper. It shouldn't just concern us. We paid no
telling how many tens of hundreds, millions of dollars for
cameras at Y-12 that didn't work, and an alarm system that gave
off hundreds of false alarms a day. Where is the refund from
the contractor? You know, the best we can tell, people got
performance bonuses. Excellent ratings. This is astonishing
that the taxpayer got back so little for their money,
especially in such a secure installation. I thank the chairman;
I yield back the balance of my time.
Mr. Rogers. I thank the gentleman. The chair now recognizes
my friend from Arizona, Mr. Franks, for 5 minutes.
Mr. Franks. Well, thank you, Mr. Chairman, thank all of you
for being here. I don't want to mischaracterize my friend's
comments about the 80-year-old nun, it seemed like he kind of
did that in a rather diminishing way. I understand she was
quite spry for 80, and that that should be taken into account.
When you make the comparison about the guards costing about
$175,000 a year for taxpayers, I have been looking at the
numbers here, and that is about what Congress gets paid, and I
am afraid the connections and the parallels here are a little
frightening for someone like myself, because we wonder if maybe
we are not all a little bit overpaid.
It is very easy for us to kind of, as I just did, make
little jokes about these kinds of things and sort of step back
from almost a holier-than-thou position. It is easy from an
armchair perspective to say ``how could this ever happen.'' And
yet in a sense, that is a little bit--that is our job here on
the committee to try to exert some oversight that hopefully
will change a culture that has made a particular error here in
a better direction.
I know that if we really were all honest with ourselves, we
would look at this from a much larger perspective. History has
been pretty unkind to those who have tried to maintain nuclear
security. If we had done that well decades ago when we first
gained this technology, the Soviets would never have gained
that technology and there never would have been a Cold War. So,
this is not as unprecedented; I think I remember some story
where we had to drop one of our atomic bombs off the coast out
of a plane, I think it is still there, years ago.
These are not as unprecedented as they seem, but because
they are so serious, it occurs to me that we have to try to
back up and ask ourselves, why is it that there is this
hallmark for us letting these kinds of things be so easily
secured when the implications are so profound? So I guess I am
going to ask sort of a question for all of the panel members.
If there was one thing that you could do in this particular
instance and in a broader instance of trying to help both our
civilians infrastructure and our military apparatus understand
the need for more security when it comes to nuclear technology
and weapons that have these profound implications, what is the
one thing, General, I will start with you, that you would
suggest that we do? Is it a mind-set? Is it a systemic issue?
What would you postulate?
General Alston. Well, sir, I would tell you that Mr.
Augustine and I, in particular, and I think Dr. Meserve
mentioned it as well, but the cultural challenges facing the
Department of Energy when it comes to a culture that doesn't
segment security, doesn't segment safety, but rather looks at
them as all essential to mission as opposed to trade space,
that that is a very profound challenge because taking culture
on head-on is a very challenging effort. But, we found that
this, and I have had recent discussions informally with people
not involved directly with this where security is now perceived
as, you know, we have to go through the hurt right now. And,
security is perceived as sapping strength and competing with
science and other priorities in the Department.
So I think there is still a long way to go in a pervasive
culture where every last person that is working in NNSA or the
Department of Energy sees security, and safety, and mission,
not as separate things that need to be tended to, and
prioritized, but rather have a common view how important and
vital they are and essential every day to mission success.
Mr. Franks. General Finan.
General Finan. Well, I would echo what General Alston just
said and I think that is the primary thing you have to do is
work on the culture so rather than repeat that, I think given
culture as an issue that must be addressed, I think the next
thing that we have to think about is lines of authority. We
have to be very clear on who is responsible for what. We have
to then follow up and give the authorities necessary to execute
those responsibilities and once we do those two things
throughout the chain of command, then we can hold people
accountable. But one of the continuing things that NNSA and DOE
before it have struggled with was defining roles and
responsibilities and then giving the appropriate authority to
execute those responsibilities, and that has been a
longstanding issue that we really need to straighten out in
order to create that accountability and ownership of that
security mission.
Mr. Friedman. Mr. Franks, I concur with what has been said
previously. And maybe this is too far down in the weeds, but if
there was, in addition to what has already been said, if there
was one problem, and I guess it builds on what General Finan
just referred to is that we need to be sure that employees at
all levels are empowered to raise serious issues and that there
is a process in place to ensure that those issues are, in fact,
addressed. I think that applies in terms of safety, it
certainly applies in terms of security. And it certainly was a
problem, a root cause problem we found at least with regard to
the Y-12 issue and security generally throughout the Department
of Energy.
Mr. Franks. Thank you. And thank you, Mr. Chairman.
Mr. Rogers. I thank the gentleman. The chair now recognizes
Mr. Garamendi for 5 minutes.
Mr. Garamendi. I would like each of the witnesses to take a
minute and a half and talk about where we are today. This is
all history; what has been done along the lines, if you know,
to carry out the recommendations that have been made? We will
start with the General, General Finan.
General Finan. I left NNSA over a month ago, but before I
left, I can tell you that there was structural changes
occurring within the security organization so they were in the
process of implementing the recommendations to stand up an
operationally focused organization that would help ensure
standardization across the fields. They were also in the
process of creating standards and criteria for security so that
people in the field would know what standard they needed to
meet and what criteria would be used to evaluate them. There
were personnel changes that had occurred in order to bring in
what I call true security expertise. Security is a special
skill, and we have people throughout this country who have
those skills, and so we need to seek out those individuals and
bring them in so that they can bring that skill set to the
NNSA. So, that was ongoing. So, basically all the
recommendations that I had out of my reports were being enacted
at the time I left.
Mr. Garamendi. And Mr. Friedman.
Mr. Friedman. With regard to the recommendations we made in
our earlier report, Congressman, we have not received the final
departmental position, so we are not--we have heard anecdotal
information of what steps have been taken and we are waiting
for that to occur. In the interim, between our reports, both
General Alston and his group and General Finan have done their
reports. We have also issued a report on the contractor
assurance system which is a system that NNSA has in place to
evaluate contractor actions. We intend to go back at some point
in the future and look at the process and determine whether the
fixes that have been committed to and promised have, in fact,
been made.
Mr. Garamendi. When is that point in the future?
Mr. Friedman. I guess that is the pointed question I wasn't
prepared to answer. We will--it is a high priority for us
because obviously security is essential in a nuclear weapons
environment.
General Alston. I left the effort the first week of
December, and the draft recommendations, which we were exposed
to, were not in the charter that Secretary Chu had given us, so
I don't think I am in a position to comment.
Mr. Garamendi. Good. Let me go back to you, Mr. Friedman.
One of the oversight and review organizations is you, and it
would seem to me that holding people accountable is what you
guys do, so I am concerned about your response that at some
point in the future and so on and so forth. I would like a more
precise answer. And with that, Mr. Chairman, I yield back.
[The information referred to was not available at the time
of printing.]
Mr. Rogers. I thank the gentleman. The chair now recognizes
Mr. Nugent for 5 minutes.
Mr. Nugent. Mr. Friedman, just to follow up on Mr.
Garamendi's question, you do the inspection, you prepare a
report, you send it to the powers to be, and they are the ones
that have to make things accountable, am I correct on that? Do
you hold them accountable, or do the administrators hold their
rank and file accountable?
Mr. Friedman. Well, our reports in these instances,
Congressman, were sent to the Secretary; it is ultimately the
Secretary's responsibility to hold his subordinates
responsible.
Mr. Nugent. I would think, General Alston, when you took
over as related to the incident in the Air Force, were people
held accountable at the upper echelons, or was it just the
lowest ranking folks that are easy picking when something goes
wrong, or do you look at the culture, which I have heard from
all three of you in regards to how things actually occur?
General Alston. Initially, it was just the lower level
leadership, wing commander, squadron commander, a couple of
group commanders, so there were a handful of colonels.
Following the installation of the new Secretary and the new
chief of staff, I know there was a further detailed review, and
I am not privy to exactly what the actions were.
From a distance I understand that General Schwartz, as one
of his initial responsibilities after evaluating how to do
accountability in these circumstances, taking in stock not just
the unauthorized movement in the nuclear weapons, but also the
incident that involved some components that were opened in a
box in Taiwan, that the chief of staff then personally dealt
with the general officers in ways that I am just not personally
privy to.
Mr. Nugent. You know, in experience, in regards to leading
an organization, somebody has to be accountable. And typically,
when you discipline the lower ranks and you mentioned it, there
are other folks because it is a culture, and all three of you
have mentioned that, a culture of really failed leadership
within NNSA and DOE as it relates to security. How do we--if
you were in charge, how do you fix that specifically from the
IG's perspective? Where does the ball finally end?
Mr. Friedman. As I alluded to in my earlier comment,
Congressman, security cannot be treated as a stepchild, as a
side show, it has got to be integrated into the process from
the very outset. And that is one of the key issues that we have
found has not been in place. You can call that a cultural
issue, perhaps that is correct, and I think--I would refer to
it as a ``tone at the top'' issue. It has to flow down from the
highest levels of the Department and permeate and people have
to be held accountable. I know that may sound like a textbook
sort of lessons, but I think that is what needs to be done and
it seems to me there has been a commitment to begin that
process. And as I alluded to earlier, sustainability is really
the issue. We are on a path now, we have anecdotal information
that changes have been made, not personnel changes that you are
referring to, I understand that, but changes have been made in
the systems. The question is will that be sustained going
forward?
Mr. Nugent. And it really is buy-in from the leadership.
You can change systems and you can change policies, but if
there is no one there to actually make sure that the rank and
file are following the policies and procedures, nothing gets
done from a positive standpoint. So we can talk the game, but
at the end of the day how is NNSA and DOE actually going to
hold the upper-level administrators accountable for the
security that is so important to this Nation? How do you
suggest that happen?
Mr. Friedman. Well, I think the administrator of NNSA
reports to the Secretary of Energy under the current format.
And ultimately, and obviously there are changes in process as
we speak. Ultimately, it will be the responsibility of the
Secretary to set the tone at the top with regard to security,
and make sure that his subordinates and his direct reports
certainly understand the emphasis on security and his desire to
ensure that at a subsequent point, he can come back to them and
receive confirmation that security has been treated as a
priority.
Mr. Nugent. I thank all three of you for your testimony,
and I think your direction in regards to what the issues are,
or more importantly--I mean, you have identified the people
that actually have to make it happen obviously aren't here at
this point. So thank you very much.
Mr. Rogers. Thank the gentleman. You know, it is astounding
to me, we are not talking about an equipment site, we are
talking about nuclear materials. And I keep hearing this issue
about, well, it is a culture and we need to have more
responsibility up the chain of command, nobody is talking about
firing anybody. You know, as the general said earlier, when the
Secretary ran off the Secretary of the Air Force and the chief
of staff, it got everybody's attention. It seems like nobody is
talking about we have to go to those levels of responsibility
and run somebody off to make sure everybody understands that
security is integral, and has got to be a part of the system.
But, I don't hear anybody calling for that, but that is just
me. Mr. Wilson is recognized for five minutes.
Mr. Wilson. Thank you, Mr. Chairman. And thank you all for
being here today, and Mr. Friedman, I am an alumnus of
Department of Energy, so I appreciate your service there as IG,
a very important position. In fact, it is so important, and
General Finan, for both of you, you refer to an eyes-on/hands-
off approach to oversight. Can you explain why you flagged this
as a concern? Why did this contribute to the security failure?
And where did this approach come from? And what has been done
and it has been referenced, but what has been done to fix this,
beginning with the general?
General Finan. Yes, sir. Eyes-on/hands-off was interpreted
in the security community at NNSA to mean that Federal
personnel were not really to interact with the contractor in
executing security duties, they were only to watch them execute
duties. And in many cases, not even allowed to interact with
the contractor as they accomplished those duties. What that
evolved to was basically a completely Federal hands-off policy;
that said, in my Federal role, I can't tell the contractor what
to do. I can give general directions that say, okay you need to
secure a site, but the Federal personnel then failed to give
additional directions that said anything about how. Well,
nuclear security is absolutely critical, and it is inherently a
Federal responsibility, and that means the Federal personnel
have a responsibility and a duty to be a little bit more
specific, and in fact, tell contractors exactly how to do
nuclear security.
Now there are some variations and things like that, but
what evolved over time was rather than evaluate--if you ask me
to evaluate nuclear security, I am going to come up with
scenarios that I think are significant and then I am going ask
the contractor to execute them so I can see the contractor
execute those duties. We took--eyes-on/hands-off took the
Federal Government out of that role. What it did was it let the
contractor decide what scenarios would be evaluated and it was
all about contractor self-assessment and Federal oversight was,
in fact, diminished. And so what happened is we really didn't
have any insight. Federal personnel in NNSA did not have
insight into the details of how the contractor was executing
that mission. And so, that really is eyes-on/hands-off and
where it evolved to.
Mr. Wilson. I appreciate your raising that because I am
very grateful the Savannah River Site is in the district that I
represent, in Aiken and Barnwell County. And, I have had the
opportunity to visit so many times, and to see the
extraordinary personnel of perimeter security, so I have seen a
positive. So it is startling to me that something like this
could occur. Mr. Friedman.
Mr. Friedman. I associate myself with General Finan's
remarks. I think she has characterized it perfectly, but if I
can take a minute and describe a specific that was in our
original findings. There were very, very expensive, costly
cameras and detection equipment at Y-12 that was inoperable for
up to 6 months and just the backlog of repairs had never been
addressed. Now, the local Federal officials were aware of it,
but they did not feel they were empowered because of eyes-on/
hands-off essentially, they didn't feel they were empowered to
force the contractor to reprioritize the work, the maintenance
work that was being done to be sure the detection equipment was
operating as intended. It was a vital essence, essential part
of the perimeter defense mechanism at the site. And that is an
example of how we have gotten to the point where, as I said
earlier, we need to empower these individuals to ensure if they
have a problem like that, number one, they can bring it up with
the contractor and ensure that the issue is addressed. And
number two, if it is not addressed, that it goes to the
Administrator and that there is appropriate action taken.
Mr. Wilson. And that is particularly startling because when
we think of the new technologies, we think of this as better.
And so I know that your report indicates that there should be
periodic in-depth reviews of contractor security, and certainly
that would include that the equipment is working.
Mr. Friedman. Absolutely. It is vital. There is no excuse
as far as I am concerned, in an environment such as Y-12, one
of the most sensitive sites in this Nation, to have equipment
inoperable and not treat it as a critical priority to get it
back on line as quickly as possible.
Mr. Wilson. And for the protection of the American people,
again, the new technologies we have should be used to their
highest and best use, and I appreciate your efforts, all of you
to do this. I yield the balance of my time.
Mr. Rogers. I thank the gentleman and the chair now
recognizes Mr. Lamborn for 5 minutes.
Mr. Lamborn. Thank you, Mr. Chairman. I want to thank all
of you for what you have done to serve and help our country.
You can all jump in on this question, but General Alston, I
want to ask you a two-part question. When there was the
unauthorized transfer of nuclear weapons from Minot to
Barksdale, the Air Force really drilled down and saw this as a
broad issue that had to be addressed, even going so far as to
reemphasizing the importance of the nuclear mission in the Air
Force all the way back to the Air Force Academy, which is in my
district. So could you address how that was done? And then how
does that contrast with what is being done, if there is a
contrast with the Y-12 incident?
General Alston. Well, sir, thank you for that question.
What we recognized was that the Air Force, having been flying
combat missions for such an extended period of time, and with
the emerging emphasis on irregular warfare, that conventional
operations and irregular warfare were elevated in their
priority in terms of the way the Air Force resourced itself and
the tempo and deployments. And the price you paid for that was
a de-emphasis in the nuclear part of our mission set. And, we
were born in that strategic attack mind-set and capability, but
we had lost that focus because of other competing priorities.
So when we looked at the professional military education for
our NCOs and our officers, we reassessed that there was
insufficient, and, in some cases, very little to non-existent
elements of nuclear in those programs so that a broad brush was
painted across all of our airmen as opposed to just those who
have nuclear mission responsibilities today, because we felt it
was important that everyone in the Air Force should have a
broad sense of what we are about as airmen.
And so, we attacked that and there was a lot of re-attack
as we looked and evaluated, looked and evaluated, and changed
those programs so that we were satisfied the modules on nuclear
were worthy at that level of education. But we didn't want to
sort of cashier or contract out, if you will, strategic
deterrence to just the nuclear operators; everyone needed to
understand the larger context as best we could do.
Now the whole service was energized in the face of this
epic failure, and we considered it an enterprise failure. This
was mission failure at historic levels for us and we looked at
it that way.
The challenge, I think, with the Y-12 situation is we
didn't necessarily find a pervasive evaluation that this was
mission failure that could be a wakeup call across the
enterprise. The guys at Oak Ridge made a very bad mistake, but
the guys at Pantex or the guys at Savannah River have not made
that transgression. So weaknesses that might be systemic in
other places with the distance that the sites preferred we
didn't witness a strong embrace to say, truly, how can we
ventilate the deficiencies there and see them here. I believe
that work took place. I just think that the self-critical
capacity can be improved in the NNSA and the Department of
Energy to make that assessment broad and legitimate.
Mr. Lamborn. For either of you other two, General or
Inspector General?
General Finan. I agree with what General Alston stated. And
when I took a look, I took a look just at the Federal
organization and the Federal assessment model contained within
NNSA, and there were structural flaws in both the organization
and the assessment model, which is why I recommended a complete
change in the organizational model and a new assessment model
to reach out beyond Y-12 to all the other organizations because
it does, in effect, affect all eight NNSA sites.
Mr. Friedman. Again, I agree with my colleagues at the
table, I would say that one of our, I think more important
recommendations which actually sounds very subtle and may sound
actually unimportant is that the lessons learned from Y-12, and
it was a tremendous wakeup call because Mr. Cooper described
the three intruders, they could have been three people who were
armed in a different way and had malicious intent, and could
have been a real tragedy, so we had a tremendous wakeup call.
Our point--one of the points we made was that it is important
that the lessons learned from Y-12 be exported throughout the
entire Department of Energy complex, so that we are in a mode
of preventing this sort of thing from happening again, not just
simply reacting, should it occur in another location.
Mr. Lamborn. Thank you, thank you, Mr. Chairman.
Mr. Rogers. The chair now recognizes Mr. Veasey for 5
minutes.
You know, the point you just made goes back to what I said
earlier, and that is, we have learned some real lessons at Y-
12, but apparently, we have been hearing this call for these
changes for a long time. The thing I want to assure the folks
who are listening to this is this committee is not going to let
this go, the DOE and NNSA are going to fix this problem going
forward in a meaningful way. And until they do, we are going to
make them wish they had. So this is not going away. We are--
does the ranking member have any more comments?
We are about to be called for votes, I want to thank our
witnesses for their time and their energy and attention, and we
appreciate you and we will go into recess now for our votes and
bring our second panel back up after votes. Thank you.
[Recess.]
Mr. Rogers. I would like to call this hearing of the Armed
Services Subcommittee on Strategic Forces back to order. And
apologize for the delay, but our votes are over for the day.
And I thank our panelists for hanging around and look forward
to their comments.
I do want to thank you for your time and energy in
preparing for this hearing. I know it takes a lot of time and
effort, but you know it is important to us that you have done
it. So thank you for that.
What I would like to do, your full statements have been
submitted for the record. Jim and I both read them, the ranking
member and I have both read them, but I would like to ask each
one of you to take about a minute and synopsize the content of
your opening statement, and then we will just go directly to
questions, for time sake.
