Misleading Test Results - And they Still Lose 50% of the Time Dumbed-down Security Tests"The. . .more serious concern pertains to the actual content and quality of the VAs [Vulnerability Analyses] that support the current SSSPs. This issue, which calls into question the very foundation of the risk calculations used throughout the Department, has received little attention from safeguards and security managers. It is this concern that forms the subject of this paper. . .
"There Are Significant Errors in the Database Supporting the JTS Combat Simulation Model. . . .In addition to the identified errors, a significant number of readily available weapons and munition types are not included in the database. . .
"Adversary Tactics Are Poorly Thought-Out. Observed adversary tactics used during JTS simulations and validation and verification force-on-force tests are frequently crude, and often do not rise to the level expected of troops who have completed basic infantry training. . .Personnel assigned to portray adversaries in modeling and performance testing are generally given only a few days to prepare tactical plans. A special problem with JTS simulations is that, generally, one computer operator is assigned to control the entire adversary team, while three (sometimes more) operators are employed to represent the protective force. This leads to situations where one adversary element is well managed in the simulation, while other elements are neglected and relatively ineffective. . .
"Currently, no one in DOE outside of the Office of Safeguards and Security Evaluations [of the Office of Independent Oversight] appears to have a consistent interest in either cultivating the adversary mind-set or an understanding of adversary capabilities." [Emphasis added] (Appendix I)
This document clearly articulates the grave concerns of the DOE Independent Oversight Office regarding the inadequacies of the simulation and exercise test system used by DOE, and its inability to accurately predict security capability or status.
There is virtually no surprise in a force-on-force test. Once the protective force is outfitted with the Multiple Integrated Laser Engagement System (MILES) weapons laser-simulation equipment, they know the attack will take place within an hour or two. The specific location of the attack is always tipped off by the controllers and the observers during the "safety walk down." A walk down is performed across the whole area where a battle will be simulated to ensure no obstacles or other land variations would trip or otherwise injure the protective forces during the exercise - obviously not creating a realistic scenario. This is far more than leaning forward in the foxhole.
Another indicator of the artificiality of force-on-force' are the baffling reactions of the protective forces during the tests. For example, in the force-on-force test at Rocky Flats in 1998, 1999 and again in 2000, the protective force "indiscriminately shot" scientists, controlling referees in orange vests, and each other as they were exiting the building in response to the alarm.
"Two Multiple Integrated Laser Engagement System (MILES) enhanced exercises were observed where protective force members 'killed' building evacuees, controllers wearing orange safety vests, and each other. During the critique conducted immediately after the exercise, protective force and other site management personnel failed to raise concerns related to the inappropriate use of deadly force. In fact, no critical observations were surfaced by management at the critique. . .In law enforcement training environments, the typical 'penalty' for killing a 'friendly' is failure of the test. At RF [Rocky Flats], there are currently no negative consequences for the inappropriate use of deadly force. In fact, if the adversaries are 'killed' in the process, the result is actually a win from the site’s current perspective. This situation is unacceptable and must be addressed immediately." (Appendix C)
This obviously is not a realistic demonstration of how the protective forces would react to a terrorist attack, making the force-on-force test next to useless. DOE Headquarters had already warned Rocky Flats about this inappropriate use of deadly force.
