force-on-force performance testing, in which the site's protective forces undergo simulated attacks by an adversary team. The results of these assessments are documented at each site in a classified document known as the Site Safeguards and Security Plan. In addition to identifying known vulnerabilities and risks and protection strategies for the site, the Site Safeguards and Security Plan formally acknowledges how much risk the contractor and DOE are willing to accept. Specifically, for more than a decade, DOE has employed a risk management approach that seeks to direct resources to its most critical assets-in this case specified quantities of Category I special nuclear material and mitigate the risks to these assets to an acceptable level. DOE strives to keep its most critical assets at a low risk level and may insist on immediate compensatory measures should a significant vulnerability develop. Compensatory measures could include such things as deploying additional protective forces. Through a variety of complementary measures, DOE ensures that its safeguards and security policies are being complied with and are performing as intended. Contractors perform regular self-assessments and are encouraged to uncover any problems themselves. In addition to routine oversight, DOE and NNSA site offices are required by DOE Orders to conduct comprehensive annual surveys of contractors' operations for safeguards and security. These surveys, which can draw upon subject matter experts throughout the complex, generally take about 2 weeks to conduct and cover such areas as program management, protection program operations, information security, nuclear materials control and accountability, and personnel security. The survey team assigns ratings of satisfactory, marginal, or unsatisfactory. Currently, most of the DOE and NNSA facilities that we examined have been rated satisfactory in most areas. All deficiencies (findings) identified during a survey require the contractors to take corrective action. DOE's Office of Independent Oversight and Performance Assurance provides yet another check through its comprehensive inspection program. This office performs such inspections roughly every 18 months at each DOE and NNSA site that has Category I special nuclear material. NNSA Needs to Better As we reported to you on May 30, 2003, NNSA has not been fully effective Manage Its Safeguards and Security Program in managing its safeguards and security program in four key areas, and therefore it cannot be assured that its contractors are working to maximum advantage to protect critical facilities and materials from individuals seeking to inflict damage. The four key areas are the following: • Defining clear roles and responsibilities. Since its creation in March 2000, NNSA's management structure has been in a state of flux. In December 2002, NNSA issued what it considers final directives for reorganizing headquarters and site offices; however, NNSA expects it will take until at least September 2004 to fully implement its new management structure. This still-developing management structure has led to confusion about the safeguards and security roles and responsibilities of headquarters and site offices. For example, at the time of our review, NNSA headquarters could not provide details on how it intends to (1) monitor the NNSA site offices' performance with respect to safeguards and security or (2) address deficiencies. At the end of May 2003, however, NNSA released a Safeguards and Security Functions, Responsibilities and Authorities Manual. This manual, which NNSA itself recognizes as crucial, is intended to set out roles and responsibilities clearly. • Assessing sites' security activities. Without a functional management structure and with ongoing confusion about roles and responsibilities, inconsistencies have emerged among the NNSA sites on how to conduct key aspects of safeguards and security assessment activities. In particular, three out of the seven NNSA site offices use the traditional survey approach, as required by DOE policy, to oversee security activities, while four have discontinued surveys and instead rely on surveillance activities. The distinction between these two activities is important: A survey provides a comprehensive annual review, by a team of experts from throughout NNSA, of contractor safeguards and security and generally takes about 2 weeks. In contrast, surveillance relies on a single or small number of NNSA site officials to oversee one or more aspects of a contractor's safeguards and security activities throughout the year. However, officials from DOE's Office of Security-which developed the policy for conducting surveys believe the surveillance model does not comply with the DOE order because it does not provide a comprehensive overview. Furthermore, officials from DOE's Office of Independent Oversight and Performance Assurance and NNSA headquarters have expressed concern about the site offices' ability to conduct surveillance because of shortfalls in available expertise. The four site offices have been able to operate using only surveillance activities because, during the reorganization of the management structure, NNSA has not issued guidance on complying with DOE policy for conducting surveys. Overseeing contractors' corrective actions. NNSA contractors do not consistently conduct the analyses DOE policy requires in preparing corrective action plans, which compounds the problems of ensuring physical security. Inconsistency occurs because the NNSA site officials do not have implementation guidance from headquarters on how to address corrective actions. Of the 43 corrective action plans we reviewed for 1999 through 2002, less than half showed that the contractor had performed the required root cause analysis. Furthermore, less than 25 percent demonstrated that the contractor had performed a required risk assessment or cost-benefit analysis. As a result, potential opportunities to improve physical security at the sites were not maximized because corrective