Los Alamos – Security Measures

"Mr. Speaker, I say to Bill Richardson, tell the truth.
He has been traveling around America and this city
saying that when he found out, this administration, that
China stole the secrets to our nuclear weapons,
the W-88 and the W-87, that he took aggressive steps
in 1995 to change that.

Tell the truth, Bill Richardson. U.S. News and World Report,
special feature, July 31, 1995, Hazel O'Leary leaked the plans,
which are in this magazine, for the W-87 nuclear warhead.
Tell the truth, Bill Richardson. It was this administration that
publicly released the documented evidence relative
to our W-87 warhead in U.S. News and World Report,
July 31, 1995.

Tell the truth, Bill Richardson. "

- Congressman Weldon, House of Representatives
June 8, 1999 1

In 1997, the General Accounting Office of the United States made "several recommendations to the Secretary of Energy," including:

• obtain background checks on more of the foreign visitors to the Department's weapons laboratories,

• improve the identification and review of visits by foreign nationals that involve sensitive subjects,

• more thoroughly assess the adequacy of security procedures in unclassified areas of the weapons laboratories, and

• enhance the effectiveness of counterintelligence programs at DOE's headquarters and laboratories. "2

PROTECTIVE FORCES

"Since 1992, the number of protective forces at DOE sites nationwide has decreased by almost 40% (from 5,640 to the current number of approximately 3,500) while the inventory of nuclear material has increased by more than 30%. The number of Protective Force Officers has declined to the point where it is questionable at some facilities whether the DOE Protective Force could defeat an adversary."3

"By 1996 several facilities were no longer capable of recapturing a nuclear asset or facility if it were lost to an adversary. Indeed, a number of sites stopped even training for this mission because resources had been reduced below the minimum level necessary to expect success."4

"Several sites are using performance tests to verify that their Protective Force can defeat the adversary; however, many of these tests are not realistic. For example, performance tests sometimes are not consistent in providing the adversary with the weaponry or explosive breaching devices used by terrorist groups. At times artificial `safety constrains' are imposed on exercise adversary teams that effectively neutralize their ability to operate. This results in `winning' the performance test, in a less than realistic scenario."5

INTERNAL SAFEGUARDS

In 1993, Secretary Hazel O'Leary "ended [the] policy of color coding laboratory security credentials at [the] laboratories" because she thought they were ‘discriminatory’."6 Employees were no longer readily able to determine "where employees could or could not work" or if their presence was permitted "in a particular classified laboratory setting."7 In 1999, around the time of the release of the Cox report, the old procedure was reinstated.8

"DOE's counterintelligence programs have not been based on a comprehensive threat assessment that examines the nature and extent of foreign espionage activities. Such an assessment would analyze the countries of concern and identify for the entire Department the technologies, information, and programs likely to be targeted by these countries. Counterintelligence officials at both DOE and the Federal Bureau of Investigation believe this assessment is needed as a basis for guiding DOE's counterintelligence programs and ensuring that their efforts are properly focused; however, DOE has not conducted such an assessment because of programmatic priorities and the lack of sufficient analytical expertise. Furthermore, DOE has not provided detailed oversight of the laboratories' counterintelligence programs. In this regard, DOE has not developed expectations and performance measures for those programs or periodically evaluated them."9

FOREIGN VISITORS

In 1994, "the Los Alamos and Sandia laboratories implemented a partial exception that DOE had granted..[which] largely avoided the background check process. Since then, DOE has obtained background checks on about 5 percent of the visitors from sensitive countries to these two laboratories."10

"DOE's procedures for obtaining background checks and controlling the dissemination of sensitive information are not fully effective. DOE has procedures that require obtaining background checks, but these procedures are not being enforced. At two of the laboratories, background checks are conducted on only about 5 percent of the foreign visitors from countries that DOE views as sensitive. GAO's review of available data from DOE and the Federal Bureau of Investigation showed that some of the individuals without background checks had suspected foreign intelligence connections."11

"DOE's existing procedures for identifying sensitive subjects lack clear criteria for determining which subjects are sensitive and process controls to help ensure that proposed visits involving potentially sensitive subjects are reviewed by officials at DOE headquarters. Consequently, although the laboratories identified 72 visits involving sensitive subjects during the 1994 to 1996 timeframe, GAO identified other visits that occurred without DOE's review and approval and that may have involved sensitive subjects, such as inertial confinement fusion (a technology with both energy and nuclear weapons applications) and the detection of nuclear weapons testing. . As a result, sensitive subjects may have been discussed with foreign nationals without DOE's knowledge and approval."12