During the March 2000 force-on-force drill, extreme restrictions were placed on the adversaries by Rocky Flats management. The commando adversary team was prohibited from using their own radios and "could not effectively communicate." In addition, the commandoes were not even allowed to drive around a road block "simulated by a PF [protective force] vehicle being parked on the side of the road and a traffic cone placed in the center of the road," which led to the facility. To suggest terrorists would not drive around a car and traffic cone to reach their target stretches reasonable expectations. (Appendix C)
In a force-on-force test at Los Alamos in October 2000, a convoy of protective forces responding to an attack at another site hit a "minefield." Despite the fact that the first vehicle hit a mine and would have been destroyed, the other vehicles continued on through the minefield. Military doctrine and common sense clearly calls for a convoy to stop when hitting a minefield. Los Alamos management's response was that they didn't have time to stop. (Appendix A)
Overstatement of Protective Force Combat Effectiveness
A recent force-on-force test illustrates the problem of combat ineffectiveness. In a memo to then-Energy Secretary Richardson his Special Assistant Peter Stockton wrote, "[D]espite the absolutely critical requirement for "denial" [not allowing an adversary in a building]. . .denial failed." It is clear that if denial were to fail in a real attack, such a facility cannot be recaptured because of the extraordinary percentage of protective forces killed in the initial skirmish. Military doctrine dictates when losses exceed 20%, forces become combat ineffective due to loss of command and communications and basic squad-sized tactics deficiencies. In this force-on-force test, the site lost 50% of their protective force in the initial attack - with eight dead on the doorstep of the facility. At this point, according to combat veterans, there would likely be no further offensive action to recapture the facility by the protective force. In a number of force-on-force scenarios developed by DOE, even when the protective force is successful in repelling an attack, they lose up to 80-95% of the force. This is simply unrealistic. Los Alamos security officials admit this is a problem, but they claim they have unusually brave people. Real bullets may make a difference in their calculation. As an Army Special Forces Commander wrote:
"As a unit sustains casualties (dead or wounded) elements of the fire and maneuver schemes or 'close quarter battle' drills begin to come apart. . . .[I]f casualties are high (in excess of 10%) qualified replacements become increasingly problematic and command and control begins to be lost. Units are normally considered "combat ineffective" and are rotated off the line when they have sustained 15-20% casualties. At this point maneuver, fire rates, communications and command and control can no longer be relied on to support the mission. Continuation would be expected to result in unnecessary and increasingly high casualties with little expectation of success." (Appendix A)
The clear solution is to shut down sites that can't be protected; if they have a critical mission, move sensitive materials to a site that can be protected.
Simple "access denial systems" are available to the U.S. government which would delay terrorist access to sensitive materials. These systems were developed by DOE and are currently deployed at DOD facilities but not at DOE.
Security analysts claim that Protective Forces are not robust in tactics, weaponry or numbers and result in a low probability of success - all of which results in force-on-force failures in more than 50% of the tests. (Appendix DD) Even with improved tactics and weaponry, the protective force at the 10 critical fixed DOE sites are still at half the manpower level deployed in 1992.
Naturally, safety is a constant concern for all DOE employees. However, the same safety standards that apply to an office worker also apply to the protective force. Because of this universal application of safety standards the protective forces are encouraged not to, and in many cases prohibited from, engaging in any activity that could possibly result in any injury. All this contributes to a protective force unable and unwilling to respond when they are most needed.
Security Oversight - A Weak Record
In Congressional testimony, DOE has led the public to believe that its security at these sites is a well-oiled machine, and there is nothing to worry about. After all, they argue the government has been building bombs at these sites for 60 years, and no one has attacked them yet. Given the recent tragedies in New York and Washington, DC, this argument falls flat. In fact, they are one-eyed toothless watchdogs. Each level of oversight fails for varying reasons: conflict of interest, protection of the contractor, embarrassment, protection of the program, political sensitivities, and bureaucratic survival. The following is an analysis up the chain of command of this "redundant" security oversight apparatus:
Up the Security Chain of Command