Oh, I am sorry. Didn't introduce the witnesses. I thought I
had done that earlier. We first have Secretary Daniel Poneman
and Honorable Neile Miller. She is the Acting Administrator,
and Principal Deputy Administrator for the NNSA.
Secretary Poneman.
STATEMENT OF HON. DANIEL B. PONEMAN, DEPUTY SECRETARY OF
ENERGY, U.S. DEPARTMENT OF ENERGY; AND HON. NEILE L. MILLER,
ACTING ADMINISTRATOR AND PRINCIPAL DEPUTY ADMINISTRATOR,
NATIONAL NUCLEAR SECURITY ADMINISTRATION
STATEMENT OF HON. DANIEL B. PONEMAN
Secretary Poneman. Thank you, Mr. Chairman, Ranking Member
Cooper, and members of the subcommittee. We are grateful for
the invitation to appear before you today to provide the
subcommittee details on the actions the Department has taken or
will take to strengthen the security of the nuclear weapons
complex in the wake of the July 2012 Y-12 incident. We
appreciate the interest and engagement of this committee and
recognize the important oversight role that you fulfill.
The Secretary and I recognize the severity of the problem
that led to this point and we have acted swiftly to identify
and address the issues it revealed. Since the Y-12 incident,
several major actions have taken place to improve security
immediately and for the long term, and I will just mention, in
deference to your request, Mr. Chairman, just a few.
We restructured the contracts at Y-12 to integrate security
into the line of command of the M&O [management and operations]
contractor. The protective force contractor was terminated and
a new M&O contractor has been selected to manage the Y-12 site,
providing an opportunity for new leadership and to improve Y-12
security culture. We held accountable both the senior Federal
and contractor management personnel at headquarters and at the
site, removing them from their positions. The Department's
Chief of Health, Safety, and Security [HSS] conducted an
independent security inspection of the Y-12 security
operations, including rigorous force-on-force performance
testing, as well as no-notice and short-notice limited scope
performance testing activities as directed by the Secretary,
and they will be conducting a follow-up review in April.
The Secretary also directed HSS to conduct immediate extent
of condition assessments of all Category 1 sites across the DOE
complex to identify any immediate security issues and to follow
up with full security inspections, including force-on-force
exercises, to assure effective security measures are being
implemented at those sites. NNSA conducted an immediate after-
action report to identify causes, followed by the report, which
I know you have heard about this morning, from General Finan.
The former Deputy Administrator tasked General Finan with
reviewing the Federal NNSA security organizational structure
and security oversight model. And you have heard about her
recommendations, which we are implementing, so we can talk
further about that during your questions.
Finally, we had an independent group--actually they were
individuals, all of whom have distinguished, long careers in
national security and in nuclear matters. Each one provided
thoughtful advice on the DOE's nuclear security structure,
specifically all Category 1 nuclear facilities, and we are now
reviewing and discussing their advice on how to improve
security at Y-12 and across the nuclear enterprise.
So in conclusion, the series of personnel and management
changes that I have described today have been made to provide
effective security at the Y-12 site and across the DOE complex.
We are working to carry out the structural and cultural changes
required to secure all Category 1 nuclear materials at this and
all of our facilities. Our management principles hold that our
mission is vital and urgent. Nowhere is that more true than
here.
The security of our Nation's nuclear material and
technology is a core responsibility of the Department in
support of the President and in defense of the Nation. The
incident at Y-12 was unacceptable and served as an important
wakeup call for our entire complex. The Department is taking
aggressive actions to ensure the reliability of our nuclear
security programs across the entire DOE enterprise, and will
continue to do so.
In that effort, the Department looks forward to working
with this subcommittee, sir, to ensure the security of the
Nation's nuclear materials. And, Acting Administrator Miller
and I would be very pleased to answer any questions from you
and members of the committee.
[The prepared statement of Secretary Poneman can be found
in the Appendix on page 101.]
Mr. Rogers. Thank you.
Ms. Miller, did you have an opening statement?
Ms. Miller. No, sir. Mr. Poneman is giving the statement.
Mr. Rogers. Great. Well, thank you. And, I will start off
with the questionings for Secretary Poneman.
As Deputy Secretary for the Department of Energy, you
talked about this being unacceptable, and you just made some
reference to some corrective actions, and you talked about how
you have now completed an integration in the line of chain of
command with a new contractor. What is different in this line
of chain of command?
Secretary Poneman. Okay. At the time of the incident, Mr.
Chairman, there were two separate contracts at the site. One
was the overall management operations contract for the site.
Mr. Rogers. Okay. You are talking about the line of chain
among the contractors, not within the Department. Have you
altered that in any way? That once the contractor notifies the
Department of anything, good or bad, has the chain from that
contact person up the stream been modified at all?
Secretary Poneman. Yes. But the way the contract is
structured affects it. But I will go right to the part you
asked. One of the things that General Finan found in her report
was that there was lack of clarity, that the organization known
as NA-70 for nuclear security was exercising some authority in
line management over security activities at the site, as was
activities under our infrastructure and operations, the so-
called double zero. That was confusing. We have ended that. We
have made it very clear that the line management must go down
from the Administrator through the Infrastructure and
Operations Office. And that has removed the security
organization, NA-70, from that.
NA-70's role has been clarified so that their role is to
develop the plans, it is a staffing function, and then to
evaluate the performance. That had the additional change in the
field, Mr. Chairman, that the evaluation of performance under
the contract was no longer done by the field Feds, which was
creating, in General Finan's review, too close of a situation
between the people on the site, between the contractor and the
Fed.
And so I think we have really clarified it, but the other
fact that actually bears on this as well is there was also
confusion that was created by having these two separate
contracts at the site, and we have immediately folded the
Proforce [protective force] security boots-on-the-ground
contract under the M&O contract, just to clarify.
Mr. Rogers. Okay. Under this new structure, if we were to
have another incident, who would be the ultimate person
responsible for security at that Y-12 site?
Secretary Poneman. The line management is always
responsible, going straight down from the Secretary down
through the NNSA Administrator.
Mr. Rogers. Walk me through it. Secretary----
Secretary Poneman. Deputy Secretary, NNSA Administrator,
the director of the Federal site for the NNSA, and then it goes
straight from that person to the senior contract official.
Mr. Rogers. And that was not the case when this incident
occurred?
Secretary Poneman. There was confusion because there were
directives that were coming out of the NA-70 organization that
could have been confusing in terms of where the accountability
was from the perspective of the people at the site.
Mr. Rogers. Aside from the contract with the contractor
being terminated, which it was about to expire anyway, you
mentioned that responsible people were reassigned. You put
removed from their responsibilities, but they weren't fired.
Why weren't they fired?
Secretary Poneman. Sir, the first thing we had to do in the
incident was we, as you have said many times, hold the people
accountable. So we did that both at the site and at the
headquarters. The top three officials at the headquarters
responsible for nuclear security were removed from those
positions. The top two relevant officials on the Federal side
at the site were removed from their positions.
Mr. Rogers. Why weren't they fired, though? Why were they
just removed? This is a nuclear facility.
Secretary Poneman. That is true, sir. There are additional
disciplinary actions that have been underway. We have due
process and various procedural safeguards that occur in our
system, and those are now being pursued. But the important
thing in terms of protecting the nuclear material was to get
those people out of that line. Most of them are out of the NNSA
entirely. And in addition, we ensured that people at the
contractor level knew they had lost our confidence. And the top
two officials responsible at Y-12 on the contractor side were
also removed.
Mr. Rogers. Well, you know, you heard me earlier talk about
Secretary Gates. He fired the Secretary of the Air Force and
the Chief of Staff of the Air Force when he had a similar
incident. I think that is the model. Do you disagree that
should be the model in how we respond to serious security
violations at important facilities like this?
Secretary Poneman. I certainly agree, Mr. Chairman, that
accountability is absolutely crucial. I am not deeply intimate
with the details of the 2007 Air Force incident. I have the
highest regard for Secretary Gates. But I think the principles
that he described in terms of accountability are very much ones
that we share.
Mr. Rogers. Well, I would hope so, and I would hope you
start reflecting those going forward, because that is the kind
of action that sends a clear message that these lapses in
security will not be tolerated, because the other factor here
is this has been going on for 10 years. We have had study after
study after study. So, frankly, the folks at the top of the
food chain really should have known about this before it
happened and shouldn't have been allowing it to happen.
But with that, I will turn to my ranking member, Mr.
Cooper, for any questions he may have.
Mr. Cooper. Thank you, Mr. Chairman. I welcome the
witnesses. I am sorry we have to be here, because this incident
never should have happened.
You say that you are for accountability, but wasn't the
main contractor there, Babcock & Wilcox, still able to receive
60 percent of its award fee, or $36 million, right after the
incident happened?
Secretary Poneman. Mr. Chairman, the way that----
Mr. Cooper. I am not the chairman. I am the ranking member.
Secretary Poneman. Oh. Sorry. Mr. Ranking Member. The award
fee under the terms of the contract--and I think it is a very
fair question to pursue how we structure these in terms of
compensation, I think that is an absolutely fair point--the
only amount of fee that was available for security was zeroed
out. So that was removed from the contract.
The way they got to the 40 percent reduction of fee was by
taking all of that and then going beyond that. There are other
things happening at the site in terms of naval reactor fuel, in
terms of directed stockpile work, and so forth. And the way
that the contract is structured, the fee is bucketed. And we
took the fee that was available to take away, away, and that
was a series that we have actually followed up in subsequent
incidents also seeking to claw back fee, because we agree the
American people should not be paying for underperformance when
it comes to security.
Mr. Cooper. And how much of the fee do you expect to claw
back?
Secretary Poneman. Well, the numbers that you have cited
there, there is 40 percent in the episode at Y-12 for the
contract.
Mr. Cooper. But I thought you said there were further
efforts going on.
Secretary Poneman. There was a $10 million fee that was
clawed back for another episode elsewhere in the complex.
Mr. Cooper. But immediately prior to the incident, your
agency in its wisdom had given Babcock & Wilcox an excellent
rating for its safeguards and security work, and they received
their full $51 million incentive fee in fiscal year 2011, even
though, as has been testified to, the cameras weren't working
on a wholesale basis, took months and months to ever do
repairs. Why do they get their entire incentive fee right prior
to the incident?
Secretary Poneman. Congressman, this flags exactly one of
the deficiencies in the structure that preceded this incident,
because there was, as again General Finan's report I think
makes very clear, a tendency to not have the boots-on-the-
ground analysis and review, but to have the evaluation based on
what the contractor said, and then have an on-paper review.
That is why separating that role out from the site and putting
it into the nuclear security organization at headquarters would
hopefully correct that.
We did not see the things in advance the way we should
have. Obviously, had we seen those things in advance, we would
have replaced all 62 cameras ahead of time. I am hoping, and I
believe that both the organizational and the cultural changes
that we are going to institute pursuant to the Finan report
will prevent this kind of thing from happening in the future.
Mr. Cooper. With all due respect, it doesn't sound to me
like you are taking responsibility, because aren't you the
Deputy Secretary and haven't you been the Deputy Secretary for
some time?
Secretary Poneman. Yes, sir. And from the moment I heard
about this incident, I have been doing everything I can in
every dimension to make sure that nothing like this ever
happens again. I do feel deeply responsible.
Mr. Cooper. You have been doing everything you can, and the
questions to my colleague, Ms. Sanchez, were submitted 5 months
after the hearing testimony? The copy we got, you needlessly
duplicated one question twice. Doesn't look like much effort
was put into this. And I know this is just an exchange of
paper, but----
Secretary Poneman. Congressman----
Mr. Cooper. Do you feel like you are taking responsibility?
Secretary Poneman. Yes, sir, I do. I take responsibility
for everything that happens in the Department and I am----
Mr. Cooper. Has your pay been reduced? Are you threatened
in any way? What sanctions have you faced?
Secretary Poneman. Congressman, I am doing everything I can
to address the problem, and I will do that as long as I am in
this position. And I will be very open to working with this
committee and all others to make sure that nothing like this
can ever happen again.
Mr. Cooper. But meanwhile, as the inspector general told us
in his testimony, your Department is spending about a billion
dollars a year securing various facilities, hiring 4,000 guard
personnel through various devices, and in some places it is one
prime contract, in some cases it is split two primes, and in
some places it is a subcontract. There seems to be no rhyme or
reason to this. But if you divide, you know, the salary
component of that, $700 million by the 4,000 employees, that's
$175,000 per guard. Where is this money going and what results
are we getting for this? That is a lot of money, and my guess
is the guards aren't actually being paid nearly that much. Who
is making the difference?
Secretary Poneman. Congressman, there are a number--I don't
have the exact calculation you have before you--there are a
number of both physical assets in terms of huge facilities with
thick walls, BearCats and various perimeter fences and various
security systems, all of which requires an investment.
But to be clear, the money itself is not going to solve the
problem if we don't have the clarity in the lines of
responsibility and in the authorities that go with it and,
frankly, the cultural shift that is required to go with it. It
is not a problem that will be solved by dollars. And the
dollars that are invested in it are very important, because we
need to get the assets, both the human assets and the physical
assets, but that's only part of the problem.
Mr. Cooper. Trust me, I am not suggesting spending more
money. I am asking what value the taxpayer got for this
extraordinary outlay over many years. And this is, according to
your own IG, money spent on employee compensation.
Secretary Poneman. Congressman, we have large, large
quantities of both highly enriched uranium and separated
plutonium, all of which is extraordinarily sensitive. That
material is very, very well defended. It is of absolute
paramount importance.
Mr. Cooper. It's well defended when an 82-year-old nun got
into Y-12? How can you possibly say that?
Secretary Poneman. Congressman, the episode that occurred,
as we have repeatedly testified in this and the prior hearing,
is absolutely unacceptable. It is a wakeup call. There are
several----
Mr. Cooper. Then how can you say it was well defended? It
was not well defended. That is why we are having this hearing.
Secretary Poneman. Congressman, what I am trying to say is
that there are a number of additional layers of security. It is
unacceptable that they penetrated the perimeter fence. That is
unacceptable, a wakeup call. We are taking the appropriate
actions. The concertina wire is around it. There are other
additional layers, including, you know, military-style forces,
including various physical impediments. And I can assure you
that there are many more layers that are defending that very,
very sensitive material.
Mr. Cooper. So we really had nothing to worry about. There
were many more layers of security left and it was all fine.
Secretary Poneman. Congressman, that is not at all what I
am saying. You have heard us from day one, Secretary Chu and I
have been consistent, this was unacceptable. And, it is a
shocking breach of the security that we thought was in place.
That having been said, your specific question went to the
actual material itself, and I am only saying, not that there is
any reason for complacency, far from it, quite the opposite,
but to say that we do have additional measures of protection
that is needed for that material. It is unacceptable what
happened, and we have to make sure that that part gets fixed as
well.
Mr. Cooper. Mr. Chairman, in all due respect to the
witness, it still does not sound like he is really taking
responsibility for this.
Secretary Poneman. I want to be very clear, Congressman. I
accept responsibility for this.
Mr. Cooper. Well, what punishment have you suffered for it?
Secretary Poneman. I am working----
Mr. Cooper. Other than attending this hearing?
Secretary Poneman. I am working on this problem, sir, as
hard as I can.
Mr. Cooper. Thank you, Mr. Chairman.
Mr. Rogers. I thank the gentleman. The chair now recognizes
the former chairman of this subcommittee, Mr. Turner of Ohio,
for 5 minutes.
Mr. Turner. Thank you, Mr. Chairman.
Secretary Poneman, I want to thank you for your efforts to
try to address this. I happen to know that you are a very
hands-on Secretary, you and I having worked together on an
issue with respect to the Mound facility. I was very impressed
by the fact that you do rise to a very hands-on level. So
that's why I think this whole problem leaves most of us
scratching our head, wondering: where are we and why do we have
this circumstance?
So I am going to ask you a couple questions that I think
frame the topic in the level of oversight where we have
concerns. So I am going to ask you a broad, basic question. Is
there ever a situation where a security failure at one of the
facilities protecting our nuclear infrastructure would result
in the termination of an employee of DOE or NNSA due to their
performance?
Secretary Poneman. It could, sir. What we can do----
Mr. Turner. I am sorry. So the answer then is yes?
Secretary Poneman. The----
Mr. Turner. Because it's a pretty direct question. I am not
asking you is it in the realm of possibilities. I am asking
you, is there ever a situation where a security failure at one
of our--the protection of one of our nuclear facilities would
result in the termination of an employee of DOE or NNSA due to
performance? It's a yes-or-no question.
Secretary Poneman. Congressman, if--it depends----
Mr. Turner. There is no ``depend.'' It is like a----
Secretary Poneman. No.
Mr. Turner. Because it already says ``ever'', so ``ever''
encompasses the whole scope----
Secretary Poneman. Yes.
Mr. Turner [continuing]. Of possibilities. Is there ever a
situation?
Secretary Poneman. It could, yes.
Mr. Turner. Yes. Okay.
Now, in taking that broad statement where you have
acknowledged that there is a situation where a failure could
result in termination due to performance, I am then going to
ask you the next step of that, because I am not just asking
your opinion, because you are actually--you know, you are in
the chain of--line of command here of understanding the
execution of this.
So would one of those situations be where all of the
safeguards were down, where someone could get all the way into
one of our buildings, and nobody does? What I am asking you in
this, and I am going to be clear, we had a breach where people
actually got all the way into this building. Right? All the way
to the building.
Secretary Poneman. To the building, sir.
Mr. Turner. That is what I am saying, to the building. Is
there ever a situation where someone would lose their job for
performance where no one penetrated, there was no breach, but
the safeguards were down that would have permitted it? Because
that is certainly what I would consider to the level of a
failure of performance.
Secretary Poneman. Congressman, what I can't do is answer a
hypothetical. It depends on----
Mr. Turner. It is not hypothetical. It really is very, very
clear. You have a job that has no margin of an error: protect
these facilities. Right? And we only can protect these
situations through the application of technology operated by
people. And the people were, you know, we're subject to their
performance as to whether or not it works.
So if someone isn't performing and the system is down, even
if there is no breach, but it is their responsibility and their
fault that the system is down and someone could get all the
way----
Secretary Poneman. Right.
Mr. Turner [continuing]. When I say ``into,'' I mean touch
the building, not inside the building, is that enough for
someone to be terminated due to performance?
Secretary Poneman. Sir----
Mr. Turner. Because I think, this committee thinks that if
we have an agency that is governmental that has the
responsibility for protecting these facilities and we have a
system where those in charge think that you don't even have to
do your job to keep your job, then we don't have something that
is working. So it is a simple question. If the system goes down
where someone could go in and touch the side of the building
and no one does, it is not a real breach but the system has
come down due to their performance, is that the type of lack of
performance that should result in termination?
Secretary Poneman. I can tell you that can and has resulted
in removal from position.
Mr. Turner. So the answer is yes?
Secretary Poneman. I said removal from position. That is
what we did.
Mr. Turner. Well, that is not termination.
Secretary Poneman. And that gets into a level of law and
due process----
Mr. Turner. So you are testifying before this committee
today that if the entire security system of our nuclear
infrastructure facilities went down on the perimeter of a
building that allowed someone to go in and it was a result of
their performance, it is not a terminable offense----
Secretary Poneman. I did not say that----
Mr. Turner [continuing]. Under your agency?
