POGO Letter to DOE Secretary Samuel Bodman regarding need for independent oversight of the nuclear weapons complex

The Honorable Samuel W. Bodman

Secretary

U.S. Department of Energy

1000 Independence Avenue, SW

Washington, DC 20585

Via Facsimile: (202) 586-4403

Hard copy to follow

Dear Secretary Bodman:

As you know, the Project On Government Oversight (POGO) has long been concerned about security in the nuclear weapons complex. Cyber-security at the Los Alamos National Laboratory (LANL), in particular, is an embarrassment. It has become impossible to excuse or explain the continuing security breaches:

• In the Jessica Quintana case, the young employee of a sub-contractor had been left alone in a Sensitive Compartmented Information Facility with a monitor equipped with ports and thumb drives, and hundreds of pages of classified documents were later discovered during a methamphetamine drug bust at her home.
• Los Alamos National Security official Harold Smith, a former long-time senior LANL employee with top clearance, emailed sensitive classified documents from an unsecured laptop.
• Several weeks ago, another cleared LANL employee sent a classified email to an uncleared employee using the unclassified yellow network.

Security debacles just keep happening. (I have attached a list of some of those security incidents at LANL over the last few years.) They will continue to happen because the punishments meted out usually amount to a slap on the wrist and provide no deterrence to future violations. For example, in Harold Smith's case, I understand he only received a letter of reprimand in his file. In the Quintana case, University of California (UC) refused to pay the $3 million fine the Department of Energy (DOE) finally levied for the incident. UC claimed the 11th Amendment to the Constitution prohibited the federal government from fining the institution, a bizarre and fallacious claim. When challenged by House Energy and Commerce Committee Chairman John Dingell and Subcommittee Chairman Bart Stupak, UC backed down, claiming their lawyers made a mistake.

The lack of punishment for those who deserve it stands in stark contrast to the treatment of employees who attempt to address security breaches, usually to the embarrassment of the contractor. Those conscientious employees are almost always punished. POGO has numerous examples of DOE whistleblowers being put on administrative leave for months, losing their clearances, or being demoted for trying to protect national security.

There are two fundamental reasons why LANL continues to flail under your watch. First, is the relatively new policy DOE has implemented at Los Alamos that allows the contractor to investigate itself when there is a security breach or safety violation. This is so clearly a conflict of interest, it shouldn't require explanation. Yet we will provide one: The institution investigating itself will minimize the problem in order to limit any possible damage and embarrassment. Tasking the contractor with investigating itself in cases of security failures is not working.

The second reason is that Title 32 of the National Nuclear Security Administration Act seriously limits the Office of Independent Oversight's access to NNSA sites. Because of the NNSA Act, those investigators from DOE headquarters must wait for an invitation from NNSA before they are allowed to investigate an incident. POGO respectfully requests that you reinstate the policy of immediately deploying your Independent Oversight officials to independently investigate security incidents at nuclear weapons facilities, particularly LANL.

The policy change is urgently needed in light of the chaos and the incompetence at the DOE's Los Alamos Site Office (LASO). A draft NNSA evaluation report on LASO, "Headquarters Biennial Review of Site Nuclear Safety Performance Los Alamos Site Office" found that the office only met expectations for four out of fourteen nuclear safety oversight and assessment processes. The report (attached) found the office needed "continued improvement in most functional areas," had "significant gaps in meeting NNSA requirements" in multiple areas, and that there were "significant weaknesses in the LASO capability to accomplish its mission." To put it bluntly, DOE's local oversight function is foundering.

You shouldn't be shocked by this finding. In 2004, NNSA formed a commission chaired by retired Admiral Hank Chiles to "develop recommendations for recruiting and retaining sufficient security experts to effectively oversee safeguards and security in the NNSA complex in the long term." The commission found that the site offices did not have the capability to oversee the contractors.