"[T]he OIG found that 8 of the 28 LANL Security Operations Division personnel interviewed (approximately 30 percent) who had conducted self-assessments believed they had been pressured to change or "mitigate" security self-assessments. Several of these individuals said LANL management appeared to be more concerned about making LANL and the Security Operations Division "look good" than reporting the actual security conditions at LANL. The OIG was informed of two instances where LANL management became so upset with issues raised by the initially assigned reviewers, that management reassigned other reviewers who subsequently determined that there were no issues to be raised and that the organizations were satisfactory." (Appendix U)
The IG also found that Los Alamos National Lab (LANL) had been paid by the government for self-assessments that were not done: "In addition to finding that some self-assessments were not conducted, the OIG also found an instance where a self-assessment report was written without a self-assessment review being conducted." (Appendix U)
'During the 1998 Albuquerque Security Survey at LANL, Albuquerque management upgraded several topic area survey ratings, and most importantly, the overall composite rating. . . During our inspection we noted that the 1997 and some 1998 Albuquerque Security Survey work papers were destroyed . . . As a result, there was no complete record to show how the survey teams developed the ratings." (Appendix U)
In addition, the IG reported that during the same 1998 annual survey, a force-on-force exercise was reported to have been compromised - or rigged. One of the force-on-force mock terrorists reported the compromise, as well as his concerns regarding the Protective Force response, to the Albuquerque Field Office. According to the IG, "Albuquerque [Field Office] management did not fully assess concerns" about the incident, yet that office boldly stated "there was no evidence of 'cheating' and that 'the losers always complain that the winner cheated.'" The IG reported:
". . . [H]ad the compromise of the force-on-force exercise been included in the 1998 Albuquerque Security Survey report, the composite rating would have been 'unsatisfactory'. Instead LANL was given a 'marginal' rating." (Appendix U)
The Inspector General chart in Appendix C reveals the changes made by the Field Operations Office management from ratings of '"nsatisfactory'" to ratings of "marginal" or "satisfactory".
The draft GAO table in Appendix EE page 11, shows the conflicts between the security ratings given by the Office of Independent Oversight (referred to in chart as OSSE), DOE Field Operations Offices, contractor performance evaluations, and the final reports to the President.
National Nuclear Security Administration"I am gravely concerned about recent proposals to elevate the Department's dysfunctional weapons bureaucracy to the status of an almost completely autonomous agency. . .We are concerned that the same bureaucrats, who have refused to implement President Clinton's recent security order and who resisted reform efforts by both the Bush and Clinton Administrations, would be running this agency, with even greater latitude and far less oversight than is currently in place. Allowing these proposals to become law would be tantamount to using gasoline to extinguish a fire. . .This would indeed be a remarkable act of political jujitsu where the very institutions responsible for the security problems at DOE would emerge from scandal not merely intact, but even more powerful and autonomous than before." (Emphasis added) (Appendix S)
As it has turned out, the Congress has already realized they simply created another unwieldy bureaucracy. In the FY2002 House Appropriations Report, it was observed that, "Congress assumed that creation of the NNSA would lead to efficiencies and streamlined management. However, the result has been an increase in staff at Headquarters and in the field." (Appendix HH)
Lack of Congressional Oversight
Rewards and Punishment Turned On Its Head
Promotions for Security Failures
Whenever a security crisis occurs at DOE, the Secretary usually assures the Congress and the press that the responsible officials will be held accountable. It virtually never happens. As the Rudman report points out, "the lack of accountability . . . has become endemic throughout the entire Department." 19 On the other hand, if someone internally raises an issue about security, they are always retaliated against and find themselves without any further security responsibilities. In other words, the reward and punishment system is turned on its head.
For example, Dr. John Browne, the lab director at Los Alamos, was in charge during the Wen Ho Lee case, the hard drive debacle and the force-on-force in October 2000 that would have led to a nuclear detonation. He is still the lab director. Steve Younger, the head of the X Division at Los Alamos where these debacles took place remained in his job, until appointed by President Bush to become the head of the Pentagon's Defense Threat Reduction Agency. The security director at Los Alamos, Stan Busbaum, is still in his job.
Rocky Flats, which is operated by contractor Kaiser-Hill, had severe security problems in the 1996-98 time frame and again in 1999. In 1997, outgoing Secretary of Energy Hazel O'Leary became a paid Director of Kaiser and outgoing DOE Assistant Secretary for Environmental Management (overseeing Rocky Flats) Tom Grumbly became Senior Vice President for Kaiser. The current DOE Undersecretary Robert Card was President and CEO of the Kaiser-Hill Company. The DOE Manager of the Rocky Flats Field Office from 1996 to 1999, Jessie Roberson, is now the DOE Assistant Secretary for Environmental Management.