Secretary Poneman. I did not say that, sir. I said we can
remove them----
Mr. Turner. Then please tell me the opposite----
Secretary Poneman. I am telling you----
Mr. Turner [continuing]. Because that has to be true. It
has to be that it would result in someone losing their job. If
not, we need to pass a law here. We need to, like, stop doing
oversight and actually do legislation, because if you don't
have performance to be able to protect the facility, then we
don't really have protection, we don't have security. Is it a
terminable offense--terminate-able offense?
Secretary Poneman. You and I are both lawyers. You are
asking a technical legal question. I want to make sure I am
absolutely accurate----
Mr. Turner. If you don't have clarity on this, then I think
that this committee needs to put something in our next piece of
legislation that absolutely makes it clear that if, due to the
performance of individuals, that the security system fails,
that it would be an offense resulting in termination, because
that clarity, I think, certainly is with the American public.
Secretary Poneman. Congressman, as I told Chairman Rogers
and as I told you when you were chairman of this committee, we
are always ready to work with you and with this committee to
make sure we have the right kind of laws in place. I am not
trying to be evasive. We moved the people out of the positions.
There are due process protections. And if we can come back to
it in more detail, there may be a very simple yes/no answer,
but I am not acting as a lawyer today, and I don't want to give
you an inaccurate----
Mr. Turner. I wasn't asking you a lawyer question, I was
asking you a scope of responsibility and authority question. I
mean----
Secretary Poneman. And in that, I am very confident----
Mr. Turner. It shouldn't require lawyers to understand
whether or not, if there is a failure of performance to that
level, that that would be an offense for which there would be
termination.
Mr. Chairman, I yield back.
Mr. Rogers. I thank the gentleman.
I am going to clarify with the Secretary. Is the due
process you are talking about, is that the union contract?
Secretary Poneman. No. I am talking about the procedural
due process that any Federal employee is entitled to when he is
facing some----
Mr. Rogers. Well, they can have that due process in
response to their termination, can't they? I mean, you
terminate them, and then they have got the due process to
appeal it----
Secretary Poneman. We have to----
Mr. Rogers [continuing]. And try to fight that termination.
But it just seems to me like you are claiming that they have
got a right to go through all this before you can terminate
them.
Secretary Poneman. Well, what we can do and what we did do,
Mr. Chairman, was remove these people from the responsibility
for anything having to do with security immediately, pending
finding out what further disciplinary action was available, and
that disciplinary action is subject to due process.
Mr. Rogers. Well, I am a recovering attorney, too. I think
that due process would not impede firing people who would let
an 82-year-old woman get into a nuclear facility.
But having said that, the chairman recognizes the gentleman
from South Carolina, Mr. Wilson.
Mr. Wilson. Thank you, Mr. Chairman. And I share the
chagrin of the former chairman and the current chairman. It
seems to me that with the breaches that occurred, that there
should have been terminations. Just shifting persons around
doesn't really achieve the level of accountability of something
as extraordinarily important. And I have the perception of
having actually worked at the Savannah River Site, and so by
working there, I actually had a good feeling about the
perimeter security, the persons who were monitoring and indeed
acting, and I felt secure. And I know that the people who
worked there, lived there, raised their families there, retire
there feel secure.
But I am concerned that I have also seen studies that there
is a culture with DOE, with NNSA that has not stressed
security. And so how can we reassure people who live in these
communities that indeed a culture of lack of appreciation of
security is being addressed?
Secretary Poneman. It is a great question, Congressman. You
can reassure them by saying that the top three security
officials at the headquarters responsible for Y-12 at that time
were removed from their positions, that the two top Federal
officials at the site were removed from their positions, that
the contractor that actually had the boots-on-the ground
professional force was terminated full out, that the top two
officials at the management and operations facility, they were
also retired and taken out of the picture. Everybody in that
chain of command, from the individual responders and to the
senior officials responsible for security specifically at that
site, were removed.
At the same time, that would not be enough. We have
undertaken the organizational and structural changes, we have
replaced all the cameras, we have put concertina wire around
the whole facility, all the Perimeter Intrusion Detection and
Assessment System (PIDAS) improvements, the central alarm
station has been upgraded. All of the things we should have
known about but found out about through this unfortunate and
terrible incident, we have taken those steps. So I do think
that the American people can take assurance from that.
Mr. Wilson. Administrator Miller.
Ms. Miller. I just support what the Deputy Secretary has
said. First and foremost, culture is going to be affected by
the leadership and management and their attitudes toward
security, safety, and everything else that we do. And we are
looking very hard and have been making serious changes within
the NNSA to directly address leadership and management issues
as they affect security, safety, and everything else we do.
Mr. Wilson. And I am equally concerned that there seems to
be a lot of reliance on self-assessment by contractors, that
the overseers are depending on the contractors. Is that being
changed?
Secretary Poneman. That is being addressed, sir. And I
think that did contribute to the problems that we faced before.
General Finan's recommendation is, we believe, a sound one,
which is to start with the basis of the contractor's
assessment, but then instead of having that assessed in the
field where there is a possibility of the Feds being too close
to the contractors, that function is being clearly vested in
the headquarters organization, the NA-70 organization, and then
that is going to be further subject to further overview by the
Health, Safety, and Security Office.
Mr. Wilson. And, Ms. Miller.
Ms. Miller. Yeah. I would like to also emphasize, we have
the sites now reporting directly to the Administrator, and in
this way, we expect security, as well as other things, but
security to be a clear line of accountability from the
Administrator through to the site manager, the sites, as the
implementers of the policy that the security policy
organization, that the Deputy Secretary was just referring to,
those policies and orders that they issue are then--which is
their responsibility, and it is also their responsibility to
assess the performance of the sites in implementing those
orders--is just as clear that the line of accountability for
implementing it at the site goes directly from the site to the
Administrator.
Mr. Wilson. And related to that is, there was the
recommendation that headquarters staff visit sites and rotate
between the sites. And is that being done?
Ms. Miller. Headquarters staff is now both in the
implementing side, as well as in the policy and assessment
side, regularly scheduled and going to sites. And as well as
the rotations are, we have put this in throughout the NNSA. We
are very conscious of the fact that people staying in one place
for too long may lead to people becoming complacent.
Mr. Wilson. And thank you both. And I do know that when the
headquarters staff visits, it creates an extraordinary level of
attention. Thank you.
Mr. Rogers. Thank the gentleman.
The chair now recognizes my friend and colleague from
Arizona, Mr. Franks, for 5 minutes.
Mr. Franks. Well, thank you, Mr. Chairman.
Secretary Poneman, I want to try to get three questions in
here, if I can quickly. First, I have had the opportunity to
see hearings on this before, some in a private setting, and so
I have probably already expressed the commensurate level of
bewilderment. And, you know, I don't seek to patronize anyone
to remind us all that the materials that are kept in these
facilities are, you know, are highly technically challenging to
create, and yet to weaponize them is a much lesser difficulty
technologically to do. So, I mean, the implications here are
pretty profound, and I think everyone knows that.
I guess quickly one question I wanted to ask. It seems like
the contractors that had reported these lapses in safety
precautions were treated very differently than those they
reported to, who in some cases ignored their warnings. Is that
your perspective?
Secretary Poneman. I am not sure, Congressman, I am
tracking which contractors you are referring----
Mr. Franks. Well, the contractors, on-the-ground
contractors that were there that were watching the cameras. I
am told that there was a significant reporting on their behalf
prior to these incidents, saying, you know, that we had some
technical challenges and that we really weren't up to----
Secretary Poneman. Yes, sir. Some of those deficiencies had
been earlier noted in earlier reports. That is true.
Mr. Franks. And yet they were, you know, handled pretty
roughly, it sounds like, and the folks that they reported to
weren't. And I will leave that there, sir, because I want to
get to another.
The previous panel emphasized sort of the line of
responsibility. And I think that that is something that is
almost ubiquitous throughout the entire human dynamic. You
know, somebody has got to have responsibility. Everybody's
responsibility is nobody's responsibility. But it appears to me
that DOE and the NNSA have not really addressed that
effectively within NNSA, because DOE continues to have an
oversight office under HSS, and NNSA now has a split security
between an office responsible for policy and oversight and
another office that is responsible for program execution.
And I am just wondering, how do all these DOE offices
ensure that there is accountability for making sure that the
security program is properly executed at these DOE sites?
Secretary Poneman. Okay. So I now understand the first
part, and I will just say very quickly, both contractors
involved had their leadership removed. So they both paid the
appropriate accountability price, just on that first part of
your question. And I know you wanted to get to the second one.
On the second one, it is a very good question, and as you
just heard the Acting Administrator say, we believed that part
of the problem here, as General Finan pointed out, was that
there was this confusion. The clarity of the line management
down through this infrastructure and operations, that's the
line management. They are responsible for execution. They had
to take away the interference with that line management was
coming out of the NA-70 nuclear security organization. So they
just make the plans and evaluate it, but that is all inside
NNSA. And so to have a further check, because these materials
are so sensitive and do need to be secure, is to have a check
on the check by having HSS perform an outside independent
oversight role outside of the National Nuclear Security
Administration.
Mr. Franks. But just a yes or no quickly. Is it your
testimony before this committee that the line of
responsibility, that any ambiguities there have been dealt
with?
Secretary Poneman. We are in the process of implementing
General Finan's recommendations. I would like to come back to
this committee when I can tell you that we feel like----
Mr. Franks. To me, Mr. Chairman, that seems seminal to this
whole discussion.
Secretary Poneman. We agree.
Mr. Franks. Let me shift gears quickly, and I will ask both
of you, because I will run out of time here and you both can
answer the question still. When you think about these potential
breaches of security in the future, you know, there are all
kinds of issues out there, and I am just wondering one specific
question, and I would welcome you to mention any others that
are on your mind. But, you know, there is a significant
increase in technology across the world with intentional
electromagnetic interference, or these EMP [electromagnetic
pulse] device capability, which seems to me that it could
really put these facilities at risk, and even further, you
know, the potential of a major EMP event, either geomagnetic
disturbance or a high-altitude nuclear burst.
Can you tell me, are we protecting our critical defense
apparatus like the Y-12 facility against these three prongs of
EMP: the E1, E2, and E3?
Secretary Poneman. Congressman Franks, I am well aware of
your thought leadership on this challenge. I have talked to
former Secretary Jim Schlesinger and Mr. Ikle, may he rest in
peace, and what I am here to tell you is that we are very
focused on addressing all of those kinds of threats, which
don't, as you well know, affect only Y-12, but frankly
everything, far, far beyond that. We would love to work more
closely with you on this subject. The executive orders and the
Presidential Directive 21 that the President just issued
addressed exactly this kind of problem. It is something that is
a huge problem. It is going to take a lot of work to get into a
safe place, but we are very focused on it, sir.
Mr. Franks. All right. Thank you, Mr. Chairman.
Mr. Rogers. I thank the gentleman.
Before I go to Mr. Garamendi, I want to clarify. You stated
a minute ago that you are in the process of implementing
General Finan's findings. That is just at NNSA, that is not at
DOE. What are you doing at DOE to deal with the problem that
Mr. Franks just addressed?
Secretary Poneman. The problem that Mr. Franks just
addressed actually goes well beyond NNSA and will require
various parts of our organization, including our Chief
Information Officer, which has technical capacity to deal with
the EMP issues.
Mr. Rogers. No, no. I am talking about his earlier issue
dealing with the chain of command on reports by the
contractor----
Secretary Poneman. Okay.
Mr. Rogers [continuing]. Of deficiencies that are not being
remedied.
Secretary Poneman. Mr. Chairman, those issues are among
those that have been addressed by what we call the three wise
men, of whom you had one here testifying this morning. We are
having internal discussions precisely on this question of how
to make sure that the larger DOE organization works effectively
in ensuring the same kind of oversight that we are talking
about inside of NNSA, because as you know, Mr. Chairman, there
is some Category 1 material that is outside of the NNSA and we
have to make sure it is all well protected.
One thing that has been done is there was some confusion as
between overall directives that are departmental-wide and those
directives that are specific to NNSA. General Finan's
recommendation, which we are following, says we need to be
clear that the DOE directives are those that are binding is the
baseline. Anything beyond that, because of the special needs
and requirements of NNSA, should be done as only a way to
augment or strengthen and should not be any way to confuse or
distract from the overall directive that governs the whole
Department.
Mr. Rogers. The gentleman, Mr. Garamendi, is recognized for
5 minutes.
Mr. Garamendi. Thank you, Mr. Chairman.
I appreciate the testimony both of you have given, and I
was reading your testimony also. While you have explained
verbally and in some writing the organizational structure, it
is not clear to me exactly how that chain of command and
organizational structure is actually in place; therefore, I
would appreciate it if you could deliver to our committee staff
a detailed organizational chart----
Secretary Poneman. Absolutely.
Mr. Garamendi [continuing]. With the accompanying job
descriptions.
Secretary Poneman. Happy do it, sir.
Mr. Garamendi. I think that would be helpful, at least for
me, to understand the words that you have said and how it works
out. From the previous questions asked, it is not just within
the NNSA, it is also within the Department and the
organizational structure therein. So if you would do that, I
would appreciate it.
Secretary Poneman. We would be very happy to provide this.
[The information referred to can be found in the Appendix
on page 117.]
Mr. Garamendi. That would at least allow me the opportunity
to understand more completely your testimony. And I thank you.
I yield back, Mr. Chairman.
Mr. Rogers. I thank the gentleman.
I want to follow up. We heard in the earlier panel of all
the studies over the years. Why do you think it is that these
longstanding, well-documented deficiencies in security at this
particular facility were allowed to go on so long?
Secretary Poneman. Well, the things that we have found
since the episode, Mr. Chairman, were that, even though some of
these things were noticed, that our internal reporting chain
was broken, was the phrase that I think was used in some of the
reviews. And so you can rest assured that if we had known what
was actually the situation on the ground----
Mr. Rogers. So you weren't aware of any of those studies
from 2002, 2005----
Secretary Poneman. Well, I thought you were asking
specifically about the----
Mr. Rogers. No. I am talking about the 10 years, the 4
studies over 10 years, with General Finan's been the most
recent. The three prior to that, were you aware of those
studies and their findings?
Secretary Poneman. After the----
Mr. Rogers. Admiral Mies, yeah.
Secretary Poneman. After the Y-12 episode, I became aware.
I actually----
Mr. Rogers. So before that, you weren't aware of them?
Secretary Poneman. Well, the one study I was aware of, and
I don't know if this is one of the ones that you are referring
to, I helped former Senator Baker and Mr. Hamilton look at the
episode of the lost hard drive at Los Alamos, and I was aware
of that one. And the thing that we found there was, in fact,
the same kind of problem of division of the security mission
from the line organization was a source of challenge. What I
did not realize was that that particular problem was still
persisting to the degree that it obviously was.
Mr. Rogers. Why? Why were you not aware?
Secretary Poneman. I was not aware that the cultural and
sort of the situation at Y-12, which we found out post hoc, was
occurring at the time, because it had not come to my attention.
I can assure you if it had, I would have acted.
Mr. Rogers. Who do you think should have reported that to
you? These were general officers who were doing these studies,
very high ranking, important, thoughtful people who were making
these reports. Were they just to be put on the shelf or were
they to be given to policymakers who could implement changes?
Secretary Poneman. I would have to know, sir, which studies
you are referring to and if they were done during----
Mr. Rogers. Admiral Mies in 2005, for example.
Secretary Poneman. Yeah. Sir----
Mr. Rogers. Who should have told you about that?
Secretary Poneman. I don't know who would have told me
about a 2005 report.
Mr. Rogers. Should Ms. Miller have told you about it?
Secretary Poneman. Sir, it was a 2005 report, and I just
don't know what happens in terms of the shelf life of these
reports and when they get repeatedly briefed. We are responding
to the responsibilities we have got. Anything that we have done
to look at the problem, we obviously have to be fully
accountable for. It is always, always a good thing to go back
and see what has been done through time. That is why when this
episode happened, we did look at those reports and we found a
number of things that need to be addressed.
Mr. Rogers. Let me ask this. Ms. Miller, who do you report
to on security matters? Who is your immediate superior?
Ms. Miller. My immediate superior is the Deputy Secretary.
Mr. Rogers. Okay. Were you aware of Admiral Mies' study?
Ms. Miller. I became aware of Admiral Mies' study. I joined
the NNSA in 2010.
Mr. Rogers. 2010.
Ms. Miller. Uh-huh.
Mr. Rogers. And when you arrived in 2010, how long was it
before you became aware of Admiral Mies' study?
Ms. Miller. I knew of Admiral Mies' study a little bit
before then. I did not become aware of the contents of it for
probably the first year that I was there.
Mr. Rogers. And so you knew about it by 2011, midyear.
Ms. Miller. Uh-huh.
Mr. Rogers. Did you take any action to inform Secretary
Poneman that you have a cultural problem that has got to be
addressed?
Ms. Miller. I did not take any actions to inform Secretary
Poneman. I did begin to take actions within the NNSA to address
cultural problems that, again, affect----
Mr. Rogers. What actions specifically? Did you fire
anybody?
Ms. Miller. No. No.
Mr. Rogers. Let me ask this.
Ms. Miller. There were no firing offenses.
Mr. Rogers. The chief of security for DOE has been there
for 20 years. Clearly, given these studies that I have referred
to--and what were they? The Commission on Science and Security
did one in 2002, Admiral Mies in 2005. And, yeah, there was a
couple others we went through in our earlier panel. But my
point is, so your chief of security clearly should have been
handed a copy of those studies, wouldn't you think, Secretary
Poneman?
Secretary Poneman. Presumably when they came out, that
would have happened.
Mr. Rogers. That would have been on his watch to know we
have got an installation under my domain of responsibility and
we now have a study that says there is problems. Would that
make sense, that he would get a copy of it?
Secretary Poneman. I would presume that all of those
studies you referred to were reported to the Department
contemporaneously.
Mr. Rogers. Yeah. Would you turn your microphone on,
please?
Secretary Poneman. Sorry. I would assume, sir, that those
reports when they came out would have been reported to the
Department contemporaneously.
Mr. Rogers. Right. And the person, the relevant person
would have been the chief of security, wouldn't it be?
Secretary Poneman. It certainly would have been relevant.
Of course, the organization was different at that time, and I--
--
Mr. Rogers. Well, it doesn't matter. Chief of security is
over security over all your installations. Isn't that correct?
The DOE chief of security.
Secretary Poneman. What I am saying is I don't know who was
the chief of security in 2002, 2005, et cetera. I don't----
Mr. Rogers. I am telling you the same guy has been there
for 20 years. The guy who is the chief of security now has been
the chief of security at the Department of Energy for 20 years.
All of these installations fall under his responsibility. My
thinking is that if a report comes out and says, we have a
flawed culture of security problems at Y-12 comes out, that
should have been presented to the chief of security. Now, no
remedies were taken to the equipment and the other deficiencies
in that system. He wasn't fired. Who does the chief of security
at DOE report to?
Secretary Poneman. The chief of security reports to the
Secretary and to the Deputy Secretary.
Mr. Rogers. Okay.
Secretary Poneman. But that person, just to be clear, Mr.
Chairman, does not have line authority over the sites. I am
not----
Mr. Rogers. Why not?
Secretary Poneman. Because that`s the nature of the
problem. In other words, we need to make sure that the line of
authority runs straight down through the----
Mr. Rogers. Who is responsible for establishing line
authority within the Department of Energy?