actions were developed without fully considering the problems' root causes, risks posed, or cost versus benefit of taking corrective action. However, at the seven sites we visited in 2002, the site offices and contractors are making some progress in establishing formal processes for root cause and other analyses. Nevertheless, inconsistencies remain regarding the approaches used to complete these analyses. For example, some site processes specify that root cause analyses will be conducted for all corrective action plans, while other sites consider the completion of these analyses optional. NNSA did, however, recently issue guidance to its sites regarding compliance with DOE Orders on corrective actions. ⚫ Allocating staff. NNSA has shortfalls at its site offices in the total number of staff and in areas of expertise, which could make it more difficult for the site offices to oversee safeguards and security effectively and to ensure that the agency fully knows security conditions at its sites. According to officials at five of the seven site offices we visited, they have, or expect to have, an average of 2 to 6 vacancies per site for overseeing contractors' safeguards and security; typically, each site expects to have 10 to 14 security-related positions within the next 2 years. The vacancies occur, in part, because staff are reluctant to move to locations they view as less desirable and because NNSA has frozen hiring in response to budget constraints. Some of these vacancies are for specialists in particular subject areas, such as Industrial Security Systems-a key specialty needed for conducting physical security inspections. The lack of expertise and staff could be further complicated for some sites by NNSA's realignment plan. Under this plan, NNSA expects to streamline federal oversight of contractors and reduce headquarters and field staff by 20 percent by the end of fiscal year 2004. Site officials said that they will fill some vacancies through a virtual organization in which experts at other locations will assist with certain components of the surveillance activities. However, it will take time to work through some of the difficulties associated with making the transition to this approach. I would like now to discuss DOE and NNSA's response to the terrorist attacks of September 11, 2001. I will cover DOE's and NNSA's immediate response to the attacks; DOE's efforts to develop a new DBT that DOE and NNSA sites must be prepared to defend against; and the challenges DOE and NNSA face in meeting the requirements of the new DBT. DOE and NNSA took immediate steps to improve physical security in the aftermath of the September 11, 2001, terrorist attacks. These steps included the following: Raised the Level of Security Readiness. DOE's most visible effort Enhanced Protective Force Responses. On October 3, 2001, the Secretary of Energy issued a classified directive that ordered more robust protective force responses and increased levels of performance testing for the protection of certain special nuclear material at DOE's and NNSA's most critical facilities. 'SECON levels are pegged to the national threat level issued by the Department of Homeland Security. For example, a national level of ORANGE equates to SECON level 2 for DOE facilities. Conducted Security Reviews, Studies and Analyses. DOE and NNSA also conducted a number of security-related reviews, studies, and analyses. For example, within days after the terrorist attacks, DOE and NNSA officials conducted a classified assessment of their facilities' vulnerabilities to an attack such as the one on September 11. This assessment came to be known as the 72 Hour Review. In addition, NNSA organized a 90-day Combating Terrorism Task Force, composed of 12 federal and contractor employee teams that looked at a number of security areas. One team, the site-by-site security review and vulnerability assessment group, identified over 80 prioritized security improvement projects, totaling more than $2 billion, that could be completed within 5 to 6 years. These projects ranged from hiring additional protective forces to consolidating special nuclear material. Increased Liaison with Federal, State, and Local Authorities: Before the September 11 terrorist attacks, DOE and NNSA headquarters offices and sites maintained a variety of relationships, memoranda of understanding, and other formal and informal communications with organizations such as the Federal Aviation Administration, Federal Bureau of Investigation, and state and local law enforcement and emergency management agencies. After the terrorist attacks, DOE and NNSA officials increased their communication with these organizations and established direct links through sites' emergency operations centers. Because of the potential threat of aircraft attacks created by the September 11 attacks, sites worked closely with the Federal Aviation Administration and the U.S. military. While these steps are believed to have generally improved security, they have been expensive and, until fully tested using DOE's vulnerability analysis approach, their effectiveness is uncertain. With respect to improved security, implementation of SECON levels 2 and 3 has, for example, increased the visible deterrence at DOE and NNSA sites by placing more guards around the sites. Studies and analyses, such as the 72 Hour Review, have also resulted in different and less vulnerable storage strategies for some special nuclear material. DOE and NNSA have hired additional protective forces and are training them. Finally, some longrecognized security enhancement projects have received more funding, such as the construction of a new highly enriched uranium materials facility at the Y-12 Plant, and the removal of some of the Los Alamos National Laboratory's most sensitive materials and equipment to a more modern facility at the Nevada Test Site have been accelerated. At the same time, it has been expensive to implement the increased SECON measures. DOE and NNSA sites estimate that it costs each site |