The head of the DOE Office of Security Affairs, Joe Mahaley, who was responsible for security at all the sites, and whose office was involved in many of the following retaliations, was promoted to becoming the new security czar.
"In every investigation concerning problems at the DOE weapons facilities and laboratories, the individuals responsible for the operation of defense programs consistently and repeatedly denied the problems, punished the whistle blowers, and covered up the problems to their superiors and Congress." Representative John D. Dingell (D-MI) (Appendix S)
Retaliation at DOE does not necessarily entail attempting to fire federal employees. In the majority of cases in the security area, DOE supervisors attempt to revoke the whistleblower's clearance on trumped-up charges. Then they remove them from any responsibility for oversight of security. On the other hand, contractors often lose their contracts, or their jobs, for blowing the whistle. The frequency of retaliation against nuclear security whistleblowers reached such a crescendo, that in 1999 then-Secretary Richardson sent a memorandum to all DOE and contract employees stating: "Management must also create and foster a work environment that allows free and open expression of security concerns, where workers fear no reprisals or retaliation." (Appendix JJ)
Over the last three years, in the face of Richardson's "zero-tolerance" of retaliation against security whistleblowers, DOE still succeeded in eliminating all of the whistleblowers, or "speed bumps" in the road, as one federal official put it. In fact, months after this "zero-tolerance" policy was in effect, when the DOE Inspector General was investigating security failures at Los Alamos, "a number of individuals requested confidentiality. They indicated they feared retaliation for disclosing information to the Office of Inspector General." (Appendix U) Currently, there are few DOE employees left in the bureaucracy with the knowledge or willingness to risk the damage to their careers to raise concerns about the lack of security. Retaliation against whistleblowers has been a clear object lesson to the rest of the bureaucracy.
Going back to the early 1980's, there has been a pattern of retaliation against federal and contractor employees who raise issues about security problems. For example:
"Throughout the past decade, this former Green Beret officer attempted numerous times to alert the Administration to grievous lapses in security which left our nation's nuclear facilities vulnerable to foreign espionage and terrorist attack. Officials at the highest levels, including three Secretaries of Energy and White House personnel, consistently ignored Lt. Col. McCallum's warnings, placing our national security in jeopardy. . .Lt. Col. McCallum deserves accolades for what he did to protect our national security - not the continued destruction of his reputation and career." (Appendix FF) McCallum took a job at the Pentagon, and is no longer working on security issues at DOE.
"one support services contractor believed that an OSS [Office of Safeguards and Security] program manager threatened him with a reduction in contract activity for his role in supporting the SSSP QA [quality assurance] process and for assisting the [Secretary Richardson's] special assistant. The contractor said that he did not receive any contract work in the area of field assistance after the alleged threat was made, and that he viewed the elimination of his field assistance activities as retaliation." (Appendix MM)
The IG concluded that because he did not seek to file a formal whistleblower retaliation complaint and that he continued to receive contracts from the DOE security czar, he had not suffered retaliation. As soon as DOE security czar General Habiger left however, he lost all DOE Headquarters contracts. (Appendix MM)
As Admiral Rickover once warned, "You can sin against God, and God will forgive you - if you sin against the bureaucracy, they will never forgive you!" This old adage certainly describes the culture at DOE.