You will never learn the facts about the actual state of security in the nuclear weapons complex, and in particular at LANL, without the benefit of independent oversight. You have the power to unleash that independent oversight: under 42 U.S.C. § 7144, you can direct the Office of Independent Oversight, and/or request that the Inspector General, conduct a comprehensive investigation of the ongoing cyber-security problems at LANL. Until now, investigations have been limited in scope to particular incidents. A comprehensive, independent investigation will be your only avenue to address the stubborn unwillingness by the contractor to implement recommended solutions and to hold people accountable. The time for action has long passed, and we sincerely hope you use the tools at your disposal to fix this problem.

Sincerely,

Danielle Brian

Executive Director

cc:

Deputy Secretary Clay Sell

NNSA Administrator Tom D'Agostino

NNSA Principal Deputy Administrator Bill Ostendorff

House Energy & Commerce Committee Chairman John Dingell

House Energy & Commerce Committee Ranking Member Joe Barton

House Oversight & Investigations Subcommittee Chairman Bart Stupak

House Oversight & Investigations Subcommittee Ranking Member Ed Whitfield

Attachment: A List of Some Los Alamos Security Incidents

LASO draft evaluation report

A List of Some Los Alamos Security Incidents

July 2007 – Los Alamos lab worker with "highest possible security clearance," and with access to the sensitive TA-55 plutonium building, arrested in cocaine drug bust. SOURCE: KRQE

June 2007 – Los Alamos board member sends highly classified email message unsecured, comprising "the most serious breach of U.S. national security." SOURCE: Time Magazine

May/June 2007 – Los Alamos staffer takes lab laptop containing "government documents of a sensitive nature" with him on vacation to Ireland, where it is stolen. Los Alamos scientist sends highly classified email over unclassified networks to the Nevada Test Site. SOURCE: Newsweek

October 2006 – Classified information from Los Alamos found during methamphetamine drug raid. SOURCE: POGO

June 2006 – NNSA Administrator Linton Brooks informs Congress that computer hackers obtained access to detailed personal information, including Social Security numbers, for about 1,500 DOE contract workers in September 2005. Yet neither the workers whose personal information was compromised, nor the DOE's cyber-security head were notified about the incident. SOURCE: Associated Press

July 2004 – POGO reports that 17 incidents of classified information from Los Alamos were sent over unclassified networks. On July 23, 2004, DOE shuts down operations involving Classified Removable Electronic Media (CREM) across the entire nuclear weapons complex. SOURCE: POGO

May 2004 – Classified computer media goes missing at Los Alamos. Lab claims it is "a single accounting discrepancy." SOURCE: POGO

December 2003 – Los Alamos confirms that computer disks were identified as lost during an "inventory of classified computer media." In total, ten disks were lost. SOURCE: POGO, LANL

January 2003 – A computer hard drive that contained classified data had been missing from Los Alamos since October 2002, but top officials at DOE failed to investigate the loss. On January 16, 2003, then-DOE Secretary Spencer Abraham issues statement saying: "I am deeply troubled that Los Alamos National Laboratory is unable to account for computer equipment and other materials as part of lab management's inventory control and audit program." SOURCE: POGO, DOE

November 2002 – Documents leaked to POGO show that more than 200 computers are missing, some from top secret programs. A January 2003 report by the DOE Inspector General later corroborates the findings, and scolds Los Alamos for firing the officers who wrote the memo. SOURCE: POGO, DOI Inspector General

January 2002 – Computer data containing nuclear weapons design information goes missing. LANL locates the missing disk. SOURCE: POGO

June 2000 – Two hard drives containing nuclear weapons secrets disappear at Los Alamos. They are mysteriously found several weeks later behind a copy machine with all finger and palm prints wiped off. SOURCE: LANL

March 1999 – Wen Ho Lee, a Los Alamos nuclear weapons scientist, is investigated by the FBI for allegedly downloading nuclear secrets onto his hard drive.