Secretary Poneman. The Secretary.
Mr. Rogers. Was he fired?
Secretary Poneman. No, sir.
Mr. Rogers. I recognize the gentleman from Tennessee, Mr.
Cooper, for any additional questions he may have.
Mr. Cooper. Thank you, Mr. Chairman.
I think we are talking about HSS.
Secretary Poneman. Yes.
Mr. Cooper. The Office of Health, Safety, and Security. I
think we are talking about Glenn Podonsky, who has been there
some 29 years. I was interested in Mr. Podonsky, as you point,
because of a news article dated February 22, 2013, just a few
days ago, in which he said--at least he is quoted in the
article as saying--he believes that the nuclear arms complex
operated better while directly under the Energy Department's
defense programs prior to the nuclear agency's formation in
2000. And I think by the nuclear agency, he means NNSA. And I
am not faulting Ms. Miller, because she is acting and new, but
this is a pretty amazing charge from somebody that you praise
and trust. And he might not have line authority, but has been
there a long time, knows a lot of stuff, you all rely on his
viewpoint a lot, and he is wondering whether NNSA should even
have jurisdiction here.
Secretary Poneman. That obviously----
Mr. Cooper. And we have taken a step backwards since 2000.
Secretary Poneman. Yeah. Obviously, Congressman, that does
not reflect the view of the Department of Energy. We clearly
believe that the structure of having NNSA as the semiautonomous
part of the Department is the right structure. We are fully on
board with that, and there is no question about that. I also
was not present, I saw the news reports, obviously, but that is
not obviously reflecting the view of the Department.
Mr. Cooper. Well, let's forget politics for a second and
the view of the Department, because right now the Department
doesn't have a lot of credibility on the security issue. Here
is a guy who has been a loyal public servant for 29 years who
is trying to express a viewpoint, and it might be politically
correct, it might not be officially, you know, supported by the
top brass, but this is, you know, part of your organization
that you respect and trust, this is a respected individual who
is questioning even the function of NNSA. And, of course, a
commission will be established to look into lots of NNSA issues
anyway. This is a problem.
Secretary Poneman. Well, Congressman, we have, all of us,
thought long and hard exactly about what the best way to do
security is going forward out of this episode. We will continue
to do that. We are going to take advantage of the great wisdom
of the three experts. And we always encourage a continued
questioning attitude and not to be complacent about where we
are. We have no grounds for complacency. So we are going to
keep at working as hard as we can to get this problem fixed.
Mr. Cooper. Why do you deserve the chance to keep working
at the problem?
Secretary Poneman. I don't think, sir, in terms of anything
I deserve. I am just trying to address a problem, and I feel
that that is my responsibility and I am going to keep working
at that as hard as I can. I don't think of it in terms of what
I deserve or don't deserve.
Mr. Cooper. But in response to Mr. Turner's question
earlier, it seemed like you had a hard time thinking of
circumstances that might even lead to, say, Air Force levels of
taking responsibility.
Secretary Poneman. I don't mean to imply that. I strongly
believe in accountability. We took every step that we could to
make sure that the problem could not recur by changing the
structure, by changing the culture and taking those steps, and
by holding the individuals accountable. And, again, sir, we
will continue to do everything we can to earn the confidence of
this committee and the American people in that measure.
Mr. Cooper. Maybe you could answer for the record what the
average guard or protective force member makes when you divide
out, you know, there is $175,000 going to each position under
DOE leadership, how much take-home pay, how many benefits are
these folks actually getting out of this amazing sum of money.
They are paid like Federal judges, they are paid like
Congressmen, yet these poor folks are not getting that sort of
benefit.
Secretary Poneman. Congressman, I have not seen the math.
My hunch is that that number folds in a lot of physical plant
and so forth. But it is absolutely a fair question to ask, and
we will get you--and I assure you it won't be 5 months, I don't
know how that happened--we will get that promptly to you, sir.
[The information referred to can be found in the Appendix
on page 117.]
Mr. Cooper. Thank you.
Mr. Rogers. I thank the gentleman.
Mr. Wilson, you don't have any more questions?
The last thing I wanted to point out was last week the DOE
chief security officer told a reporter that the nuclear
enterprise, quote, ``wasn't working badly in the 1990s before
NNSA was formed,'' and that we should just abolish NNSA and go
back to having everything DOE. But then we look back, and in
1999 a report by President Clinton's Foreign Intelligence
Advisory Board said that DOE, quote, ``embodied science at its
best and security at its worst.'' Highlighting a string of
recurring security problems that DOE had failed to correct in
the 1990s, the Board described DOE as a ``dysfunctional
bureaucracy that has proven it is incapable of reforming
itself.''
The thing that I hope you take away from this, Mr.
Secretary, is you have got to be capable of reforming yourself.
I want you to recognize we are as serious as a heart attack
about what has just happened here and staying after it, and we
expect it to be remedied. That doesn't just mean the NNSA. That
also means the Department of Energy. And we want to know
specifically that you are willing to terminate people that
aren't doing their job. It sounds to me like this chief
security officer might be one of the folks that ought to be on
your list to look at.
But we are looking for serious reforms and line
responsibilities so that if--and I hope we never do have
another incidence like this, but if we do, you can show us or
we can see exactly who was responsible and if they were dealt
with in a prompt and appropriate manner.
Secretary Poneman. Mr. Chairman, first of all, as I said in
my opening statement, we not only accept, but we welcome
working with you and this committee on these problems in
exactly that dimension.
Number two, we very much agree--obviously there are
continuing concerns we need to address--we completely agree
that accountability is a critical part of fixing the problem.
However, we don't just have a people problem. We also have a
structural problem. We need to fix that. We have a cultural
problem. We need to fix that. Not to say we shouldn't fix all
of them. We do. We are as serious as a heart attack as well. I
am just saying that we need to work on all parts of the
problem: accountability, culture, clarity of lines of
responsibility, authorities that go with that. And, again, with
your help, hopefully we will get to the place where we never do
experience this kind of episode again, because it is something
that is absolutely, as we have said from day one, unacceptable.
Mr. Rogers. Thank you.
Several members went back after the last series of votes.
If there are any members who have additional questions they
would provide in writing, we will keep the record open for 10
days. I would ask you if any members do submit questions to you
in writing, that you respond to those in writing in a timely
manner.
Thank you for your time and attention. This hearing is
adjourned.
Secretary Poneman. Thank you.
[Whereupon, at 12:46 p.m., the subcommittee was adjourned.]
?
=======================================================================
A P P E N D I X
February 28, 2013
=======================================================================
?
=======================================================================
PREPARED STATEMENTS SUBMITTED FOR THE RECORD
February 28, 2013
=======================================================================
[GRAPHIC] [TIFF OMITTED] T9996.001
[GRAPHIC] [TIFF OMITTED] T9996.002
[GRAPHIC] [TIFF OMITTED] T9996.003
[GRAPHIC] [TIFF OMITTED] T9996.004
[GRAPHIC] [TIFF OMITTED] T9996.005
[GRAPHIC] [TIFF OMITTED] T9996.006
[GRAPHIC] [TIFF OMITTED] T9996.007
[GRAPHIC] [TIFF OMITTED] T9996.008
[GRAPHIC] [TIFF OMITTED] T9996.009
[GRAPHIC] [TIFF OMITTED] T9996.010
[GRAPHIC] [TIFF OMITTED] T9996.011
[GRAPHIC] [TIFF OMITTED] T9996.012
[GRAPHIC] [TIFF OMITTED] T9996.013
[GRAPHIC] [TIFF OMITTED] T9996.014
[GRAPHIC] [TIFF OMITTED] T9996.015
[GRAPHIC] [TIFF OMITTED] T9996.016
[GRAPHIC] [TIFF OMITTED] T9996.017
[GRAPHIC] [TIFF OMITTED] T9996.018
[GRAPHIC] [TIFF OMITTED] T9996.019
[GRAPHIC] [TIFF OMITTED] T9996.020
[GRAPHIC] [TIFF OMITTED] T9996.021
[GRAPHIC] [TIFF OMITTED] T9996.022
[GRAPHIC] [TIFF OMITTED] T9996.023
[GRAPHIC] [TIFF OMITTED] T9996.024
[GRAPHIC] [TIFF OMITTED] T9996.025
[GRAPHIC] [TIFF OMITTED] T9996.026
[GRAPHIC] [TIFF OMITTED] T9996.027
[GRAPHIC] [TIFF OMITTED] T9996.028
[GRAPHIC] [TIFF OMITTED] T9996.029
[GRAPHIC] [TIFF OMITTED] T9996.030
[GRAPHIC] [TIFF OMITTED] T9996.031
[GRAPHIC] [TIFF OMITTED] T9996.032
[GRAPHIC] [TIFF OMITTED] T9996.033
[GRAPHIC] [TIFF OMITTED] T9996.034
[GRAPHIC] [TIFF OMITTED] T9996.035
[GRAPHIC] [TIFF OMITTED] T9996.036
[GRAPHIC] [TIFF OMITTED] T9996.037
[GRAPHIC] [TIFF OMITTED] T9996.038
[GRAPHIC] [TIFF OMITTED] T9996.039
[GRAPHIC] [TIFF OMITTED] T9996.040
[GRAPHIC] [TIFF OMITTED] T9996.041
[GRAPHIC] [TIFF OMITTED] T9996.042
[GRAPHIC] [TIFF OMITTED] T9996.043
[GRAPHIC] [TIFF OMITTED] T9996.044
[GRAPHIC] [TIFF OMITTED] T9996.045
[GRAPHIC] [TIFF OMITTED] T9996.046
[GRAPHIC] [TIFF OMITTED] T9996.047
[GRAPHIC] [TIFF OMITTED] T9996.048
[GRAPHIC] [TIFF OMITTED] T9996.049
[GRAPHIC] [TIFF OMITTED] T9996.050
[GRAPHIC] [TIFF OMITTED] T9996.051
[GRAPHIC] [TIFF OMITTED] T9996.052
[GRAPHIC] [TIFF OMITTED] T9996.053
[GRAPHIC] [TIFF OMITTED] T9996.054
[GRAPHIC] [TIFF OMITTED] T9996.055
[GRAPHIC] [TIFF OMITTED] T9996.056
[GRAPHIC] [TIFF OMITTED] T9996.057
[GRAPHIC] [TIFF OMITTED] T9996.058
[GRAPHIC] [TIFF OMITTED] T9996.059
[GRAPHIC] [TIFF OMITTED] T9996.060
[GRAPHIC] [TIFF OMITTED] T9996.061
[GRAPHIC] [TIFF OMITTED] T9996.062
[GRAPHIC] [TIFF OMITTED] T9996.063
[GRAPHIC] [TIFF OMITTED] T9996.064
[GRAPHIC] [TIFF OMITTED] T9996.065
[GRAPHIC] [TIFF OMITTED] T9996.066
[GRAPHIC] [TIFF OMITTED] T9996.067
[GRAPHIC] [TIFF OMITTED] T9996.068
[GRAPHIC] [TIFF OMITTED] T9996.069
[GRAPHIC] [TIFF OMITTED] T9996.070
[GRAPHIC] [TIFF OMITTED] T9996.071
[GRAPHIC] [TIFF OMITTED] T9996.072
?
=======================================================================
DOCUMENTS SUBMITTED FOR THE RECORD
February 28, 2013
=======================================================================
[GRAPHIC] [TIFF OMITTED] T9996.073
[GRAPHIC] [TIFF OMITTED] T9996.074
[GRAPHIC] [TIFF OMITTED] T9996.075
[GRAPHIC] [TIFF OMITTED] T9996.076
?
=======================================================================
WITNESS RESPONSES TO QUESTIONS ASKED DURING
THE HEARING
February 28, 2013
=======================================================================
RESPONSE TO QUESTION SUBMITTED BY MR. COOPER
Mr. Poneman. The average gross wages and fringe benefits for a
guard or Protective Force member at Y-12 is $88,000. Actual take home
pay will vary by individual based upon payroll deductions and hours
worked. [See page 30.]
______
RESPONSE TO QUESTION SUBMITTED BY MR. GARAMENDI
Mr. Poneman. Please find attached an organization chart of both
organizations. We've also included the names of the key NNSA leadership
team. [See page 26.]
[The information referred to can be found in the Appendix beginning
on pages 111-114.]
?
=======================================================================
QUESTIONS SUBMITTED BY MEMBERS POST HEARING
February 28, 2013
=======================================================================
QUESTIONS SUBMITTED BY MR. ROGERS
Mr. Rogers. General Alston, you recognized human capital
limitations as a contributing factor to the event. What can Congress
do, if anything, to enhance human capital at NNSA as it pertains to
security?
General Alston. Recognizing that the July 2012 Y-12 security
failure had more to do with ineffective oversight and a culture that
readily accepted security deficiencies rather than human capital
weaknesses, it's my view that NNSA and DOE did not assign sufficient
value to security expertise when it made staffing decisions. As a
result, there is no ready pipeline of leaders with appropriate security
expertise. This condition is exacerbated by personnel practices that
did not circulate security leaders between the HQ and the sites.
The quality of experience and expertise across our national nuclear
enterprise has been an area of increasing concern, perhaps since the
end of the Cold War. The Congress in the 1997 and 1998 National Defense
Authorization Acts established a Commission on ``Maintaining United
States Nuclear Weapons Expertise,'' led by ADM (ret) Hank Chiles. ADM
Chiles led a similar Defense Science Board effort in 2008. Neither of
these efforts highlighted nuclear physical security expertise as a
focus area, but they emphasize the overall importance of expertise
throughout the nuclear enterprise. All other things being equal, I
personally would be inclined to hire someone who has secured nuclear
materials before I would hire one without that background. The size of
our nuclear enterprise continues to expose a keen personnel
vulnerability across all disciplines that should be driving focused
human capital development plans. The benefits include good daily
operations, strong crisis management competencies at upper levels and a
self-sustaining community of experts.
Mr. Rogers. General Alston, do you, Mr. Augustine, and Dr. Meserve
believe the confused lines of responsibility and authority for security
are just within NNSA, or do they extend to security and leadership
organizations within DOE as well?
a. You are your fellow reviewers have suggested that security
operations with DOE and NNSA need to be reorganized in order to re-
align authority and responsibility. What guidelines should be followed
in aligning and assigning authority and responsibility? Is it your
sense that these guidelines are being followed?
General Alston. The confused lines of responsibility and authority
for security at the time of our project were within the contractor
relationships at the sites, NNSA and DOE.
a. Match authority and responsibility at the right level.
--For example, at Y-12, the site Maintenance and Operations
contractor was responsible for security infrastructure, such as
security camera maintenance, while the security contractor was
responsible for providing ready protective forces. This split
responsibility for security tools and security pros contributed to the
atmosphere that tolerated enduring infrastructure deficiencies.
--Additionally, empower the NNSA rep overseeing site security with
sufficient authority to hold him/her accountable appropriately for
local performance failures, as necessary.
--Finally, establish who is accountable at the headquarters level
for day-to-day security operations. Who is accountable to track and
eliminate security deficiencies? Who is accountable for security system
developmental and operational testing? To name just a few critical
elements we had trouble resolving during our study.
Scrub department governance and eliminate inadequate, conflicting
and redundant sources of security policy.--For example, securing
Category 1 material at SRS should require the same measures as securing
Category 1 material at Y-12.
Establish clear organizational lines from the field through the
senior levels at the headquarters that not only enable the two points
above, but also focus on ensuring effective 2-way communication
throughout the organization.
I do not have a sense whether or not these guidelines are part of
DOE/NNSA security initiatives.
Mr. Rogers. General Alston, your letter to Secretary Chu says
``there is a perception that corporate security policy is being written
from inspection results.'' Mr. Augustine noted that inspections and
assessments inappropriately focus on compliance with standards, and not
on security effectiveness or performance. He concluded that ``what is
needed is not more inspections but better inspections.'' Do you agree
with Mr. Augustine on this point?
a. To what extent do you believe that oversight activities should
also be standardized and/or centrally directed?
b. Would you please compare and contrast how the Department of
Defense conducts inspections and writes security policy with how DOE
and NNSA do?
c. How should oversight of security operations be conducted? How
would you modify the DOE/NNSA inspection and oversight approach to make
it better?
General Alston. I absolutely agree with Mr. Augustine. Well-focused
inspections, at smart intervals, consistently and appropriately
evaluating compliance and performance against clearly established
standards provide both local leadership and NNSA and DOE ``snapshot''
indicators of site competency. As a part of a comprehensive set of
indicators that include daily performance metrics, resourcing levels,
and several more elements to complete the readiness picture, a sound
inspection process is vital.
a. Independent oversight of activities involving nuclear materials
is essential due to the extraordinary safety, security and geopolitical
nature of nuclear weapons and related components. High standards are
established and their compliance must be verified. The most senior
accountable overseer must have the means to assure subordinate elements
are in compliance with standards and can perform critical aspects of
the mission. Therefore, the Secretary of Energy requires an independent
inspection apparatus. The NNSA Administrator also needs to ensure
compliance with these same high standards. Whether or not the
Administrator of this semi-autonomous agency requires his/her own
independent inspection apparatus should be evaluated.
Common standards must be applied in a common way in the field and
must be inspected in a common way by the inspection team. This has the
benefit of enabling senior leaders to calibrate compliance,
preparedness and overall competency through inspection results they can
have confidence in. Additionally, consistent inspections should serve
the purpose of reinforcing universal expectations by field elements
that clear standards will be evaluated in consistent ways. Without
consistency in evaluation, trust can break down between the HQ and the
field and sites will fear the next inspection will be less about
standards and more about inspection team whim. Unjustified policy
revisions can also creep into the process as a result of poorly
organized and executed inspections.
b. The DoD depends both on the Services and the Defense Threat
Reduction Agency to conduct inspections. The vast majority of nuclear
expertise is created at the operating unit level and from this initial
development, the substantial oversight demand signal is generated by
Inspector General teams at every nuclear Major Command in the AF (that
would be 5 AF IG teams, plus the AF Inspection Agency), plus, the
Services feed nuclear expertise to DTRA and Combatant Commander
inspection organizations (small though they may be). I lack personal
experience to discuss Navy processes, so I'll stick to the AF. Nuclear-
related policy is written at the Office of the Secretary of Defense
level by functional experts and that policy is applied to the AF at the
Air Staff level by the AF functional experts: personnelists, manpower,
intelligence, operations, logistics, supply, security, medical, etc.
Functional experts at both the Air Staff and the Major Command level
establish what should be inspected and go so far as to write the
checklists that are issued to the inspection teams. The AF performs a
variety of inspections that affect nuclear-equipped units, but the most
relevant nuclear-related inspections include the Nuclear Surety
Inspection and the Operational Readiness Inspection. Both types have
compliance and performance-based elements. Additionally, subordinate
units have self-inspection processes, local exercises, written and oral
tests. Strategic Command also conducts major large scale exercises.
Our relatively short duration study of security across DOE did not
afford us the opportunity to examine DOE and NNSA policy formulation or
inspections in great detail. We did have difficulty understanding how
these processes worked in practice. We noticed security policy being
written both inside and outside NNSA, suggesting a need to validate the
appropriateness of multiple security governance tracks, especially
where the result potentially drove different security applications in
the field at different locations.
