flux. As a result, NNSA site office officials said that each office is carrying out oversight activities as it deems appropriate. Second, as a result of the lack of clarity in NNSA's management structure, NNSA site offices have not been consistent in how they assess contractor safeguards and security activities. Consequently, NNSA cannot be assured that all facilities are subject to the comprehensive annual assessment that DOE policy requires. Third, once problems are identified, ÑNSA contractors do not consistently conduct the analysis DOE policy requires in preparing corrective action plans. The corrective actions are developed without fully considering the problems' root causes, the risks posed, or the cost versus benefit of taking corrective action. Thus, potential opportunities to improve physical security at the sites are not maximized. And last, NNSA site offices have shortfalls in the total number of staff and in the expertise for effectively overseeing contractors. This could make it more difficult for site offices to effectively oversee security activities. Site officials said that they will fill some vacancies through a virtual organization. However, it will take time to work through some of the difficulties associated with making the transition to this approach. As a result, NNSA cannot be assured that its contractors are working to a maximum advantage to protect critical facilities and materials from adversaries seeking to inflict damage. In our May report, we made four recommendations to address these problems, that are designed to improve NNSA's security management and oversight. Since the issuance of our report, NNSĂ has made progress in addressing the problems we identified, including publishing a Safeguards and Security Functions, Responsibilities, and Authorities Manual and developing and issuing guidance for corrective action plans. Beyond these changes sound safeguards and security management will have to play a key role in helping DOE and ÑNSA adjust to the post-September 11 security environment. Before I take the second issue on, do you want me to break? Then, here would be a good place. Mr. TURNER [presiding]. No. Please continue. Ms. NAZZARO. Continue? OK. I would now like to discuss DOE and NNSA response to the terrorist attacks of September 11, 2001. In this regard, we examined three issues: DOE's and NNSA's immediate response to the attacks, DOE's efforts to develop the design basis threat document, and the challenges DOE and NNSA face in meeting the requirements of the new DBT. DOE and NNSA took immediate steps to improve security in the aftermath of the September 11 terrorist attacks. For example, DOE and NNSA moved to a higher level of security that required, among other things, more vehicle inspections and security patrols. DOE and NNSA also conducted a number of security-related reviews, studies and analysis and increased communication with Federal, State and local officials. While these steps are believed to have improved DOE's and NNSA's security posture, they have been expensive. These steps have required extensive overtime, which has had a considerable negative effect on DOE's and NNSA's protective force through fatigue, reduced readiness, retention, and reduced training. Furthermore, until fully evaluated, the effectiveness of these measures is uncertain. Based on the number and capabilities of the terrorists involved in the September 11 attacks, DOE and NNSA officials realized that the then-current DBT, which was issued in 1999 and based on a 1998 Intelligence Community assessment, was obsolete. However, formally recognizing these new threats by updating the DBT has been difficult. DOE's effort to develop and issue a new DBT took almost 2 years; it was issued just last month. The effort to develop a new DBT was slowed by, among other things, disagreements over the size of the potential terrorist group that might attack a DOE or NNSA facility and how much it would cost to meet the new threat. Implementation of the new DBT will be challenging. Successfully addressing the increased threats will take time and resources as well as sound management, leadership, and new ways of doing business. Currently, DOE does not have a reliable estimate of the cost to fully protect DOE and NNSA facilities against the new DBT. Further, once funds become available, most sites estimate that it will take from 2 to 5 years to fully implement, test, validate, and refine strategies for meeting the new DBT requirements. Meeting these challenges will require DOE and NNSA to provide sustained sound management for their safeguards and security program. Given the materials DOE and NNSA possess, physical security at DOE and NNSA facilities cannot fail. Mr. Chairman, that concludes my statement. I would be happy to respond to any questions you or the Members may have. Mr. TURNER. Thank you. [NOTE.-The GAO report entitled, "Nuclear Security, NNSA Needs to Better Manage Its Safeguards and Security Program," may be found in subcommittee files.] [The prepared statement of Ms. Nazarro follows:] GAO For Release on Delivery June 24, 2003 United States General Accounting Office Testimony Before the Subcommittee on National International Relations, House Committee NUCLEAR SECURITY DOE Faces Security Statement of Robin M. Nazzaro, Director GAO Accountability * Integrity * Reliability June 24, 2003 NUCLEAR SECURITY DOE Faces Security Challenges in the What GAO Found NNSA has not been fully effective in managing its safeguards and security The number and capabilities of the terrorists involved in the September 11 attacks rendered obsolete DOE's design basis threat, last issued in 1999. However, DOE's effort to develop and issue a new design basis threat took almost 2 years; it was issued in May 2003. This effort was slowed by, among other things, disagreements over the size of the potential terrorist group that might attack a DOE or NNSA facility. Successfully addressing the increased threats will take time and resources, Mr. Chairman and Members of the Subcommittee: I am pleased to be here today to discuss our work for this Subcommittee on physical security at the Department of Energy (DOE) and the National Nuclear Security Administration (NNSA)-a separately organized agency within DOE.' DOE and NNSA recognize that a successful terrorist attack on a facility that contains nuclear weapons or nuclear weapons materials could have devastating consequences for the facility and its surrounding communities. DOE and NNSA rely on their safeguards and security programs to ensure the physical security of NNSA's nuclear weapons complex. Currently, the complex has four production sites-in Missouri, South Carolina, Tennessee and Texas-and three national laboratories that design nuclear weapons in California and New Mexico. DOE's Office of Environmental Management is responsible for cleaning up former nuclear weapons sites that contain some nuclear weapons materials, including sites in Colorado and Washington State. To implement their safeguards and security programs, NNSA and the Office of Environmental Management rely on contractors that are responsible for conducting day-to-day security activities and adhering to DOE policies. The contractors' activities are subject to DOE/NNSA oversight. NNSA and the Office of Environmental Management have offices site offices-co-located with each site. Over the past decade, we and others have raised concerns about the adequacy of security at nuclear weapons facilities within the department and NNSA. For example, we reported to you last month that NNSA needs to better manage its safeguards and security program. Concern over security within the nuclear weapons complex was brought into sharper focus by the September 11, 2001, terrorist attacks. These attacks highlighted the importance of effective physical security in response to a challenging and well-organized terrorist threat. Following the September 11 terrorist attacks, you asked us to review physical security at DOE and NNSA's most sensitive facilities those 'Physical security is the combination of operational and security equipment, personnel, and procedures used to protect facilities, information, documents, or material against theft, sabotage, diversion, or other criminal acts. U.S. General Accounting Office, Nuclear Security: NNSA Needs to Better Manage Its Safeguards and Security Program, GAO-03-471 (Washington, D.C.: May 30, 2003). |