COMPUTERS AT THE LABS

"The DOE Computer Security Program suffers from a variety of problems. One of the primary concerns is the protection of unclassified sensitive information processed by the Department and the relationship of these systems to the classified architecture. Relatively little guidance has been issued on how to protect sensitive but unclassified information. System administrators are charged with the responsibility for designing their own protective measures. Unfortunately, many of them do not have the computer security background or knowledge required to implement a sound computer security program. Attempts to issue comprehensive guidance by [the Office of Safeguards and Security] and the Chief Information Officer as early as 1995 met with significant Laboratory resistance. Several Laboratories complained that providing protection such as firewalls and passwords were unnecessarily expensive and a hindrance to operations."13

"Another area of great concern is the migration of classified information from systems approved for processing classified data to less secure unclassified processing systems…" including:

• "Failure to conduct classification reviews before placing information onto an unclassified processing system;

• "Intentionally creating unclassified data that is very close to classified data to ease processing, and using personal computers at home to process classified information."14

"Energy Department reports show that…as early as 1994, [officials] identified the problem that researchers could transfer data from the secured computer system to the unprotected one. Over the weekend, Department of Energy officials said that a classified report prepared by U.S. intelligence agencies in November showed that there had been numerous efforts to penetrate the weapons laboratories' unclassified computer system. The secret report also noted that China was among a number of nations the laboratories should regard as a threat. Still, investigators didn't examine Mr. Lee's computer until March and didn't close down the classified system until last month."15

RELEASE OF INFORMATION

"People..in the Department of Energy who worked under Hazel O'Leary...have said that under her leadership, there were wholesale actions to declassify massive amounts of information, in some cases boxes and cartons of records that no one had gone through."16

"The controls in the areas of the laboratories that are most often visited by foreign nationals do not preclude their access to sensitive information. Foreign visitors are generally allowed into "property protection," or controlled areas. These areas have lower levels of controls than do security areas in which classified work is conducted. For example, in contrast to the controls in place in security areas, foreign visitors are, in some cases, allowed unescorted, 24-hour access to facilities in controlled areas. Security problems and vulnerabilities involving foreign visitors and sensitive--and in some cases even classified--information have occurred or been identified by the laboratories. For example, at one laboratory, several boxes marked "sensitive materials" were left in a hallway accessible to foreign visitors. At another laboratory, classified information was included in a newsletter sent to 11 foreign nationals."17

On July 31, 1995, U.S. News and World Report published a special report entitled "Shockwave." For that report, Secretary O’Leary released "a documented diagram of the W-87 [nuclear warhead], which up until that point in time was classified."18 "This design shows in some detail the way our most capable nuclear warhead works. It shows and explains the process, it shows and locates the technology, the fuel, the process, the activity, the physics of the way America's most capable warhead would work." 19

"In November [of] 1996, Sandia [Nuclear Lab] no longer allowed foreign nationals to have unescorted after-hours access to controlled areas without the approval of its counterintelligence office. According to Sandia and DOE officials, this change was made because of the potential for security problems that could result from unescorted access. Los Alamos, however, [continued] to allow unescorted after-hours access to preserve what one official described as an open ‘campus atmosphere’ for researchers at its facilities."20

PHYSICAL SECURITY SYSTEMS

"Another area of concern involves aging and deteriorating security systems throughout the DOE complex. Physical security systems are critical to ensure the adequate protection of Special Nuclear Material (SNM). Many facilities have systems ranging in age from 14 to 21 years, and are based on mid-70's to early-80's technology. Because of the obsolescence of these systems, replacement parts and services are increasingly expensive and hard to obtain. Expensive compensatory measures (i.e., protective force response) are required to ensure needed confidence levels of adequate protection. Older systems are also increasingly vulnerable to defeat by advanced technologies that are now readily and cheaply available to potential adversaries. Continual reductions, delays or cancellations in line-item construction funding increases the vulnerability risks to sites protection capability."21

"Also, DOE is not realizing significant savings available through advancements in technology that have increased detection, assessment, and delay capabilities. Some sites are using a variety of nonstandard security alarm and access control systems that have not been fully tested to determine if they contain vulnerabilities, or if they meet Departmental requirements without compensatory measures. Such systems may have back doors or viruses, that allow the insider adversary to cripple the entire site protection system, thus leaving the site vulnerable. Some sites do not have qualified personnel to conduct these vulnerability tests and are generally unwilling to conduct any type of attack on the system to determine if such vulnerabilities can be accomplished."22

It should be noted that, "at Chung's request," the DNC asked "Energy Secretary Hazel O'Leary to meet a Chinese petrochemical executive, at a time when Democratic fund-raisers kept soliciting donations from Chung." That meeting did occur.23

Finally, Mr. McCallum, a 25 year veteran of the DOE, "has been placed on administrative leave and may lose his job. Guess who now sits on the corporate board of directors, being paid, overseeing the operation of that same facility? Hazel O'Leary."24

[ Back ] [ Home ] [ Next ]