The record shows the DOE had inspected Y-12 just prior to the July
2012 incident and despite extensive documented evidence of an imminent
train wreck, Y-12 got good grades. Clearly DOE was not looking at the
right things, or lacked sufficient security competency to recognize the
existing failure conditions. Beyond IG-type inspections, system
readiness/acceptance testing is also relevant to this question. As Mr.
Augustine said when discussing operational testing of security systems,
``. . . tests have too often addressed the question, `Does the hardware
or practice meet the design criteria rather than is it operationally
effective?' Standards are often procedural rather than performance-
oriented, and stress testing has been lacking.''
c. Scrub governance to validate Department and Agency requirements
and eliminate conflicting or inadequate guidance. Then, ensure
productive alignment of authority and responsibility to produce policy
and ultimately oversee effective current operations and prepare for
tomorrow's effective operations. These two steps will help set the
conditions for a value-added inspection process that can produce
dependable results for local and headquarters awareness and action, as
appropriate.
Mr. Rogers. General Alston, in your letter to Secretary Chu, you
note that metrics are an important complement to inspections as part of
a comprehensive oversight program (Dr. Meserve made the same point).
Reviews of the Y-12 incident have found that very few performance
metrics were tracked by contractors and NNSA. What high-level metrics
should we be tracking as Members of Congress to ensure that the
security program is operating effectively?
a. What are the most important metrics for senior officials to be
tracking to assurance robust security performance?
b. In addition, how can NNSA leadership ensure that ``quality
metrics'' are developed and used by Federal staff and contractors to
conduct oversight?
c. How many metrics is too many--at what do the important ones get
lost in the noise?
General Alston. a. All are related to understanding risk and being
able to competently accept risk up the chain. Metrics could include:
Resource limitations driving non-standard activities. (personnel
shortages driving overtime; parts availability driving
prolonged outages of security equipment and extended
implementation of compensatory measures)
Safety incidents. Number, quality, trends.
Security incidents. Number, quality, trends.
Progress on security system modifications or upgrades.
Inspection results.
Inspection deficiency follow-up/resolution.
b. I think the metrics are chosen by identifying those governance
requirements that spell `mission failure' if ever breached.
Additionally, metrics should be collaboratively identified throughout
the chain of command. Authentic desire for site input goes a long way
towards achieving corporate buy in to these important measurements.
c. Good question. I think some metrics are very relevant to the
NNSA Administrator, and at the same time, more detailed subordinate
metrics might be more appropriate at the local level. It's important to
get the right information to the person accountable to fix the problem.
In addition to just pushing data up the chain, it is perhaps more
important for this content to drive interaction up and down the chain
to reinforce constant leadership commitment to security, and for site
participants to take that leadership commitment evidence to all the
personnel on site.
Mr. Rogers. General Alston, your letter indicates serious problems
with the security culture at NNSA and DOE, and that many of these
problems have existed for decades.
a. Can we change the security culture without some sort of
fundamental changes? Is it possible to shift the culture using only
incremental changes?
b. Culture changes are extremely difficult and often take a long
time--what immediate-term actions should we be taking to begin this
needed culture shift?
c. You recommend federalizing the security forces. Do you think
that would a large enough change to shift the culture?
General Alston. a. In my experience, when culture change is needed,
incremental adjustments will either fail to achieve the required change
or will not drive change at the necessary speed.
b. If the need for culture change is legitimized, dramatic action
is often a catalyst for changing culture. A change in leadership, a
clear articulation of the vision and the need for the change, sometimes
a major re-organization are all relevant considerations. Key to setting
conditions for change is to reinforce the value of security in NNSA and
DOE and that is achieved in large part with accountability.
Overcommunicate the standards and expected performance levels and
consistently enforce them. Mr. Augustine identifies 7 ingredients to
successful culture change on page 4 of his 6 December 2012 letter to
Dr. Chu.
c. No, federalizing the NNSA protective forces alone will not
achieve the necessary culture change. Without the proper alignment of
authority and responsibility up and down the chain between the sites
and the HQ and without an effective means to ensure all members of NNSA
and DOE understand their individual roles in security, all the
necessary pieces will not be in place and the conditions will not have
been set. However, federalizing the protective forces not only makes
operational sense, but it would be a clear expression of intent and
institutional commitment that, in my view, would be worth the cost in
the long run.
Mr. Rogers. General Alston, you and Mr. Augustine and Dr. Meserve
seem to have read the many reports and independent reviews of DOE
security that have been conducted previously. Your letter to Secretary
Chu calls it ``the considerable body of work that has been done on this
subject over the past decade.'' In particular, you mention the review
done by Admiral Mies in April 2005. In my opening statement, I
mentioned a few others--but there are many, many more.
How do your findings and recommendations compare with those
contained in all of these previous reports? Do you feel the findings
and recommendations in the previous reports have been acted upon and
addressed?
General Alston. It is my view that many of the past reports contain
observations and recommendations that also seemed relevant during the
time of my study. In my opinion, the broadest security examination was
led by ADM (ret) Mies and for that reason I encouraged the Secretary of
Energy to critically re-evaluate DOE/NNSA documented resolution of that
report's set of recommendations. Though I did not audit all the
relevant reports in response to this QFR, I did review the Mies report
again. I have included below some of the Mies recommendations that
echoed with what I was observing at the time of my study. I suspect
DOE/NNSA has taken relevant action in response, but given what I
observed, continued vigilance is required.
Some still-resonating Mies recommendations:
``Continue to promote greater collaboration and team
building within NNSA with the goal of an enterprise approach to
security. Support the Chiles panel recommendations on improved career
development, assignment rotation training, professional qualification
and certification, etc.
Make an unequivocal commitment to upgrade the quality,
relevance, and ownership of security training programs and professional
certification.
Emphasize a balance of compliance and performance
objectives designed to incentivize and embed security improvement
throughout NNSA, as part of an enterprise approach to security.
Create a stronger climate of trust in the security
program. Differentiate honest human security errors from malicious,
grossly negligent ones.
Adopt a more proactive approach to security through
stronger accountability.
Conduct an independent staffing assessment of NNSA
relative to DOE. Rebalance staffing and expertise commensurate with the
significance of the national security assets NNSA manages.
Give greater autonomy and authority to the NNSA
Administrator to oversee the elements of the security process, from
policy formulation to implementation and oversight, which directly
affect security of the NNSA complex.
Implement the recommendations of the Chiles report to
improve the federal security workforce, including developing and
executing a comprehensive human capital management program; improving
the training, qualifications, and stature of the NNSA security
workforce; reengaging in national markets to hire security
professionals; instituting a long-term practice of security staff
rotation; identifying options for accelerating the security clearance
process; improving security information flow; revising the NNSA
Safeguards and Security Strategic Plan; and providing specific budget
support for and tracking the progress of these recommendations.
Continue to elevate security program visibility and
importance through initiatives such as the June 2004 organizational
realignment, to ensure security is commensurate with other line
management responsibilities.
Have NNSA headquarters assume greater responsibility for
day-to-day supervision and oversight of site activities to promote an
enterprise-wide approach to security, more consistent interpretation of
security policy, and more standardized and coherent implementation. The
new Associate Administrator for Defense Nuclear Security should be
assigned responsibility for day-to-day security oversight.
Responsibility for implementation needs to reside at all levels.
Establish formal mechanisms to enable DOE/NNSA to
regularly collaborate with DoD (and other appropriate federal agencies)
on security policy issues, lessons learned, best practices,
technological improvements, tactics, and procedures as recommended by a
previous study.
Promote greater reliance on continuing security self-
assessment programs to better inculcate security as every individual's
responsibility and integral to mission.
Consider changing the annual survey and self-assessment
program to a year-round program of in-depth assessments in specific
areas.
Formulate an NNSA-wide strategic security plan, similar
in level of detail and content to DOE's, to create a unifying security
roadmap for the NNSA enterprise. Use this plan as a cornerstone for the
creation of other interdependent enterprise wide plans, such as special
nuclear material consolidation, infrastructure recapitalization,
technology investment, information systems modernization, and the
foundation for individual security discipline plans (physical, cyber,
personnel, and material control and accountability).
Establish effective, formal forums to: promote greater
DOE/NNSA-to-DOD, DOE-to-NNSA, headquarters-to-site, and site-to-site
collaboration between security policymakers and policy implementers,
promote more consistent interpretation and application of security
policy, foster adoption of best practices, help formulate a more
coherent, NNSA-wide security plan, consider making peer review an
inherent element of security policy formulation and implementation.
Review and streamline local site compliance-based quick
fixes to ensure security oversight is appropriately focused on
performance objectives.
Provide greater centralized clarification and
interpretation of security policy to promote more consistent and
standardized implementation. Consider repromulgation of a security
standards and criteria manual.
Consider conducting random testing of the PF throughout
the year in both firearms and physical fitness. This testing will
encourage officers to maintain weapons skills and physical fitness
levels year-round and will give management a more realistic picture of
the overall PF's capabilities.
Direct site offices to regularly check the false or
nuisance alarm rates from the CAS and compare them with the credit
taken in the VAs to ensure the analysis accurately reflects field
conditions. Establish a method to properly record and document the
false or nuisance alarm rate and ensure proper training for CAS PF
personnel.
Install modern computer alarm equipment that has an
automated alarm tracking system to replace antiquated systems.
Establish a more rigorous process within DOE/NNSA
headquarters to thoroughly review initial incident reports; monitor the
inquiry progress; review final reports for adequacy of the inquiry,
corrective actions, and analysis of underlying causes; and keep senior
DOE/NNSA leadership appropriately advised.
Establish a more formal and disciplined process at sites
to track security incident corrective actions to completion. Consider
requiring site management to include findings and corrective action
plans in a site-level corrective action tracking process involving
senior line management to ensure corrective actions are adequate and
complete.
Ensure reviews are conducted to execute continuous
improvement.
As also recommended by the Chiles report, establish a
dedicated and more effective formalized process within NNSA
headquarters to disseminate incident lessons learned to the NNSA
community.
Consider publishing a quarterly lessons-learned message
for all DOE/NNSA sites, with procedures for ad hoc promulgation of
urgent lessons learned.
Develop more meaningful security metrics that accurately
measure the nature, frequency, and significance of incidents; the
underlying root causes; and the timeliness of reporting, investigation,
and corrective action development. Periodically provide these metrics
to senior headquarters and site leadership, as well as appropriate
security officials, to promote greater awareness of security
performance and concerns.
Consider a reasonable standardization of site security
system architecture, design, and implementation, including the security
upgrades in progress. NNSA site oversight and headquarters should be
involved in each critical decision stage of security upgrade projects.
Project rationale and justification should be scrutinized and compared
with complex-wide needs and overall direction. This would optimize the
use of security up-grade funding and present a clear direction for
security strategy.
Develop, with urgency, a more robust, integrated DOE/
NNSA-wide process to provide accountability and follow-up on security
findings and recommendations.''
Mr. Rogers. If previous studies have repeatedly noted the same
problems--for instance, confused lines of authority, responsibility,
and accountability--why have they not been addressed? Why have prior
attempts to implement change at NNSA failed? What should Congress do to
ensure these issues are addressed once and for all?
General Alston. Some in DOE and NNSA have pointed to the transitory
nature and frequency of leadership change and a lack of continuity of
priorities during these transitions as causal. It is my view that in
the current DOE culture, ``safety,'' ``security,'' ``science (labs),''
and ``mission (production sites)'' share a common, finite tradespace
and compete with each other for emphasis and resources. If there is
insufficient individual security expertise at the senior levels of NNSA
and DOE, and no common appreciation for the value of security across
senior leadership--except in crisis--security concerns will find
inconsistent support and ultimately weak follow through.
Mr. Rogers. General Finan, your report indicates serious problems
with the security culture at NNSA, and that many of these problems have
existed for decades.
a. Can we change the security culture without some sort of
fundamental changes? Is it possible to shift the culture using only
incremental changes?
b. Culture changes are extremely difficult and often take a long
time--what immediate-term actions should we be taking to begin this
needed culture shift?
General Finan. a. NNSA leadership must take bold and enduring
actions. Fundamental change is required within the NNSA organizational
structure and in its assessment model. This, in and of itself, will not
necessarily drive a change in culture. In conjunction with implementing
the new structure and model, a deliberate campaign should be initiated
to emphasize the importance of the security mission in strategic plans,
mission statements, policy documents, and other expressions of
management intent. Security must be clearly integrated with other
mission elements and appropriately recognized as essential to overall
NNSA mission success.
It is possible to shift culture with incremental changes. However,
those incremental changes would have to be a part of a well-planned,
larger campaign designed specifically to re-shape the organization and
its culture. A shift in culture is not likely if change is implemented
at the margins of the issues and it does not address core faults such
as the confusing and ill-defined roles and responsibilities within the
NNSA federal organizational structure.
b. A deliberate campaign should be initiated to emphasize the
importance of the security mission in strategic plans, mission
statements, policy documents, and other expressions of management
intent. Security must be clearly integrated with other mission elements
and appropriately recognized as essential to overall NNSA mission
success. Additionally, NNSA needs to build and execute a Security Road
Map that consolidates recommendations from previous reports,
articulates a clear vision of where the security program is going, and
charts a path forward. Document the path in a roadmap that is signed by
the NNSA Administrator and follow up with action plans that have clear
ownership, and status updates.
Mr. Rogers. General Finan, you have argued that security
requirements need to be better specified (for example, your report
recommends that NNSA ``develop and issue specific standards against
which security operations are to perform and the criteria by which they
will be evaluated.'').
What standards, criteria, and metrics do you suggest? What metrics
should senior leaders pay special attention to in order to ensure
robust security effectiveness? How many metrics is too many--at what do
the important ones get lost in the noise?
General Finan. DOE had detailed standards and criteria for security
operations. The last iteration of that document is a good baseline to
start from. It was issued under the title ``Guide for Implementation of
Safeguards and Security Directives (Short Title: Safeguards and
Security Standards and Criteria)'' on 26 November 1993. An example of a
standard and associated criterion is listed below:
Standard
Alarm Systems Testing and Maintenance: The facility conducts
operability tests of the basic alarm components at least once every
seven days, and performs required and necessary maintenance on the
systems.
Criteria
1. Personnel testing, maintaining, or servicing alarms have access
authorizations consistent with the highest classification levels being
protected, unless such testing and maintenance is performed as bench
services away from the protected location or is performed under the
supervision of an appropriately cleared and knowledgeable custodian of
the alarm-protected location.
2. Alarms bench tested or maintained by uncleared personnel away
from the protected location are inspected and tested prior to
installation.
3. At least once a week, the basic alarm component is tested by
simulated intrusion of the alarmed area or of the protected space of an
alarmed object. (Opening an alarmed portal in a manner that would cause
an alarm is an adequate weekly test.) Alarms caused by the opening and
closing of areas by operating personnel in the normal performance of
their activities are acceptable tests when documented as tests.
4. False and nuisance alarm rate records are maintained and results
are analyzed to determine alarm system performance.
5. Corrective maintenance is initiated within 72 hours of
indication of failure. Compensatory measures are initiated immediately
to provide equivalent detection capability when any part of the
detection system is out of service and are continued until maintenance
is complete.
For Metrics, NA-70 has is working some detailed metrics in their
new Mission Essential Task List that will be useful in managing the
protective force and should roll up to higher level metrics that can be
used by senior leaders. A basic metric framework could include the
major categories of System Performance, Operational Performance,
Modernization, Support Services, and Predictive Indicators. System
performance could include metrics such as False and Nuisance alarm
rates, camera status, sensor status, etc. Operational Performance could
focus on protective force training status, evaluation results, exercise
performance and depth, etc. Modernization could measure the status of
the security systems by monitoring the age of the significant sub-
systems. Support Services could measure contract status,
standardization of procedures and documentation across the NNSA
complex, etc. The Predictive Indicators metric could focus on early
alerting of leadership to potential issues. For example, funding status
for training could indicate future proficiency; leadership security
experience levels could indicate the quality of future performance and
decisions, etc. These indicators would be made up of increasing levels
of detail that are used by each level of management to manage security.
Establishing the right level and number of metrics is difficult. A
small number of high level metrics with the ability to drill down to an
appropriate level to see causes and contributing factors is essential.
The key is a structured process with defined business rules that are
adhered to by all participants.
Mr. Rogers. To what extent do you believe that oversight activities
should also be standardized and/or centrally directed? Will more
inspections necessarily equate to more effective oversight? How should
oversight of security operations be conducted?
General Finan. There is a role for standardized, centrally directed
oversight as well as for individualized, tailored evaluation. At the
tactical level, oversight activities should be tailored and flexible
based on needs and specific performance. As the level of overseeing
organization rises, the level of standardization and centralization
should rise correspondingly. For example, at the tactical level, a
security supervisor would want to see and evaluate the specific actions
of the team members that work for him/her. Based on the supervisors
knowledge of threats, skill levels, training, and site specifics,
evaluation must be tailored for the specific situation. At an
operational level, evaluators must see standardization of procedures
and accomplishment of objectives. These evaluations would be more
standardized and controlled by a central authority. At the strategic
level oversight should focus on the larger context of fulfilling
mission requirements. Again, this type of evaluation should be
centrally directed as it is looking for performance across the
enterprise.
More inspections will not equate to better performance and will not
necessarily equate to effective oversight. While inspections can drive
performance, they do not ensure performance. A comprehensive system of
oversight is needed.
Our report proposed strengthening the role of Federal security
assessment within NNSA without diminishing the legitimate need for
contractors to maintain their own self-assessment capabilities or HSS
to provide Independent Oversight. We called for a three-tiered
assessment process.
Contractor self-assessment is the first tier in the overall
assessment process. The primary audience for the contractor self-
assessments should be the contractor security managers themselves, but
the self-assessments should follow a consistent, program-wide format,
and be made available for review at all higher levels of management.
Contractors should be required to identify, report, and resolve
security issues--sanctions should come when a higher level assessment
uncovers problems that the contractor self-assessments fail to identify
or properly address. Even when an issue is readily resolved and
corrective actions are immediate, a finding should be issued and the
corrective action recorded. Failure to do so inevitably hides potential
negative trends. Contractor self-assessments should involve active
performance testing rather than simply relying on work observation and
document review--effective security performance can only be evaluated
through testing. On site Federal security personnel should actively
participate in this process as quality assurance for the federal
government.
The fundamental purpose of Federal security performance assessment
is to ensure that requirements are properly implemented. Therefore, the
primary Federal assessment organization should ultimately report to the
Chief of Defense Nuclear Security, who is responsible for requirements.
This provides independence not only from the contractors, but also from
the tactical-level Federal field staff whose necessary day-to-day
interaction with contractor managers and staff risks loss of
objectivity. This enables the Chief of Defense Nuclear Security to
better ensure effective implementation of NNSA security programs.
Additionally, it provides feedback on performance to the operational
and tactical levels.
These Federal security assessments should include performance
testing of all critical elements. The assessors should issue clear
findings which are to be tracked and closed in a program-wide
corrective action management system. Federal assessors should also look
closely at the contractor self-assessment process; ``failures to
identify'' by the contractor self-assessment element should
automatically rise to the level of significant findings.
The final tier of the assessment model should explicitly rely upon
the services of an independent security oversight function, currently
provided by HSS. NNSA should arrange for a regular process of
comprehensive inspections. The oversight function should be encouraged
to issue strong findings for matters of potential concern to the NNSA
Administrator and the Secretary of Energy, and should routinely
evaluate the performance of contractor self-assessments and the Federal
assessment program.