Budget
"[T]he annual report I wrote. . . said that we were about $150 million dollars underfunded, we've lost 42% of our protective forces and 50% of our SWAT capability. I said that at a time when we've increased our SNM holdings by 70 metric tons. It doesn't take a brain surgeon to figure this one out." Edward McCallum, Director of Safeguards and Security, DOE (Appendix O)
The security budget competes with the far more politically popular issues in the weapons programs such as stockpile stewardship and weapons research, that command far more Congressional interest. As a result, security ends up as a poor stepchild. For example, during the battle over relocating TA-18 at Los Alamos, the Acting Deputy Administrator for Defense Programs (the predecessor to NNSA) General Thomas Gioconda stated, "Defense Programs' limited capital funding is already allocated to higher priority Stockpile Stewardship projects." (Appendix V, Appendix V part 2, Appendix V part 3)
The former Director of DOE's Office of Safeguards and Security stated, "since 1992, the number of protective forces at DOE sites nationwide has decreased by almost 40% (from 5,640 to the current number of approximately 3,500), while the inventory of nuclear material has increased by more than 30%." At the same time, the total federal budget devoted to DOE security was cut by one-third. No one argues that the terrorist threat had been reduced, in fact, the intelligence community believes the threat is greater today than during the Cold War. (Appendix OO)
In the mid 1990's the cuts were so deep that several sites including Livermore had to disband their SWAT teams. Livermore then had to depend on the Alameda County Sheriffs Department for a SWAT team. The only problem was it took the Sheriff's SWAT team over an hour to mobilize and deploy a force to Livermore - long after a possible attack had taken place. Livermore found a way to overcome this response time problem. According to whistleblowers, in a 1995 force-on-force, the Army Special Forces adversaries found an Alameda County Sheriff's Department helicopter in the air and their SWAT team near the perimeter fence before the attack had started - was the site cheating? The Sheriff told DOE investigators he had been told by the site that prepositioning his forces was acceptable. He understood the test to be one of capability not of timing. Clearly both are important. In 1998, Livermore decided the situation was untenable, and took an additional two years to reconstitute and train a new SWAT team.
In 1999-2000, Secretary Richardson attempted to split the security budget out of the weapons program budget, putting it under the security czar. This was finally accomplished. However, it only lasted for a matter of months before the Congress put the security budget back under the new semi-autonomous National Nuclear Security Agency.
PROBLEMS / SOLUTIONS
PROBLEM: Nuclear Materials Are Spread Across the Country. Weapons-quantity special nuclear materials are stored at 10 fixed sites. This dispersion is a leftover from the Cold War, when there were many more missions for the various sites. Now, a number of sites have virtually no national security mission, however, they continue to store and try to protect tons of nuclear materials at great cost. DOE can not currently adequately protect this material, and security at each site unnecessarily increases redundancies and costs. However, DOE has resisted consolidation as it would threaten fiefdoms and potentially even lead to the closing down of facilities.
Shut down Idaho National Engineering Lab and the Argonne National Laboratory - West, as they have little or no national defense mission.
Shut down Hanford, as it has little or no national defense mission.
Combine Lawrence Livermore in California and Los Alamos National Labs at Los Alamos, NM - we don't need two redundant bomb design labs. Livermore is now in the middle of a highly populated community, yet large amounts of plutonium are stored there.
Combine Oak Ridge and Savannah River Facilities as both have significantly reduced missions of producing plutonium and fabricating uranium. Rather than repairing or replacing the decaying infrastructure at both sites, it would be more efficient to combine the two.
SOLUTION: Consolidate Nuclear Materials. Another solution to this problem would be to consolidate nuclear materials to fewer, more easily-protected sites. Not only would this save money, it would reduce the risk to the public. A plan by the DOE to consolidate nuclear materials at two sites that should have been operational by now, has been derailed by the bureaucracy. However, two of the most secure facilities in the world are already available. These two facilities would provide enough storage for the entire DOE weapons complex. One is underground in the middle of Kirtland Air Force Base in New Mexico (Kirtland Underground Munitions Storage Complex), and the other is a brand new (and totally unused) highly secure facility, the Device Assembly Facility, at the Nevada Test Site. For the past decade, DOE has been planning a national storage facility for PU at Savannah River and a storage facility for HEU at Oak Ridge. Both are bogged down in a bureaucratic morass with no end in sight.
SOLUTION: Immobilize Excess Nuclear Materials. There is a facility at Savannah River which could be used to meld excess nuclear materials with a radioactive barrier in glass. Once the materials have been immobilized or "vitrified", they would no longer be attractive to terrorists because it would be virtually impossible to reconstitute the immobilized SNM into weapons grade material.
