Today, for at least the 14th time in eight years, the House Energy and Commerce Committee’s Subcommittee on Oversight and Investigations held a hearing on security problems at the Department of Energy’s (DOE) national nuclear weapons labs.
While most of the Members said they were exasperated with DOE’s inability to resolve reoccurring cyber and physical security problems, none of them asked how DOE or the National Nuclear Security Administration (NNSA) is using the power of the purse to bring its contractors in line.
As part of Los Alamos National Laboratory’s (LANL) $2.7 billion contract with Los Alamos National Security LLC (LANS), there is a $73 million award fee. Some of this fee could be subtracted from LANS due to poor security at LANL. Both the DOE Inspector General and the Government Accountability Office (GAO) testified about remaining weaknesses in LANL’s cyber security. Yet, none of the Members wanted to know if, and when, NNSA will tie LANL’s lack of solutions to a lower performance fee.
Nobody pressed DOE/NNSA for how it was responding to the GAO’s findings that LANL’s contract is currently structured to reward compliance with policies, but not actual performance on strengthening security.
NNSA’s new Chief of Defense Nuclear Security, Brad Peterson, did briefly mention “fines when appropriate,” but none of the members probed to find out when that would be appropriate. Or the more important question: What progress has been made to strengthen NNSA’s puny and anemic Los Alamos Site Office (LASO), which houses the oversight responsibility for the Lab and the contract officers who figure out the performance fees?
Unfortunately, DOE’s Chief of the Office of Health, Safety, and Security (HSS), Glenn Podonsky, kept deflecting attention from DOE’s cyber security weaknesses by pointing out the vulnerabilities for the rest of the federal government. However, we were impressed that Podonsky created a "Red Team" of six staffers who conducted unannounced tests of LANLS' security of unclassified information. These vibrant exercises in oversight resulted in the Red Team’s download of 40,000 internal LANL documents… quite telling. POGO would like to see Podonsky conduct more unannounced tests.
No one challenged this, so we thought we should: Sandia National Laboratory’s Chief, Thomas Hunter, bragged about his dedicated cyber security personnel and made a big point about the need to retain a “strong core of committed people with excellent skills,” which is ironic in that Sandia fired Shawn Carpenter (before Hunter's tenure as Lab Director), one of the nation’s most talented cyber security experts. Carpenter later won a $4.3 million dollar court settlement.
Other questions we would have asked:
- How is DOE’s recently unveiled GSP any better at measuring security than the DBT it replaced?
- How did Livermore Lab’s Director not know its Gatling gun didn’t work, the guards hadn’t trained, and performance tests were not being conducted? The terrorists would have walked away with enough plutonium for several nuclear weapons!
- In the past, the Committee was told that there were significant improvements in cyber security at LANL… and then CREM-de Meth occurred in 2006. How are you certain such an oversight does not happen again?
We were delighted that the Committee organized the panels with the oversight bodies testifying before the agencies, so that the Members could probe the agency leadership about the investigative findings. This is an important tactic not seen frequently enough during oversight hearings, and prevents a situation where the DOE and NNSA officials, as well as the Lab Directors, could leave the room before hearing the IG, GAO, and HSS testimony.
-- Ingrid Drake and Peter Stockton
CORRECTION: Our commenter "paycloserattention" is right. Podonsky's testimony stated that the red team's most recent activity penetrated a non-NNSA part of DOE.