Mr. Rogers. How do we ensure robust security oversight that is not
overly burdensome?
General Finan. Much of the ``burden'' of oversight is caused by
excessive paperwork associated with evaluating compliance. The current
security assessment process in NNSA is paper-based and is heavily
dependent on field office and contractor reporting. It does not include
independent observation or validation of site security implementation
from NNSA. As a result, NNSA is unable to validate the implementation
of security policies or contractor performance of assigned missions.
Large volumes of paperwork are generated each quarter in which it is
nearly impossible to discern trends or significant deficiencies.
In the area of security, oversight must be about performance.
Therefore, oversight should see actual performance in the form of real
world activity or exercises. Some paperwork should be reviewed, such as
training records, but that paper work should already exist and not be
generated solely for the purpose of outside oversight. Specific
standards against which security operations are to perform and the
criteria by which they will be evaluated must be codified. This will
ensure security professionals know what is expected and how they will
be evaluated. By eliminating paperwork generated solely for the purpose
of oversight and adhering to a known set of standards and criteria,
security oversight should not be burdensome.
We should also resist the notion that strong performance-based
standards and criteria and an equally strong insistence on stringent
performance assessment and oversight inherently constitutes an
excessive burden on contractors and the field. Part of the cultural
challenge lies in overcoming the tendency on the part of contractors
and their field level federal counterparts to assert that their local
priorities and perspectives must take precedence over comprehensive and
coherent, centrally-driven security program direction. A good system
must take into account special local circumstances. However, NNSA's
longstanding tradition has been the assertion that ``the field always
knows best,'' and that Headquarters should simply stay out of their
business. Upon close examination, many complaints about ``excessively
burdensome HQ security oversight'' are revealed as exercises in ``turf
protection''.
Mr. Rogers. General Finan, your report is clearly indicating
frustration when it says ``the most striking result of this review
falls in the area of culture sustainment. It quickly became evident
that the Task Force findings closely resemble those presented in
numerous prior reports such as the 2005 Mies Report and the 2004 Chiles
Report.'' Why haven't DOE and NNSA been able to address these long-
standing, well-documented problems?
a. What do you recommend that we in Congress do to ensure they are
actually addressed this time?
General Finan. DOE and NNSA have not been able to attack core
issues. As a result, they make marginal change around the periphery of
the issue, check the box showing they have taken action, and move on to
other things. Security human capital development is a good example.
Security professionals in NNSA do not have a defined career path. They
do not have a program for their development, and they largely see their
careers with the federal government as dead ends. This issue has been
repeatedly identified. As a result NNSA has taken action. They
implemented a rudimentary requirement for security professionals to get
some minimal training and the started a program where they brought in
young leaders as a part of the leadership development program. With
this in place, it was assumed that they had taken care of the Human
Capital issues identified in the 2004/2005 time frame. Unfortunately,
this action did not create a career path; it did not develop security
professionals; it did bring in people with little or no security
expertise or necessarily even an interest in security; and it did not
change the belief that there was not anywhere to progress to in
security. It nibbled at the margins of a core issue . . . the fact that
there was no identifiable, repeatable, or executable career path for
federal security professionals.
a. Ensure that NNSA builds and executes a Security Road Map that
consolidates recommendations, articulates a clear vision of where the
security program is going, and charts a path forward. Document the path
in a roadmap that is signed by the NNSA Administrator and follow up
with action plans that have clear ownership, including regular status
updates. Solutions must be enduring and will require leadership
dedication.
Mr. Rogers. General Finan, you recognized human capital limitations
as a contributing factor to the event, including weak staff
capabilities to assess contractor performance. What can Congress do, if
anything, to enhance human capital at NNSA as it pertains to security?
General Finan. NNSA must develop a comprehensive plan for
recruiting, developing, and retaining qualified security experts. NNSA
needs the right federal security professionals in the right places.
Individual leaders, and collectively the entire staff, must possess an
appropriate skill and experience base to provide effective security
program execution. Congress can specifically help by ensuring that NNSA
has the ability to hire the appropriate federal security staff, both in
terms of numbers and pay scale. Currently, NNSA relies heavily on
support service contractors. This is partly due to limitations
(perceived or real) on funding and hiring federal personnel.
Mr. Rogers. General Finan, your task force was directed to study
organizational issues within NNSA. Your tasking did not include
assessing organizational issues within the broader DOE system. In the
course of your investigation, did you become aware of any
organizational problems related to security in the broader DOE
organization, or are these problems located solely within NNSA?
a. Do you believe the security policy-making and oversight roles
and responsibilities between DOE's Office of Health, Safety, and
Security and NNSA are clearly defined and understood?
General Finan. We did find evidence of similar confusion related to
ambiguous lines of authority and lack of standardization in executing
the security mission. As in NNSA, we found wide variations in how the
federal staffs executed their oversight roles at the various sites.
a. I do not. The Task Force identified that there is no clearly
articulated or consistently implemented NNSA security policy process. A
major concern is the supplanting of DOE Security Orders with generic
and less restrictive NNSA policies (NAPs). Additionally, the Task Force
noted a desire on the part of some NA-70 senior managers to maximize
separation from DOE HSS policies and activities. Within NA-70, policy
and guidance are issued through a variety of formal and informal
mechanisms with erratic distribution. The Task Force identified that
some Federal field organizations are inconsistent in their acceptance
and application of NA-70 issued policies. Finally, NA-70 policy and
guidance tend to be vague resulting in widely differing interpretations
by field personnel. This has resulted in additional confusion in the
field as to which policies actually apply to them.
Mr. Rogers. General Finan, your report seems to indicate that DOE
and NNSA were overly focused on paperwork, and missed the warning signs
that indicated a problem at Y-12. Why such focus on paperwork? How were
they missing the warning signs?
a. How would you change the assessment, inspection, and oversight
process to ensure the warning signs are noticed, and security
performance is assured?
General Finan. Misinterpretation, and/or misapplication of the DOE
Safety and Security Reform Plan, dated March 16, 2010, resulted in a
weakened Federal security assessment program. In particular, this
document stated: ``Security Performance: Contractors are provided the
flexibility to tailor and implement security programs in light of their
situation and to develop corresponding risk- and performance-based
protection strategies without excessive Federal oversight or overly-
prescriptive Departmental requirements.'' This guidance was further
expanded upon and eventually articulated in NAP-21, Transformation
Governance and Oversight Initiative. The belief arose that ``eyes on,
hands off'' precluded Federal security staff from conducting
performance-based assessments of contractors. As a result, most Federal
assessment was based on paperwork generated by the contractor. The
paperwork was voluminous and non-standard. There were no consistent
business rules on how to report areas of concern. The result was a mass
of paper that made it nearly impossible to discern issues.
This paper-based system of assessment, without sufficient
performance verification, is inadequate for effective evaluation of
security operations. Much of the ``burden'' of oversight is caused by
excessive paperwork associated with evaluating compliance. Large
volumes of paperwork are generated each quarter in which it is nearly
impossible to discern trends or significant deficiencies. This,
combined with a lack of NNSA independent observation or validation of
site security implementation resulted in an inability to validate the
implementation of security policies or contractor performance of
assigned missions.
a. The Task Force proposed an assessment model that strengthens the
role of Federal security assessment within NNSA without diminishing the
legitimate need for contractors to maintain their own self-assessment
capabilities.
The contractor self-assessment process is the first tier in the
overall assessment process. The primary audience for the contractor
self-assessments should be the contractor security managers themselves,
but the self-assessments should follow a consistent, program-wide
format, and be made available for review at all higher levels of
management. Contractors should be required to identify, report, and
resolve security issues--sanctions should come when a higher level
assessment uncovers problems that the contractor self-assessments fail
to identify or properly address. Even when an issue is readily resolved
and corrective actions are immediate, a finding should be issued and
the corrective action recorded. Failure to do so inevitably hides
potential negative trends. Contractor self-assessments should involve
active performance testing rather than simply relying on work
observation and document review--effective security performance can
only be evaluated through testing.
The fundamental purpose of Federal security performance assessment
is to ensure that requirements are properly implemented. Therefore, the
primary Federal assessment organization should ultimately report to the
Chief of Defense Nuclear Security, who is responsible for requirements.
This provides independence not only from the contractors, but also from
the tactical-level Federal field staff whose necessary day-to-day
interaction with contractor managers and staff risks loss of
objectivity. This enables the Chief of Defense Nuclear Security to
better ensure effective implementation of NNSA security programs.
Additionally, it provides feedback on performance to the operational
and tactical levels.
These Federal security assessments should include performance
testing of all critical elements. The assessors should issue clear
findings which are to be tracked and closed in a program-wide
corrective action management system. Federal assessors should also look
closely at the contractor self-assessment process; ``failures to
identify'' by the contractor self-assessment element should
automatically rise to the level of significant findings.
The final tier of the assessment model should explicitly rely upon
the services of an independent security oversight function, currently
provided by HSS. NNSA should arrange for a regular process of
comprehensive inspections. The oversight function should be encouraged
to issue strong findings for matters of potential concern to the NNSA
Administrator and the Secretary of Energy, and should routinely
evaluate the performance of contractor self-assessments and the Federal
assessment program.
This performance assessment model assumes a common requirements
base that is employed at all levels and across the NNSA security
program. While some allowance may be made for site-specific issues, the
fundamental elements of this requirements base should be an
appropriately integrated system of DOE policies, NNSA implementation
directives, and field operational guidance. The requirements base
should be reflected in approved documents such as site Safeguards and
Security Plans. Specific performance requirements should be articulated
in detailed performance standards and criteria supported by a commonly
understood and utilized performance testing process.
Mr. Rogers. Mr. Friedman, your report recommends that NNSA
``perform periodic in-depth reviews of contractor's security
performance using a risk-based approach.'' Does NNSA not do this now?
a. How does NNSA and DOE use risk analysis in its assessments of
security?
b. Do we have a rigorous means of assessing, managing, and
balancing security risks, costs, and mission needs?
Mr. Friedman. At the time of our review, there were two levels of
Federal contractor security performance assessments at the Y-12
National Security Complex. These were performed by the Department's
Office of Health, Safety and Security (HSS) and the NNSA Production
Office (NPO).
HSS performed limited scope security assessments on a periodic
basis. During the review, we did not specifically review HSS's
methodology for determining what sites/areas to assess or the frequency
of the assessments. However, HSS has publically acknowledged that its
review regime has been limited in recent years. The Department has
stated that, as a result of the Y-12 matter, a more robust security
performance assessment strategy will be implemented.
NPO stated that it performed periodic reviews of the contractor's
security performance using a risk-based approach. However, as part of
our work at Y-12, we interviewed the NPO personnel responsible for the
reviews and examined NPO's periodic assessment reports. In our opinion,
the reviews could not be considered ``in-depth'' since they consisted
mainly of reviewing contractor-prepared documentation and/or
``shadowing'' the contractor's self-assessments rather than conducting
independent security performance testing.
a. The results of our review at Y-12, which catalogued what we
described as multiple-system failures, reflects our view of the quality
of risk assessment methodologies employed by NNSA/DOE, at least as they
applied to that facility at that time. Beyond our published analysis,
we did not specifically evaluate NNSA/DOE's use of risk analysis to
plan their security assessments. Respectfully, responsible Department
officials may be able to provide a complete answer to this question.
b. Our review focused on the circumstances directly pertaining to
the incident at Y-12, thus we did not evaluate the overall NNSA/DOE
security posture. To the extent the problems identified at Y-12 as part
of our review and by other subsequent reviews reflect the status of
security throughout the complex, there is reason for concern.
Mr. Rogers. Secretary Poneman, we've heard differing opinions on
how DOE and NNSA's protective forces should be structured. Do you
believe federalization of the protective forces is an appropriate path
forward? What are the benefits, risks, and costs of the various models
for the protective forces?
Mr. Poneman. Federalization of the protective force was considered
extensively in security reviews by Mr. Meserve, Mr. Alston and Mr.
Augustine following the Y-12 security incident as well as many others
over the years. DOE believes this topic is worthy of continued dialogue
within the Department and with Congress, but is not prepared to offer a
formal opinion at this time.
Some of the issues for further consideration include how a Federal
force would integrate with on-site Management and Operating (M&O)
contractor leadership, the potential for complex-wide labor disputes or
strikes, and the budgetary impact on the Government.
Mr. Rogers. Secretary Poneman, in General Alston's letter to
Secretary Chu, he says ``there is a perception that corporate security
policy is being written from inspection results.'' Mr. Augustine noted
in his letter that inspections and assessments inappropriately focus on
compliance with standards, and not on security effectiveness or
performance, concluding that ``what is needed is not more inspections
but better inspections.'' Do you agree? If so, how will DOE address
this concern?
a. What is being done to make inspections more effective at
assuring robust security performance?
Mr. Poneman. The Department appreciates receiving these
observations from General Alston and Mr. Augustine. Inspections of
nuclear facilities performed by HSS not only focus on compliance with
established DOE policies, but also on security effectiveness and
emphasize testing of performance. I agree that the quality of
inspections is very important in addition to frequency. Since the Y-12
security incident we have directed HSS to enhance its inspections to
include more limited-notice and no-notice testing of the protective
forces and security systems in order to ensure their readiness to
respond to security incidents. As you know, we have also directed HSS
to conduct extent-of-condition reviews at all Category I special
nuclear facilities and to complete comprehensive inspections at each of
these facilities by October 2013.
Mr. Rogers. Secretary Poneman, several witnesses from the first
panel indicated in their reports that the governance reforms initiated
by Secretary Chu and Administrator D'Agostino were misinterpreted or
misapplied by Federal staff, which was a contributing factor to the Y-
12 incident. Do you agree? [Question #16, for cross-reference.]
Mr. Poneman. NNSA's governance reforms were structured to improve
the Line Oversight of its contractor operations. Effective Line
Oversight uses several different sources of information to ensure
accurate and objective understanding of conditions and performance.
Those sources include federal line management assessments, federal
independent assessment and data from the Contractor's ``Contractor
Assurance System (CAS)''. A CAS is a primary tool used by Contractor
Management to measure, improve, and demonstrate performance and ensure
that mission objectives and contract requirements are achieved. CAS is
the same as basic concepts of successful industry quality management
systems such as International Standards Organization (ISO) 9000/9001.
A robust and effectively functioning CAS provides transparency and
builds trust between NNSA and its contractors and helps to ensure
alignment across the NNSA Enterprise to accomplish and address mission
needs. For example, comparing data developed through the CAS to data
developed by federal assessments allows NNSA to ensure that the M&O
contractor has effective quality management programs in place. With
effective and transparent contractor assurance systems, NNSA can focus
the deployment of our federal oversight workforce on high risk areas,
e.g. nuclear safety, security, and cyber security.
NNSA has recently completed a review of the current policy on
reviewing CAS and Line Oversight processes in light of the lessons
learned from the early reviews and the Y-12 performance failure. The
review has identified needed changes to the processes so future reviews
will ensure performance requirements are being met and that the
objectives and expectations for NNSA governance are effectively
communicated and adhered to across the complex.
These changes will be consistent with the revised DOE Order 226.1B,
Implementation of Department of Energy Oversight Policy, which requires
that the Heads of the Field Elements approve the initial contractor
assurance system description; review and assess the effectiveness of
the Contractor Assurance Systems (CAS); and establish performance
expectations and communicate same to contractors through formal
contract mechanisms. This is a continuation of the requirements
contained in the predecessor DOE order 226.1A, dated July 31, 2007.
That order also contains contractor requirements for a CAS.
Additionally, DOE Order 227.1, Independent Oversight Program, issued
August 30, 2011, requires that the contractor's corrective action to
address a security weaknesses identified during an Independent
Oversight inspection be approved by the DOE. This is a continuation of
the requirement that was contained in the predecessor order, DOE Order
470.2B, Independent Oversight and Performance Assurance Program, dated
October 31, 2002. A key aspect of our strengthened process is the
establishment of a central line organization, the Office of
Infrastructure and Operations, (NA-00) and a clear focus on oversight
at three distinct, but mutually supportive, levels within NNSA. As
before, the M&O contractors are responsible and accountable for their
performance at the floor level where their employees perform work--this
is what we call the ``tactical'' level of oversight. The Office of
Infrastructure and Operation provides the federal line-management or
``operational'' oversight. In this regard, NA-00 leverages the combined
capabilities of its offices through the complex to ensure that
oversight is performed by both the federal staff closest to, and most
knowledgeable of, a specific site's operations but also federal
personnel responsible for similar activities at other locations who can
provide additional objectivity because they have relevant experience
but a different perspective. NNSA also provides oversight by subject
matter experts who are independent of the NN-00 line organization.
Offices such as security (NA-70) and safety (NA-SH) provide strategic
oversight and performance data to the most senior NNSA leaders from a
perspective outside the pressures and influences that can affect the
line organization.
Based on these refinements and improved clarity, as well as the
added reliability of the structured levels of oversight, NNSA will work
to ensure that our oversight and performance expectations are clear,
well executed, and not misinterpreted.
Mr. Rogers. Secretary Poneman, DOE's 2010 Safety and Security
Reform Plan advocated for a performance-focus and the removal of
``excessive'' Federal oversight. Do you still stand behind the plan's
core tenets?
a. As Deputy Secretary, how will you ensure that NNSA and DOE
conduct rigorous and effective--but not burdensome--oversight of
security at NNSA's facilities?
Mr. Poneman. Over the past two years the Department undertook an
effort to assess the effectiveness of all safety and security
directives with the goal of reducing redundancy, duplication and
inconsistencies. The result is a set of directives that is more
streamlined, allows DOE program offices and contractors greater
flexibility in implementing Departmental requirements, without
sacrificing the level of protection of worker health, safety and
security. The directives reform effort was not a contributing factor to
the security failure at Y-12. None of the studies conducted so far
(either by General Alston, Mr. Meserve, Mr. Augustine, General Finan,
or the Inspector General) have pointed to the Department's revised
directives. For instance, the revised DOE Order 226.1B, Implementation
of Department of Energy Oversight Policy, requires that the Heads of
the Field Elements approve the initial contractor assurance system
description; review and assess the effectiveness of the Contractor
Assurance Systems (CAS); and establish performance expectations and
communicate same to contractors through formal contract mechanisms. The
order also contains contractor requirements for a CAS. This is a
continuation of the requirements contained in the predecessor DOE order
226.1A, dated July 31, 2007.
a. We will continue to ensure that NNSA and DOE perform rigorous
and effective oversight of security and strive to improve that
oversight, in ways that minimize the impact to mission execution.
Mr. Rogers. Secretary Poneman, nearly every external review in the
past decade has indicated serious problems with the security culture at
NNSA and DOE. Culture changes are extremely difficult and often take a
long time. What immediate-term actions should we be taking to begin
this needed culture shift? What is your long-term plan to instill a new
security culture? [Question #18, for cross-reference.]
Mr. Poneman. a. We recognize the need for a positive culture
change. Immediate-term actions within the NNSA included the hiring of
four senior Federal personnel to transform our approach to security. A
highly-experienced individual with over 30 years of Nuclear Security
experience in the Department of Defense was appointed to serve as the
new Chief of Defense Nuclear Security; two new Senior Advisors
experienced in security matters will serve under the Chief to develop
overall policy and ensure the adequacy of its implementation through
assessments. In addition, a highly experienced individual was brought
into NA-00, the Office of Infrastructure and Operations, to provide
high level operational experience to facilitate more consistent and
high quality oversight of the operational security program. These
individuals are charged with changing the culture of the security
community.
Recognizing a need to continue improvement in the NNSA Safety
Culture, the NNSA Administrator established the NNSA's Safety Culture
Working Group (SCWG) on December 3, 2012, to identify and direct
specific actions to improve the safety culture in NNSA. The SCWG
quickly determined that it was appropriate, and more descriptive, to
address the overall NNSA performance culture, which includes security
performance. Everyone within the NNSA directly impacts our performance
culture, regardless of role or function; therefore, everyone has a role
in improving our overall performance culture.
The SCWG is conducting a comprehensive assessment of the NNSA
culture, will analyze the data collected through extensive reviews of
NNSA personnel and recommend corrective actions. The SCWG has authority
to direct actions necessary to monitor and improve culture throughout
NNSA.
As indicated in Geral Finan's review, after HSS security
inspections revealed security flaws dating back to the early 200s,
these flaws are now getting HSS follow-up attention. We recognize that
true lasting cultural change is the hardest type of change to
implement. NNSA senior leadership is united and engaged not only in
acknowledging the need for change but in actively supporting that
change. The lessons learned the hard way from our experience at Y-12
have served as an undeniable wake up call for us to set clear
expectations for performance, adherence to standards and attention to
detail across the NNSA enterprise.
b. First and foremost, we acknowledge the need to improve and to
face facts about performance and culture head on. Our near-term actions
set the stage for success in the long term. By bringing in several high
quality experts with significant experience in nuclear weapons security
we have begun to set the example of supreme professionalism in our
leadership. We have implemented all recommendations of the Finan Report
which, over time, will drive clarity not only into the chain of command
but into the overall process by which we establish expectations across
the enterprise.
The new assessment model implemented by NA-70, our Chief of Defense
Nuclear Security organization, will drive consistency of implementation
in requirements and ensure adherence to high standards across the NNSA
enterprise through frequent and detailed formal assessments at our
sites by independent internal NNSA security professionals.
These actions, supported by strong central leadership and
unflinching focus will serve to increase the professionalism of the
NNSA Headquarters security professionals, make more information
available to the Administrator and hit the culture of complacency that
led to our Y-12 failure directly.
Mr. Rogers. Secretary Poneman, the first witness panel pointed out
that most of their findings and recommendations are not new--that they
are strikingly similar to those made by many external reviews over the
past decades. We have stacks and stacks of reports going back 15 or 20
years--since before NNSA was created--describing the same exact
problems. [Question #19, for cross-reference.]
a. Please list the various external reports and reviews of security
and general management/oversight problems at DOE and NNSA that you have
used (and will use) to understand the problems and history behind them.
b. Why are these long-standing, well-documented problems not
getting fixed?
c. What assurances can you provide that they are now getting fixed?
How will we know they are effective?
d. Will the Obama Administration come forward with a package of
reforms that will finally address the root causes of these problems in
both security and general management at DOE?
Mr. Poneman. In addition to the external security reviews by Mr.
Meserve, Mr. Alston and Mr. Augustine and General Finan review of NNSA
security following the Y-12 incident, a number of external reports and
reviews of DOE/NNSA security and general management/oversight since
NNSA's creation. They included:
1) Federal Advisory Committee for the Nuclear Command and Control
System Comprehensive Review (Admiral Mies Report), December 3, 2009
2) Strengthening NNSA Security Expertise, an Independent Analysis
(Chiles Report), March 2004
3) Science and Security in the Twenty First Centure: A Report for
the Secretary of Energy on the Department of Energy Laboratories (Hamre
Report), February 2002
4) Science and Security in the Service of the Nation: A Review of
the Security (Baker/Hamilton Report), September 2000
The Department takes the recommendations of internal and external
security experts seriously, and implements their findings and
recommendations as appropriate to address systemic problems. A top
priority for the Department is improving the management and oversight
of the Department's nuclear security mission.
As evidenced by the Y-12 security breach, there are existing
challenges in the nuclear security complex that needed to be addressed,
some that demonstrated the need for a deep cultural change. Many of the
external reports commented about the organization and management
weaknesses, such as a lack of clear accountability, roles and
responsibility, and authority. NNSA has taken on the challenge stemming
from the proper line management security by implementing a key
recommendation in General Finan's review, making the security of the
entire nuclear complex more secure and streamlined.
Prior to the Y-12 incursion, the Headquarters NNSA security
organization, the Office of Defense Nuclear Security (NA-70), served as
a ``Functional Manager'' for the security mission, while the line
authority flowed from the Secretary to other NNSA Administrators and
other organizations. General Finan recommended for strategic-level
policy guidance, requirements determination, and performance assessment
to be under the jurisdiction of the Chief, Defense Nuclear Security
(NA-70).
A separate office, NNSA' s Office of the Associate Administrator
for Infrastructure and Operations (NA-00) would then provide the
operational accountability for NNSA's security organization.
Operational implementation and standardization of operations across the
security program occurs at the NA-00 level.
The existence of a single point through which the field reports and
is held accountable is the way the NNSA will assure the consistent and
effective implementation of security policy. This is a change from the
approach the NNSA has taken-where each field office had greater
latitude in implementing policies and requirements for its site.
Mr. Rogers. Secretary Poneman, in his letter to Secretary Chu, Dr.
Meserve notes that he and his fellow reviewers ``had some difficulty in
obtaining a clear organization chart that defines the structure for
security oversight within DOE.'' He noted that issues within this
problem within NNSA were going to be addressed by General Finan's
effort, but that ``a broader examination of DOE's internal management
of security should be undertaken in order to streamline and simplify
the structure.'' Are you going to undertake this effort to streamline
and simplify DOE's management structure for security? What steps will
you take and when? What can Congress do to support these efforts?
a. Are the recommendations made by General Finan on simplifying
structure within NNSA being implemented?
b. How is creation of a new office that will have security
responsibilities (NA-00), while maintaining or increasing the size of
other offices with security responsibilities, ``simplifying'' the
structure?
c. Will you clarify and document the roles and authorities of NA-
70, NA-00, DOE's Office of Health, Safety, and Security, site offices,
senior officials, and other parties? When will this happen? How will it
be documented and communicated to all stakeholders?
d. What steps are you taking to minimize conflicting policies and
directions provided by NNSA headquarters, DOE's Office of Health,
Safety, and Security, and other Federal officials to field staff and
contractors?
Mr. Poneman. a. NNSA is implementing recommendations made by
General Finan following her thorough review of the federal NNSA
security organizational structure and security oversight model.
b. General Finan offered recommendations to established and ensure
a clear and strong path of line management authority, responsibility,
and accountability for security operations within the NNSA. NNSA's
Office of the Associate Administrator for Infrastructure and Operations
(NA-00) would provide the operational accountability for NNSA's
security organization, while the Chief, Defense Nuclear Security (NA-
70) provides strategic-level policy guidance, requirements
determination, and performance assessment.
c. The Department's Office of Health, Safety and Security (HSS), in
consultation with line management, is responsible for the development
of DOE nuclear safety and security policy, Federal Rules, Orders, and
the associated standards and guidance, as well as for reviewing safety
and security issues complex-wide. HSS also conducts independent
oversight and regulatory enforcement that is independent from line
management. HSS oversight has expanded the scope and variety of
performance testing methods utilized to assess the readiness of DOE and
NNSA site protection systems against a defined spectrum of threats and
adversary capabilities Performance testing methodologies include no-
notice and limited notice inspections to obtain a more realistic
assessment of site response capabilities and readiness performance.
d. To directly address problems with the assessment model, NNSA has
set about implementing a three-tiered approach to assessing security
throughout the NNSA. This approach includes: 1) an initial assessment
performed by the contractor at the site, 2) an assessment of the
contractor's performance carried out by the Chief of Defense Nuclear
Security at DOE Headquarters (NA-70), and 3) independent oversight by
the Office of Health, Safety and Security. And, of course, apart from
this three-tiered assessment and inspection regimen, we expect Federal
site personnel to perform quality assurance activities on a routine
basis as an integral part of their line management responsibilities.
Mr. Rogers. Secretary Poneman, in the 1990s we had a string of
major security problems at DOE Defense Programs, which then ran the
nuclear weapons complex. In 1999, the President's Foreign Intelligence
Advisory Board called DOE ``security at its worst'' and a
``dysfunctional bureaucracy that has proven it is incapable of
reforming itself.'' Congress created NNSA in an effort to address these
exact concerns. But on February 22 the DOE Chief Security Officer,
Glenn Podonsky, was quoted telling a reporter that the nuclear
enterprise ``wasn't working badly'' in the 1990s before NNSA was
formed, and that we should just abolish NNSA and go back to having
everything in DOE.
a. Do you agree with Mr. Podonsky that the nuclear enterprise
``wasn't working badly'' in the 1990s?
b. Do you agree with Mr. Podonsky that NNSA should be dissolved and
folded back into DOE? Are Mr. Podonsky's views the position of the
Department of Energy?
Mr. Poneman. I discussed Mr. Podonsky's remarks with him. His
comments were not accurately reflected in the news article you are
referencing, and he made clear at the time that the remarks were not
made on behalf of DOE. He merely remarked on the restructuring options
that an external review panel may consider and the feasibility of those
options. As you know, the Administration has made no proposal to
dissolve the NNSA or to return to any previous organizational model.
Mr. Rogers. Secretary Poneman, are you aware that DOE's Office of
Health, Safety, and Security conducted an independent oversight
inspection of Y-12's physical security systems in May 2012--just two
months before the security breach?
a. When did you become aware of this inspection and its results?
b. Do you believe this inspection of Y-12's physical security
systems should have found the many problems--such as inoperative
cameras, unacceptably high false alarm rates, inappropriate delegation
of cognizant security authority, etc.--that were subsequently found to
have contributed to the breach?
c. How effective are these independent inspections if they can't
catch and correct these glaring problems?
Mr. Poneman. The report from May 2012 was not a full security
inspection, nor was this report approved through the formal HSS review
process. Official HSS reports go through an exhaustive peer-review
process led by a Quality Review Board and are approved by all levels of
HSS senior management including approval by the Chief Health, Safety
and Security Officer. The May 2012 report was never considered by a
Quality Review Board panel and was not reviewed or approved by HSS
senior management. The individual who wrote it and submitted it to the
site, (without a signature nor on DOE letterhead) has received a formal
reprimand for his misrepresentation and was removed from any leadership
role for failing to follow important protocols and misrepresenting the
nature of the product.
A security inspection by HSS would have revealed many of the
problems at Y-12--as did the most recent full inspection in 2008-2009.
This unsanctioned report was the product of an assistance visit
requested by the site to focus on some very narrow issues. This
unapproved memo in no way could be interpreted as a validation that
everything was OK with security at Y-12. Neither HSS senior management
nor I were aware of the document until it was identified during a
search for Y-12 related documents requested by Congress.
Mr. Rogers. Secretary Poneman, how long has DOE's Chief Security
Officer, Mr. Glenn Podonsky, been employed by the Department of Energy?
How long has he held senior positions in the Department that have to do
with security oversight and/or security policy?
a. Given his previous positions and tenure, do you believe Mr.
Podonsky should have been aware of external reviews of DOE security
from the 2000s (Such as the Commission on Science and Security in 2002
and the Mies Task Force in 2005)?
b. As the Chief Security Officer for the Department, do you believe
it is Mr. Podonsky's responsibility to ensure that problems identified
by previous external reviews of security are corrected?
c. Do you believe the problems identified by previous reviews, such
as ``lack of clear accountability, excessive bureaucracy,
organizational stovepipes, lack of collaboration, and unwieldy,
cumbersome processes, '' as identified by Admiral Rich Mies in 2005 and
many others before him, have been addressed?
Mr. Poneman. Mr. Podonsky has served in DOE for approximately 29
years, in a number of senior positions involving security evaluations,
independent oversight, and performance assurance. He has been relied
upon by DOE leaders and Congressional oversight committees through
those years due to his experience and expertise in DOE nuclear security
matters. It is important to understand the security role of the Office
of Health, Safety and Security (HSS) which is headed by Mr. Podonsky.
HSS is a staff office reporting directly to me and the Secretary. HSS
leads the development of Departmental security policies, and provides
us with unvarnished assessments of DOE program and facility security
performance. Those assessments are performed independently of the line
management which holds responsibility for managing security at our
sites and facilities. However because HSS is independent of line
management within the programs, it does not have authority to direct
the Federal or contractor security officials at each site; it is up to
these parties to take actions in response to HSS findings. HSS ideally
plays a role in helping the programs implement security
recommendations, and follow-up to ensure that those recommendations are
adequately addressed. Over his career Mr. Podonsky has been well aware
of the various internal and external studies that have been done on DOE
security, and he has been involved at a senior level alongside previous
Secretaries and Deputy Secretaries and the DOE program office line
management, in determining the most appropriate response to each study.
Mr. Rogers. Secretary Poneman, do you still have confidence in Mr.
Podonsky as the Department's Chief Security Officer? Do you intend to
hold him or his office accountable for failing to identify the myriad
security problems at Y-12 just two months prior to the incident, or for
failing to correct the long-standing security problems at DOE?
Mr. Poneman. We see HSS as an important source of the solution. All
of us in the DOE security community--from the Secretary and me to
program office and site management in both headquarters and the field,
including HSS, have an obligation to improve security performance and
we are taking bold steps to ensure that the special nuclear materials
of the DOE are adequately protected. For all of us who have not been
removed from the line management of security following the incident, it
is our sole duty to ensure that we have learned from the incident and
quickly and effectively implemented corrective actions. HSS has been a
key contributor to that effort. Since the Y-12 incident, HSS has led a
successful extent-of-condition review of all DOE facilities which hold
Category I special nuclear materials, and is now in the process of
executing exhaustive inspections at each of these sites, to include
enhanced force-on- force testing of our protective forces, as directed
by the Secretary.
Mr. Rogers. Administrator Miller, all of the studies the committee
is aware have been conducted after the Y-12 incident have been
finalized except the ``Special Review Team'' report conducted by NA-70.
Initially, the committee was told that this assessment was expected to
``contribute to the wider effort to identify root causes, develop
conclusions, and outline recommendations'' for security improvements at
Y-12 and in other agency facilities. However, although the team's work
apparently concluded in September, it's been five months and the report
has not yet been finalized. What is the reason for this delay?
a. Have NNSA and DOE decided to discount the review because it was
conducted by an organization whose oversight practices contributed to
the incident? If that's the case, then why was the HSS review not
similarly discounted, given that HSS gave the physical security system
at Y-12 a clean bill of health just two months prior to the incident?
Or is it that senior NNSA or DOE officials disagree with the
recommendations and conclusions that the SRT report draws?
Ms. Miller. As soon as the Special Review Team (SRT) returned from
Tennessee, they shared their insights and findings with the Chief,
Defense Nuclear Security (CONS) who took immediate action to resolve
the issues cited. One of his actions was the immediate sharing of
lessons learned with field offices as well as the five page summary of
the issues found at Y-12 for use in assessing and improving their
processes. That summary was also provided to the House Armed Services
Committee. Additionally, in January 2013, a draft version of the Y-12
Special Review Team report was provided to the House Armed Services
Committee; however, the ``Assessment of NNSA Federal Organization and
Oversight of Security Operations'' study was well underway and was
yielding important recommendations. That report has since been
completed and published, and was provided to the House Armed Services
Committee staffers in December 2012.
a. We value the information provided in the SRT report, and many of
their observations focused on the larger National Nuclear Security
Administration security program, and are applicable to all of our
operations. It is also important to note that the May 2012 HSS Site
Assistance Visit report that you cite as giving the physical security
system at Y-12 ``a clean bill of health,'' did not represent a full
security inspection of Y-12, but only examined a few site specific
issues HSS was asked to help assess.
Mr. Rogers. Administrator Miller, how is NNSA handling the
conflicting recommendations generated from the various post-Y-12
incident studies? For instance, the DOE-HSS and Finan reports recommend
conducting more hands-on oversight of security, while Mr. Augustine and
two external members of the SRT panel caution specifically against
this. [Question #22, for cross-reference.]
a. As the Acting Administrator, how will you ensure that NNSA and
DOE conduct rigorous and effective--but not burdensome--oversight of
security at NNSA's facilities?
Ms. Miller. NNSA leadership implemented several processes and
procedures to improve security throughout the enterprise and ensure a
consistent standard for security operations. The Office of Defense
Nuclear Security (NA-70) has been realigned to focus on policy
development, strategic planning, and independent performance
assessments of security activities. The Office of Infrastructure and
Operations (NA-00), comprised of the NNSA Field Offices will develop an
internal performance review culture that will supplement the local
field offices. These performance reviews will be staffed by field
office employees from other sites and be specifically integrated with
other audit and surveillance plans to minimize operational impacts. To
elaborate, I have revised our processes so that NNSA will rely on a
three-tiered assessment model that will focus on performance and
outcomes (not just process) at the tactical, operational, and strategic
levels. The contractor self-assessment process continues as a
``tactical level'' first tier in the overall assessment process. The
Office of Infrastructure and Operations, drawing on NNSA federal
resources from across the complex, will provide ``operational level''
oversight to ensure consistent and effective performance from a line
management perspective. Finally, the ``strategic'' oversight is
conducted by NA-70/CDNS. An internal independent Federal assessment
organization, which reports directly to the Chief of Defense Nuclear
Security, and will ensure requirements are properly implemented by
going to the field, with minimal notice, and assessing security
readiness, operations, and implementation. A final tier of the
assessment model completely separate from NNSA is currently provided by
the Office of Health, Safety and Security.
a. As described in the response to Q22 [above], NNSA will employ a
system of tactical, operational, and strategic oversight.
Mr. Rogers. Administrator Miller, we've heard differing opinions on
how DOE and NNSA's protective forces should be structured. Do you
believe federalization of the protective forces is an appropriate path
forward? What are the benefits, risks, and costs of the various models
for the protective forces?
Ms. Miller. I defer to the Deputy Secretary of Energy's response.
[See page 131.]
Mr. Rogers. Acting Administrator Miller, do you believe NNSA has a
rigorous means of assessing, managing, and balancing security risks,
costs, and mission needs? If so, please describe this process.
Ms. Miller. Yes I do. NNSA leadership has implemented several
processes and procedures to improve security throughout the enterprise
and ensure a consistent standard for security operations.
We realigned security resource execution to the Office of
Infrastructure and Operations (NA-00) in alignment with its operational
authority across all NNSA sites.
NA-00 is assuming operational control over security
implementation across the Nuclear Security Enterprise.
Specifically, NA-00 will ensure:
standardization of security procedures across the
field locations;
provide operational assistance; and
serve as a conduit for operational concerns to the
DNS staff.
Additionally, the Defense Nuclear Security (DNS) mission was
reinvigorated to focus on policy development, strategic planning, and
performance assessments of field-led activities.
For example, as NNSA Acting Administrator, I recently dispatched
the new Acting Chief of DNS, travelling with a team of security
professionals, to visit every NNSA site during his first 50 days in
office, executing limited and no-notice assessments of their security
readiness, operations, and program implementation. These site visits
are the first step in what will become an enduring mission focus. NNSA
is committed to change our culture of how we assess security so that we
are less reliant on reports written by others and more focused on our
own real time assessments with a ``boots on-the-ground'' approach.
Mr. Rogers. Acting Administrator Miller, how much has the response
and aftermath to the Y-12 incident cost? How is NNSA paying for these
costs? Do you expect security costs to increase dramatically at Y-12
and/or across the enterprise in Fiscal Year 2014 and beyond?
Ms. Miller. The costs incurred for immediate corrective actions in
FY 2012 were approximately $13,680K. Approximately $2,984K of this
amount were indirect costs funded from organizational overhead pools.
Approximately $10,696K were paid for directly from the Field Security
(FS-20) account, but managed within the funding already allocated to
the site prior to the event. Total costs will depend on NNSA approval
of the specific baseline increases and non- recurring project/
procurements proposed by the site. For FY13 and beyond, these are still
being carefully vetted by subject matter experts and senior decision
makers and will be subject to the results of a new vulnerability
analysis. DNS expects there may be some minor increases in the
recurring level of effort, but most corrective actions have been and
will be largely one-time costs.
Mr. Rogers. Administrator Miller, several witnesses from the first
panel indicated in their reports that the governance reforms initiated
by Secretary Chu and Administrator D'Agostino were misinterpreted or
misapplied by Federal staff, which was a contributing factor to the Y-
12 incident. Do you agree?
Ms. Miller. Please see the answer the Deputy Secretary gave in
response to question #16. [See page 131.]
Mr. Rogers. Administrator Miller, NNSA has created the ``NA-00''
organization to manage the site offices. It will also have a role in
overseeing security at NNSA facilities. How will this new organization
fit into the many other organizations with security responsibilities,
including NA-70, DOE-HSS, and the site offices? Are you confident that
this extra office will resolve these long-standing problems with
security organization, policy, and oversight? Are you at all concerned
that this additional office will simply complicate an already too-
complicated structure?
Ms. Miller. First and foremost, it is important to clarify that NA-
00 is not actually an additional layer or office. It is the combination
of all NNSA Site Offices into a single operational entity. So, rather
than have eight independent operational level entities, each
establishing standards and procedures and setting expectations locally,
the NA-00 organization will fulfill those functions on an enterprise
basis. The Office of Infrastructure and Operations (NA-00), with
enterprise operational responsibilities will drive consistent
implementation of requirements across the Nuclear Security Enterprise.
Specifically, NA-00 will:
ensure consistent implementation of security policies
while allowing for purposeful differences;
deliver high quality engaged and active oversight of
security operations;
provide operational assistance between field offices; and
serve as a conduit for operational concerns to the
Defense Nuclear Security staff.
Establishment of NA-00 will allow the Office of Defense Nuclear
Security (NA-70) to focus on policy development, strategic planning,
and perform independent assessments of security activities. Yes, I am
confident that this new organization structure will resolve the long-
standing problems with security organization, policy, and oversight
No, I do not believe this new organizational structure will cause
any confusion. These organizational changes will result in clearer
roles, responsibilities, and authorities.
Mr. Rogers. Acting Administrator Miller, nearly every external
review in the past decade has indicated serious problems with the
security culture at NNSA and DOE. Culture changes are extremely
difficult and often take a long time-what immediate-term actions should
we be taking to begin this needed culture shift? What is your long-term
plan to instill a new security culture? What is your plan to attract
the kinds of experts and knowledge-base that are needed to perform
effective oversight?
Ms. Miller. Please see the Deputy Secretary's answer to question
#18. [See page 133.]
______
QUESTIONS SUBMITTED BY MR. COOPER
Mr. Cooper. General Alston, do NNSA contractors have too little
independent oversight, or too much?
General Alston. There was poor quality oversight of the contractor
providing security at Y-12. The ``eyes on, hands off'' signal from the
HQ, together with insufficient and inadequate performance-based
assessments contributed to poor oversight conditions. Other sites'
security operations, however, performed satisfactorily, in spite of
`hands off' atmospherics. The quality of the oversight is one several
key ingredients to effective performance.
Mr. Cooper. Do you believe that the incident is the result of
overly burdensome security requirements, as some have claimed?
General Alston. I saw no evidence to substantiate overly burdensome
security requirements as causal or even contributing to the incident.
The NNSA ``eyes on, hands off'' signal contributed to a lack of
sufficient oversight that empowered too much local discretion at Y12
that resulted in additional and unjustifiable mission risk.
Mr. Cooper. What should be done at the contract level to increase
accountability and liability for failures? Should the government be
able to seek damages for non-performance? Should criminal liability be
an option?
General Alston. I don't feel qualified to comment on or suggest
specific contracting options to ensure proper security performance
because the duration of the project was short and the direction from
the Secretary of Energy did not lead me in that direction. I personally
wouldn't prefer to secure nuclear materials with contractors. But if
DOE and NNSA continue to purchase protective services, governance
requirements and accountability needs to be squared away with the
government overseers first.
Mr. Cooper. General Finan, do you think that NNSA has gone too far
in delegating responsibility for making security decisions to its
contractors?
General Finan. Yes, in some cases. There was no clear policy
guidance on what could be delegated or how the delegations would be
implemented. NAP- 70.2, Physical Protection, has allowed for varied
interpretations of what can and cannot be delegated. There was no
standardized process for the delegation of CSA from the Chief of
Defense Nuclear Security to the Federal security managers. Further
delegation of CSA to the security contractor was inconsistently
exercised and in some cases inappropriate. As a result, the contractor
was sometimes allowed to approve security plans and procedures without
effective Federal oversight or approval.
Mr. Cooper. General Finan, do NNSA contractors have too little
independent oversight, or too much?
General Finan. NNSA contractors do not have the right kind of
oversight. Much of the ``burden'' of oversight is caused by excessive
paperwork associated with evaluating compliance. The current security
assessment process in NNSA is paper-based and is heavily dependent on
field office and contractor reporting. Large volumes of paperwork are
generated each quarter in which it is nearly impossible to discern
trends or significant deficiencies.
In the area of security, oversight must be about performance.
Therefore, oversight should see actual performance in the form of real
world activity or exercises. Some paperwork should be reviewed, such as
training records, but that paper work should already exist and not be
generated solely for the purpose of outside oversight. Specific
standards against which security operations are to perform and the
criteria by which they will be evaluated must be codified. This will
ensure security contractors know what is expected and how they will be
evaluated. By eliminating paperwork generated solely for the purpose of
oversight and adhering to a known set of standards and criteria,
security oversight should not be burdensome.
Mr. Cooper. Do you believe that the incident is the result of
overly burdensome security requirements, as some have claimed?
General Finan. No. A lack of clearly defined security requirements
contributed to the incident. There is no clearly established
requirements-driven baseline to govern the implementation of the NNSA
security program. Rather, the NA-70 approach deliberately departed from
key DOE Security Orders and established a less restrictive security
policy framework through the NAPs without resolving the different
performance measurement expectations between the two policies. The lack
of clearly defined performance requirements resulted in inconsistent
and incomplete security program implementation. A performance baseline,
set forth in detailed standards and criteria, is the keystone of an
effective security program. Precisely articulated standards and
criteria further provide an objective foundation for performance
assessment. Currently, NNSA does not have the standards or criteria
necessary to effectively measure security program performance. The Task
Force noted that the lack of standards and criteria has been coupled
with the widespread notion that contractors must only be told ``what''
the mission is, not ``how'' the mission is to be accomplished.
Therefore, security tasks are not necessarily performed in a manner
consistent with NNSA security requirements.
We should also resist the notion that strong performance-based
standards and criteria and an equally strong insistence on stringent
performance assessment and oversight inherently constitutes an
excessive burden on contractors and the field. Part of the cultural
challenge lies in overcoming the tendency on the part of contractors
and their field level federal counterparts to assert that their local
priorities and perspectives must take precedence over comprehensive and
coherent, centrally-driven security program direction. A good system
must take into account special local circumstances. However, NNSA's
longstanding tradition has been the assertion that ``the field always
knows best,'' and that Headquarters should simply stay out of their
business. Upon close examination, many complaints about ``excessively
burdensome HQ security oversight'' are revealed as exercises in ``turf
protection''.
Mr. Cooper. What should be done at the contract level to increase
accountability and liability for failures? Should the government be
able to seek damages for non-performance? Should criminal liability be
an option?
General Finan. This is largely an issue for contracting. It is
important that responsibilities and authorities are properly aligned.
Each organization needs to have clearly defined responsibilities. With
each of these responsibilities, the appropriate authority must be
accorded. With responsibility and authority in alignment, individual
and organizational accountability is established.
Mr. Cooper. Mr. Friedman, do you think that NNSA has gone too far
in delegating responsibility for making security decisions to its
contractors?
Mr. Friedman. Given the structure of NNSA (specifically, the number
of contractor versus Federal personnel), extensive responsibility for
security decisions has been delegated to contractors. This having been
said, we found that Federal oversight of the contractors and their
security decisions was inadequate. At Y-12 the lack of local Federal
involvement in technical security issues and NNSA's ``eyes on, hands
off'' policy were troubling, suggesting to us that the relationship
between contractor responsibility and Federal responsibility for site
security was out of balance.
Mr. Cooper. Mr. Friedman, do NNSA contractors have too little
independent oversight, or too much?
Mr. Friedman. In my opinion, NNSA contractors have too little
independent oversight. Local Federal oversight had employed an ``eyes
on, hands off'' approach, with limited independent performance testing/
assessment. In recent years the number and scope of reviews by HSS has
also been reduced.
Mr. Cooper. Do you believe that the incident is the result of
overly burdensome security requirements, as some have claimed?
Mr. Friedman. No. Our reviews of security across the complex have
not revealed examples of what we considered to be overly burdensome
security requirements. Rather, we found that the incident at Y-12
resulted from multiple system failures on several levels. For example,
we identified troubling displays of ineptitude in responding to alarms,
failures to maintain critical security equipment, over-reliance on
compensatory measures, misunderstanding of security protocols, poor
communications, and weaknesses in contract and resource management. So-
called burdensome security requirements were not part of the sequence
of events at Y-12.
Mr. Cooper. What should be done at the contract level to increase
accountability and liability for failures? Should the government be
able to seek damages for non-performance? Should criminal liability be
an option?
Mr. Friedman. To increase accountability and liability for failures
at the contract level, performance measures should be added to each
contractor's Performance Evaluation Plan to incorporate security into
each mission element. Such action would hopefully prevent contractors
from earning full performance fees unless security is: (1) integrated
into day-to-day processes and, (2) found to be effective and efficient
by external reviewers. While the fee structure provides an incentive
for excellence in contractor performance in the security arena, the
NNSA/DOE should not be reluctant to terminate contracts for poor
performance. That may be an extreme measure for some, but when national
security interests are at stake, it is a step which needs to be
available to, and exercised by, Federal managers.
Mr. Cooper. Secretary Poneman, are lessons from the deficiencies in
security oversight being applied to safety oversight? How?
Mr. Poneman. Yes. Where we see opportunities for improvement
identified in our response to the Y-12 security incident which can also
be employed to improve our oversight of safety, we will seek to do so.
A fundamental failure in the Y-12 incident was the inadequate flow of
information about underlying security problems up through the
management chain. Under the leadership of the Office of Health, Safety
and Security (HSS), over the past year a number of independent
assessments have identified deficiencies in safety culture at several
DOE projects, sites and programs. We know now that we must do a better
job in creating an environment where employees at all levels feel
motivated to identify deficiencies in both safety and security, and
feel confident that they can bring those problems forward without
retaliation and to work with management to develop appropriate
solutions. This, too, is a very high priority for our leadership team.
Mr. Cooper. Secretary Poneman, what was the cost of overtime to
avoid delays due to Y-12 being shut down?
Mr. Poneman. Following the security incident in July 2012,
operations activities at Y-12 were shut down from July 30 to August 14,
2012, for a total of 10 days. This shutdown impacted a number of
operations activities, including Category 1 and 2 Special Nuclear
Materials Operations. Restart of these activities were phased back in
on August 15, 2012; overtime costs of about $34,000 were incurred in
order to get the work back on schedule.
Mr. Cooper. Secretary Poneman, B&W got nearly 60% of its award fee
in FY2012. The security failure at Y-12 only cost them $12 million in
un-earned fee. [Question #42, for cross-reference.]
What should be done at the contract level to increase
accountability and liability for failures? Should the government be
able to seek damages for non-performance and be able to impose fines?
Should criminal liability be an option to improve the
incentives for performance and the contractor culture?
Other than docking Babcock & Wilcox's award fee for
security, is NNSA attempting to get back part of the more than $150
million that was spent on security, given non performance?
Mr. Poneman. The contract, along with existing Federal and DOE
Acquisition Regulations, have sufficient terms and conditions to hold
contractors accountable and liable for performance failures.
Additionally, given the unprecedented nature of this failure, the
Department is reviewing our existing regulatory authorities to
determine if these need to be expanded to cover the security of special
nuclear materials.
The Department possesses statutory and regulatory authority to
impose civil penalties. In addition, I believe adequate and sufficient
criminal laws are already in place. Federal criminal law involving
fraud, conflict of interest, bribery or gratuity violations and false
claims are currently applicable, as appropriate, to contractors. In
addition, contractors must ensure that no false, fictitious, or
fraudulent statements are made to a Federal agency under 18 U.S.C.
Sec. 1001.
The Department is in the process of reviewing the matter and will
enforce its rights under the contract to hold Babcock & Wilcox Y12
accountable for its deficient work, including withholding payment of
costs if appropriate.
Mr. Cooper. Secretary Poneman, nearly every external review in the
past decade has indicated serious problems with the security culture at
NNSA and DOE. Culture changes are extremely difficult and often take a
long time--what immediate-term actions should we be taking to begin
this needed culture shift?
What is your long-term plan to instill a new security
culture?
What is your plan to attract the kinds of experts and
knowledge-base that are needed to perform effective oversight?
Mr. Poneman. Please see Deputy Secretary Poneman's response to
question 18 for an answer to the first bullet. [See page 133.] The
answer to the second bullet is provided by Deputy Secretary Poneman's
response to question 19. [See pages 133-134.]
Mr. Cooper. Secretary Poneman, how are you ensuring that Federal
oversight performs site vulnerability analyses that look at the
systemic impact and the broader implications of individual security
decisions? [Question #46, for cross-reference.]
Mr. Poneman. The current vulnerability analysis (VA) process is
driven at the site level. While this ensures results that are highly
tailored to individual site-specific parameters, it can also produce
widely divergent approaches to security across the NNSA.
This issue was recognized in General Finan's Report ``Assessment of
NNSA Federal Organization and Oversight of Security Operations.'' The
report was the main driver for the establishment of the Office of
Security Operations (NA-00-30) within the larger NA-00 Office of the
Associate Administrator for Infrastructure and Operations. Consistent
with the recommendations of the Finan Report, NA-00-30 will be the
centralized security function for NNSA that ensures line management
authority, responsibility, and accountability for the security program
within the NNSA.
In its role as the centralized security function, NA-00-30 will
establish a new centralized VA process that employs a core team of VA
experts teamed with site subject matter experts to produce site-
specific analyses while gaining consistency across the Enterprise,
identifying systemic issues and broader implications, and ensuring
greater transparency and justification for Field Security (FS-20)
budget requests.
Mr. Cooper. Acting Administrator Miller, are lessons from the
deficiencies in security oversight being applied to safety oversight?
How?
Ms. Miller. Yes. Lessons learned from the Y12 security incident are
being applied to safety oversight. The organizational changes and
revised oversight approach for security are also being implemented for
safety. In addition, NNSA is working aggressively to evaluate and
improve its safety culture across all sites. Although this effort began
before the Y12 event, strengthening NNSA's safety conscious work
environment will help ensure contractor and Federal personnel are
encouraged and motivated to identify and seek resolution of safety
issues and to raise these issues up through the management chain. One
of the more significant lessons learned in the Y-12 incident was that
known, significant issues with security were not being raised from
subject matter experts up through the NNSA management chain.
Mr. Cooper. Acting Administrator Miller, what was the cost of
overtime to avoid delays due to Y-12 being shut down?
Ms. Miller. Following the security incident in July 2012,
operations activities at Y-12 were shut down from July 30 to August 14,
2012, for a total of 10 days. This shutdown impacted a number of
operations activities, including Category 1 and 2 Special Nuclear
Materials Operations. Restart of these activities were phased back in
on August 15, 2012; overtime costs of about $34,000 were incurred in
order to get the work back on schedule.
Mr. Cooper. Acting Administrator Miller, B&W got nearly 60% of its
award fee in FY2012. The security failure at Y-12 only cost them $12
million in un-earned fee.
What should be done at the contract level to increase
accountability and liability for failures? Should the government be
able to seek damages for non-performance and be able to impose fines?
Should criminal liability be an option to improve the
incentives for performance and the contractor culture?
Other than docking Babcock & Wilcox's award fee for
security, is NNSA attempting to get back part of the more than $150
million that was spent on security, given non-performance?
Ms. Miller. Please see Deputy Secretary Poneman's response to
question 42. [See page 141.]
Mr. Cooper. Acting Administrator Miller, nearly every external
review in the past decade has indicated serious problems with the
security culture at NNSA and DOE. Culture changes are extremely
difficult and often take a long time--what immediate-term actions
should we be taking to begin this needed culture shift?
What is your long-term plan to instill a new security
culture?
What is your plan to attract the kinds of experts and
knowledge-base that are needed to perform effective oversight?
Ms. Miller. For response to the first part of the question on
security culture, please see response to question 18. [See page 133.]
In addition to our overall efforts to improve the NNSA performance
culture, we are taking additional actions to specifically address
security. We have recruited new leaders for both the Office of Defense
Nuclear Security (NA-70) and the office of security within the Office
of Infrastructure and Operations (NA-00). Those leaders come to us from
outside the Department of Energy and bring vast and varied sets of
skills and experience from their careers in the Department of Defense
nuclear community.
Besides the infusion of new leadership, we are encouraging a
questioning attitude from the people that perform the work day-to-day
at the sites. While it is easy to fall into routines that contribute to
the effect of not being able to see the forest for the trees,
encouraging employees to question the status quo also promotes
ownership and understanding of the security processes.
Another thing we plan to incorporate into the NA-00 performance
assurance process is the use of security professionals from across the
complex to augment our assessments. This provides several advantages;
it allows security professionals from other sites to participate in the
evaluation process removing the mystique, takes advantage of and
recognizes the professionals at the other sites, and encourages the
sharing of best practices. All of these contribute to instilling a new
security culture.
Additionally, NA-70 will focus on policy development, strategic
planning, and performance assessments of field activities.
Using small assessment teams of security experts with minimal
advanced notice to the sites, NA-70 will assess security readiness,
operations and program implementation of both the Federal and
contractor security elements. These assessments will be short in
duration but repetitive throughout the year.
This new assessment approach will require additional oversight
personnel. NA-70 is working to recruit additional Federal senior
security specialists. These individuals will augment the current
Federal senior security specialists to allow for the execution of a
rigorous assessment program.
We are working with our Human Capital community in an effort to
target recruitment of oversight personnel toward communities that are
rich in the basic skill sets germane to the mission. Specifically, we
are looking to tap into the pool of resources which have previously
served an oversight and/or assessment role in support of the National
nuclear security mission.
Mr. Cooper. Acting Administrator Miller, how are you ensuring that
Federal oversight performs site vulnerability analyses that look at the
systemic impact and the broader implications of individual security
decisions?
Ms. Miller. Please see Deputy Secretary Poneman's response to
question 46. [See page 141.]