PROBLEM: Bureaucracy Makes Security Tests Easier Rather than Fixing Problems. Without leadership and accountability, there are few incentives for the DOE bureaucracy to address problems. As a result, DOE portrays facilities as being secure and impervious to terrorists and spies when, in fact, they are not. This is largely achieved by sweeping undesirable messages and test results under the bureaucratic carpet and "dumbing down" the current system to hide embarrassing test failures. Ongoing publicized problems at such sites as Los Alamos and the Transportation Safeguards Division attest to this assertion.
SOLUTION: Improve Effectiveness of Protective Forces. Until disparate sites are consolidated, DOE should increase the size of its protective force and improve weaponry, tactics, and command, control, and communication to defend against both theft and radiological sabotage. One possibility would be to explore the option of moving the responsibility for protection of nuclear weapons quantities of special nuclear material to DOD military personnel. The military personnel should not be used for general site protection of classified information, personnel, or facilities, but only for the protection of SNM. Another possibility would be to explore whether TSD convoys of special nuclear materials should be supported by military personnel. A 1990 GAO report also suggested exploring the possibility of federalizing the protective forces at the sites similar to the protective force of the Transportation Security Division. In interviews the guards [protective force] themselves told GAO investigators, "a federal force would take security more seriously" and that they would "receive better training." (Appendix PP)
PROBLEM: Independence in Nuclear Security is Lacking. The recently Congressionally-created National Nuclear Security Administration (NNSA) exacerbates the problem by elevating the same people who have managed this debacle over the last three decades. As the Rudman report states, due to the "deeply rooted culture of low regard for and, at times, hostility to security issues. . .a reshuffling of offices and lines of accountability may be a necessary step toward meaningful reform, but it will almost certainly not be sufficient."21
SOLUTION: Take Security Management Out of DOE. POGO suggests exploring the option of setting up an independent agency to provide security from outside DOE entirely, and leave the many other duties of managing the nuclear weapons complex to the NNSA.
SOLUTION: Move the Independent Oversight Office Out of DOE. Make oversight of nuclear security independent from those charged with implementing security by making the DOE Office of Independent Oversight an Independent Nuclear Facilities Security Board that is independent of DOE. A model would be the Defense Nuclear Facilities Safety Board. This board would report directly to the Congress and be empowered to assess security in the nuclear complex.
PROBLEM: Computers Containing Nuclear Secrets Remain Vulnerable. It is virtually as easy today for a trusted "insider" to put weapons design information on a tape or disk and walk out the door as it was two years ago. All of our known spies have been insiders with the highest security clearances.
SOLUTION: Convert to Media-less Computing. The only way to stop an "insider" is to stop any media (disks, tapes, laptops, etc.) from coming in or out of priority classified areas. At each workstation, the scientist or engineer would only have a monitor, keyboard, and mouse, while the actual computer is locked in a vault. Access to any media would require a "two-man rule" where two people would have to sign-off on any copies.
PROBLEM: DOE Security Forces Cut by 40%. According to testimony from a high-level DOE official, "Since 1992, the number of Protective Forces at DOE sites nationwide has decreased by almost 40% (from 5,640 to the current number of approximately 3,500) while the inventory of nuclear material has increased by 30%." (Appendix OO) The increase has resulted from the dismantling of nuclear weapons and the receipt of nuclear materials from the Former Soviet Union. During the same period the threat of terrorism has increased.
SOLUTION: Consider Security Budgetary Needs Independently. Decouple nuclear security funding from scientific research and the nuclear weapons program. Security funding currently competes with scientific research funding from within the National Nuclear Security Administration nuclear weapons budget. Security is always fighting for the scraps after the more politically appealing and bureaucratically popular scientific research and weapons projects are funded.
Home I Archives I Expose I Search I Donations I Investigations I About Us I Contact Us I Press Room
Site Map I Web Overseer I Site Policies
---
© The Project On Government Oversight 2002
updated:
