Testimony of POGO's Danielle Brian, before the House Energy and Commerce Subcommittee on Oversight and Investigations

Summary of Testimony by Danielle Brian, Executive Director, Project On Government Oversight

before the House Energy and Commerce Subcommittee on Oversight and Investigations

The National Nuclear Security Administration (NNSA) was created to improve security – and in particular cyber-security – in the nuclear weapons complex. Despite the creation of this agency, security failures continue to plague the complex. Of primary concern has been Los Alamos.

Now, our nation’s secrets have been mishandled by Los Alamos – again. Not only has NNSA failed to correct security issues, but it has implemented a new pilot program in which oversight has been handed over to the contractor itself.

Secretary Bodman sent a strong message earlier this month when he asked NNSA Administrator Brooks to step down. But getting a new Administrator is not enough: There needs to be an upheaval in the current system of incentives.

First, there needs to be a renewed commitment to independent federal oversight from the Department of Energy. This means NNSA Headquarters needs to make it a priority to fund oversight, and to promote federal employees who are thorough in their oversight work.

Second, officials at NNSA or Los Alamos should be held accountable if the recommendations made by the DOE Inspector General or the Office of Health, Safety and Security are not implemented, or at least be forced to present a convincing argument to justify why they have not done so.

Third, the Performance Incentive Fee in the Los Alamos contract should be recalculated and equally weighted to reflect the equal importance of accomplishing the mission, ensuring security, and doing so safely. At the very least, DOE should cut the Performance Incentive Fee for the most recent security debacle at Los Alamos. DOE should also disallow costs associated with Los Alamos’ failure to perform adequately.

Fifth, Congress should audit the missions currently being conducted at Los Alamos, asking such questions as: Is the disparate nature of the Lab’s work making it harder to maintain excellence in safety and security? Is the science being conducted reflecting Congress’ sense of the most urgent priorities that could be tackled by these scientists?

And finally, DOE will be submitting a request for $150 billion to fund a wildly ambitious project to revamp the nuclear weapons complex, known as Complex 2030. Before funding this massive new project, Congress must have confidence in the mission, as well as in the security of the current complex and the safety of its workers.

Testimony of Danielle Brian, Executive Director,

Project On Government Oversight (POGO)

before the House Energy and Commerce Committee’s

Subcommittee on Oversight and Investigations

“Continuing Security Concerns at the Los Alamos National Laboratory”

January 30, 2007

Thank you for inviting me to testify today. I am Danielle Brian, Executive Director of the Project On Government Oversight (POGO), an independent nonprofit that investigates and exposes corruption and other misconduct in order to achieve a more accountable federal government. We have been investigating and exposing security failures in the nuclear weapons complex since 2001 and have issued three reports on the topic so far: The U.S. Nuclear Weapons Complex: Security at Risk in 2001, The U.S. Nuclear Weapons Complex: Homeland Security Opportunities in 2005, and The U.S. Nuclear Weapons Complex: Y-12 and Oak Ridge National Laboratory at High Risk in 2006.

After the Wen Ho Lee debacle of the late 1990s, a brand new, semi-autonomous National Nuclear Security Administration (NNSA) was created to improve security – and in particular cyber-security – in the nuclear weapons complex. Despite the creation of this agency, security failures continued to plague the complex. Of primary concern has been the Los Alamos National Laboratory. Many people, including those of us at POGO, believed the consistently poor performance in security at the Lab was because the same contractor, the University of California (UC), had been running Los Alamos for 60 years without fear of losing its contract – no matter how badly it ran the Lab. There was no incentive to do things well. Finally, after much pressure from this Committee and others, then-Energy Secretary Spencer Abraham announced that he would compete the contract. On December 21, 2005, Secretary Samuel Bodman announced that the UC / Bechtel team had won the contract to run the Los Alamos Lab. At the time, many doubted that this team was anything more than the same old UC in new clothing. However, Secretary Bodman stated:

I cannot stress enough . . . that this is a new contract, with a new team, marking a new approach to management at Los Alamos. It is not a continuation of the previous contract. That is how our Department views the situation from this point forward. . . . There has been quite a bit of turmoil and uncertainty over the last few years. Today’s announcement is designed to relegate that tumult to the past, and to usher in a new era of invaluable, cutting-edge science at Los Alamos. So this is a good decision for the men and women who make up this lab. And let me take this opportunity to mention that this evening, Ambassador Brooks will be flying to New Mexico.

Yet, here we are just over one year later and Ambassador Linton Brooks has been asked to resign; our nation’s secrets have been mishandled by Los Alamos – again; and the suspicions of many were fulfilled: Nothing has really changed at Los Alamos after all. In fact, I fear things may actually be getting worse. Not only has NNSA has failed to correct security issues, but the agency has determined that it wants even less oversight of Los Alamos and has implemented a new pilot program in which oversight has been handed over to the contractor itself.

Since 2001, when POGO began investigating the security of the Nuclear Weapons Complex, there have been at least seven instances in which classified information was mishandled at Los Alamos. Classified computer disks have gone missing; computers that may have contained classified information somehow disappeared from Lab property, either having been stolen or lost; classified information has been transmitted through unsecured emails; and the list goes on. A cyber-security episode has occurred, on average, nearly once a year since POGO began its investigation. And all these instances occurred after the infamous episode of the two missing hard drives, which contained highly classified, Sigma-14 Nuclear Emergency Search Team (NEST) data and which were later discovered with all the fingerprints wiped away behind a Xerox machine.

Now, in the most recent incident, a subcontractor employee freely took over 200 pages of hard-copy classified documents and over 400 classified documents on flash drives to her home, which she shared with a drug dealer.1 This could only have happened if there was a complete collapse of multiple supervisory and security systems. It was only by happenstance that she was caught, not because an effective security system was in place. We never would have known about this security breach if it hadn’t been for a domestic disturbance. Furthermore, we have no way of knowing how many other instances like this are out there but have flown below the radar. It is important to remember that NNSA attempted to keep this incident secret from Congress and the public, until POGO learned about it eight days after a local police raid.

As a side-note, if media reports and statements by investigators are accurate, this most recent case points to extraordinary failures in the personnel security clearance process, in addition to cyber-security failures at the Lab. However, given that this case is still under investigation, we don’t believe it is appropriate to discuss the security clearance process in a public session. Furthermore, it is only since this incident that Lab management is recommending that Los Alamos employees be subjected to drug testing, which I understand is very controversial at the Lab. How could it have taken so long to take such a basic step? Even my 16 year-old son had to take a drug test to work at Target, where he straightens up the ketchup bottles.

After the most recent security incident at the Lab, a cyber-security audit was launched. According to a Lab email, which I would like to submit for the record, “As a result of the preliminary findings of [the Cyber Security] audit, LANL has agreed to suspend all non-essential classified computing activities for a least the next 48 hours by the close of business today.” This is not the first time security failures have significantly impacted operations at the Lab.

In 2000, shortly before leaving office, then-Secretary Bill Richardson announced the complex was going “media-less” or “disk-less,” so that there would no longer be Classified Removable Electronic Media (CREM) to be lost or stolen. The labs ignored the order. In May 2004, then-Secretary Abraham announced that the complex was going to a disk-less system. Again, the labs ignored the order. Then, two months later after yet another mishandling of classified media, Abraham shut down all classified operations at Los Alamos for over eight months. This closure cascaded around the complex and, in total, cost the taxpayer over $500 million because the contractor continued to get paid while little or no work was accomplished over those months. UC was not penalized for this, and it is unclear what, if any, costs were disallowed during this period. Instead, UC was re-awarded the contract. And after all that time and money, flash drives are being discovered in trailer park meth labs.

I suspect Secretary Bodman will soon be announcing a new initiative to solve cyber-security problems, and I am sure he is genuine in his belief that his directives will fix the problem. But those of us who have been around for a while have reason to be skeptical.

CYBER-SECURITY IS NOT THE ONLY PROBLEM AT LOS ALAMOS

In addition to cyber-security failures, Los Alamos continues to suffer from safety problems. Recent safety incidents include: a post-doctoral student was shot in the eye with a laser; two workers were forced to work in an area where acid was burning their lungs; a hose came loose in a glove box at TA-55, seriously contaminating several workers with highly carcinogenic plutonium; a worker was contaminated with americium, and went on to contaminate houses and cars in four states costing over one million dollars to clean up; and the plutonium facility was forced to shut down for over a month when it was discovered that the sprinkler heads in the fire suppression system had been non-functional for years because they had been painted over, costing $6 million to replace them. At the time, DOE also discovered that the contractor, the University of California, had never tested the fire hoses in the plutonium facility. Despite these and other examples that demonstrate how the Lab minimizes the value of safety and security requirements, NNSA has rewarded the Lab with decreased supervision through the self-policing pilot program.

In addition to mishandling our country’s nuclear secrets and repeated safety violations, Los Alamos has also been the home of a litany of corruption and misconduct. Many of you were on the subcommittee that heard the testimony of two top security officials at Los Alamos, Glenn Walp and Steve Doran. They described uncovering crimes ranging from petty theft to organized fraud, and the Lab’s active efforts to conceal this misconduct. As thanks for their good work, Walp and Doran were fired and escorted off the property by armed guards. As you may recall, a number of Lab officials were fired over misconduct surrounding the Walp and Doran revelations, and others were sent to prison. What you may not know is that after the furor died down, a number of those individuals were either re-hired or given huge payouts from the Lab. This is clear evidence of a culture that punishes those who raise concerns and protects those who “protect” the Lab from scrutiny.

Auditors at Los Alamos also continue to come to POGO with serious concerns about the auditing and investigations functions at the Lab: Because these functions have been so pared down, and because the contractor has the ability to control and limit access to cost and pricing data, there are no honest, independent reviews to determine how the $2.2 billion that taxpayers give to Los Alamos annually is spent. In December 2005, the DOE Inspector General supported the claims of whistleblowers, stating their allegations “had merit because our results were similar and Los Alamos officials acknowledged that internal control weaknesses existed . . . .” 2 Yet, rather than being rewarded for their diligence, the whistleblowers were given no work for years and treated as though they themselves were the problem.

LOS ALAMOS IS NOT THE ONLY PROBLEM IN THE COMPLEX

It is important to remember that Los Alamos is a big problem, but also that it is not the only problem in the nuclear weapons complex. Senator Chuck Grassley (R-IA) has been performing aggressive oversight of security failures at the Sandia National Lab for several years, but those failures are beginning to raise their ugly heads again. Alarms are allegedly being turned off – apparently to make it easier for guards to sleep. At Pantex, where hundreds of nuclear weapons are stored and dismantled, significant safety breakdowns have been identified by the Defense Nuclear Facilities Safety Board, yet DOE has done little to address these concerns. NNSA has imposed two fines for safety, the higher for almost $124,000, but this is a slap on the wrist for the contractor given the $30 million award fee. At Los Alamos and Y-12, where over 400 tons of highly enriched uranium are stored, DOE has waived until 2011 the requirement that the sites meet security standards (the Design Basis Threat).

And at the moment, the contract to operate Lawrence Livermore Lab is up for competition. It appears, however, that this competition may be in name only: The same contractor that currently operates Livermore – UC – is poised to get the contract again. In 2006, then-House Appropriations Subcommittee on Energy and Water Chairman David Hobson wrote of his concerns, and I ask that the entire letter be entered into the record:

I am very disappointed with the results of the contract competitions that the Department has conducted to date. . . . I have had potential competitors inform me that their companies will not invest the time, effort, and expense to prepare a proposal for the Livermore contract because they believe that the Department is determined to award the Livermore contract to the University of California. . . . In mandating competition, it was the intent of Congress to attract the widest possible group of interested bidders to bring in fresh ideas and new talent to support the Department’s mission. Unfortunately, the Department of Energy’s national laboratories are not viewed as a competitive marketplace but as a playground for political patronage. The Department of Energy has resisted moving in the direction of fair and open competitive processes. Unfortunately, the Department has insisted on using the flawed Los Alamos competition as a model for the competition for the Livermore contract, which telegraphed to the contractor community that innovative ideas and concepts would not be favorably received. . . . We need a procurement process that fosters greater competition, not a process that essentially guarantees the status quo.

LOS ALAMOS AS THE BAD CHILD

Despite these other sites that also urgently need addressing, Los Alamos sticks out as the bad child. Why?

There is a joke around the complex that goes something like this: The Secretary of Energy tells the three national labs to jump. Sandia asks how high, Livermore makes an excuse for why it’s too busy to jump, and Los Alamos asks who the Secretary of Energy is. Los Alamos sticks out as the bad child because of its consistent and utter disregard for federal oversight.

At this rate, we can all schedule next year’s hearing right now, given the likelihood that we’ll still be discussing problems at Los Alamos unless the entire incentive system is reversed.

RECOMMENDATIONS

Secretary Bodman sent a strong message earlier this month when he asked NNSA Administrator Brooks to step down. He made it clear he was serious and wanted change. But getting a new Administrator is not enough: There needs to be an upheaval in the current system of incentives.

First, there needs to be a renewed commitment to independent federal oversight from the Department of Energy. In its current state, the Site Office is non-functional. There are apparently over twenty vacant federal positions in that office. Fewer than a handful of qualified security and safety federal experts are charged with overseeing about 15,000 contractor employees over a 40 square-mile area.

This problem was highlighted by both the Mies and Chiles Commissions. In response, NNSA compounded the problem: rather than beefing up the Los Alamos Site Office, NNSA starved it and turned much of its oversight authority over to the contractor. The proper solution would be to install a robust team of qualified safety and security personnel who are empowered to oversee and enforce contractual requirements – and who are rewarded for doing so. This means NNSA Headquarters needs to make it a priority to fund these efforts, and to promote federal employees who are thorough in their work.

You also have before you today two men who have collectively issued hundreds, or even thousands, of recommendations for improving security and safety at the labs – DOE Inspector General Greg Friedman and Director of the Department of Health, Safety and Security (HSS) Glenn Podonsky. Yet no one is held responsible at NNSA for implementing their recommendations. Why do we keep asking the Inspector General and HSS to investigate and audit these sites if their recommendations fall on deaf ears? The problems we are discussing today are far from new. In fact, they are infuriatingly familiar.

Inspector General Friedman has offered twelve detailed recommendations for computer-security, as well as a number of recommendations to improve the personnel security clearance process, in the most recent Los Alamos case alone.3 Officials at NNSA or Los Alamos should be held accountable if these recommendations are not implemented, or at least be forced to present a convincing argument to justify why they have not done so.

In addition to creating an incentive for federal overseers to do their jobs, we also need to make Lab officials feel the consequences when there are failures. The surest way of doing so is to hit the contractor’s pocketbook. The problem is that the current fee structure does not reflect the importance of both safety and security. Of the $51 million on the table for FY 07, currently only about $3 million of that amount is tied to security. Fortunately, that small percentage of the fee – 6% – is not set in stone and should certainly be revisited and dramatically increased. The Performance Incentive Fee should be recalculated and equally weighted to reflect the equal importance of accomplishing the mission, ensuring security, and doing so safely. Currently, completing the program is vastly more valued than having strong safety and security systems – even though failures in safety and security have repeatedly and adversely affected programs. Those incentives should be changed. At the very least, it is clear that DOE should cut the Performance Incentive Fee for the most recent security debacle at Los Alamos.

Another tool that should be utilized is the cost-reimbursement nature of the Los Alamos contract. HSS Director Podonsky currently has a team of investigators at Los Alamos focusing on enforcing the Price-Anderson Act and trying to determine whether or not to assess a penalty for failure to uphold security standards. Historically, such penalties have generally been small in comparison to the fees the contractors receive, and therefore create little incentive for improvement. This is an opportunity to show the Lab how seriously the government takes safety and security: DOE should disallow costs associated with Los Alamos’ failure to perform adequately.

POGO also recommends that the “at will” employment provision at Los Alamos be changed. This type of employment creates a clear disincentive for Lab employees who try to raise concerns: if an employee is the bearer of bad news to management, the employee can be fired “at-will.” Having seen this scenario play out repeatedly over the last few years, it is no wonder that problems fester until they explode. There is no incentive for the employees to step forward given the tenuous nature of their employment. Furthermore, although this “at will” employment policy is not in effect at Livermore, the employee union is very concerned it might be imposed on them if UC wins the contract competition.

Another recommendation is for Congress to audit the missions currently being conducted at Los Alamos. Few people on Capitol Hill are aware of the various missions being performed there. Is the disparate nature of the Lab’s work making it harder to maintain excellence in safety and security? Is the science being conducted reflecting the Congress’ sense of the most urgent priorities that could be tackled by these scientists? For decades, Los Alamos has operated as a sacred cow with no serious oversight. I hope this is the beginning of a new era.

In closing, I would like to alert you to the fact that DOE will soon be submitting a request for $150 billion to fund a wildly ambitious project to revamp the nuclear weapons complex, known as Complex 2030, which will include creating the capacity to produce 125 new warheads per year. This Reliable Replacement Warhead (RRW) is envisioned to be a new and “more usable” nuclear warhead. Over the past decade, despite hearing after hearing, report after report, commission after commission, the complex has been unable to fix the egregious security and safety failures that have plagued it. There is no reason to believe that the situation will improve under this new plan. Before any funding for further expansion is approved, the security of the current complex and the safety of its workers must be ensured.

Endnotes

1. “Nuclear lab’s security scrutinized,” CNN, October 26 2006; “Drug Raid Yields Los Alamos Documents,” by Lara Jakes Jordan, Associated Press Writer, October 25, 2006; “New Details Emerge In Los Alamos Case: Top Nuke Lab Data Leak Apparently Discovered During Drug Bust; Officials Search For Ties,” CBS News, October 25, 2006.

2. Assessment of Changes to the Internal Control Structure and their Impact on the Allowability of Costs Claimed by and Reimbursed to Los Alamos National Laboratory under Department of Energy Contract No. W-7405-ENG-36. Audit Report Number: OAS-V-06-07. U.S. Department of Energy Office of the Inspector General. December 23, 2005.

3. Selected Controls Over Classified Information at the Los Alamos National Laboratory. Special Inquiry Report to the Secretary, Audit Number OAS-SR-07-01. U.S. Department of Energy Office of Inspector General. November, 2006.