On New Year’s Day, CBS News correspondent Sharyl Attkisson reported on yet another security scandal inside the nation’s nuclear weapons laboratories. She told viewers that a nuclear plant in Oak Ridge, TN, recently discovered that about 250 keys controlling access to sensitive areas had turned up missing. This comes on the heels of a November Energy Department report that revealed the loss of both master keys and master key cards at Lawrence Livermore National Laboratory in California. And earlier in the year, there were reports that another nuclear weapons lab in Albuquerque, NM, had also lost a set of master keys.
As is their custom, lab spokesmen were quick to assure the public that America’s nuclear secrets are safe and secure. At Oak Ridge, one told the media, “We are confident that sensitive information and materials have been properly protected.” He went on to assure us that most of the missing keys were to “administrative, non-sensitive functions,” although he did admit that several keys to “medium security areas” were still missing. Livermore lab issued a similar statement in November. Its press release declared, with regard to the missing master keys and key cards, “there was no evidence that classified materials were jeopardized.” The loss represented “only a minimal increased risk to classified information.” In December, after public revelations that Los Alamos had, once again, lost several classified computer disks, a lab press release declared, “national security was not jeopardized by this incident.”
Beyond the self-serving nature of these statements, the American taxpayer might be justified in asking just how the labs would know if classified information or even nuclear material had gone missing. A 1999 government report openly raised that very question. After a lengthy investigation into lab security practices, the President’s Foreign Intelligence Advisory Board concluded, “the potential for major leaks and thefts of sensitive information and materials has been substantial at the labs.” The Board warned “such security lapses would have occurred in bureaucratic environments that would have allowed them to go undetected with relative ease.”
The Board’s warning took on new meaning when it was learned that Los Alamos scientist Wen Ho Lee had been moving nuclear warhead data stored on a classified lab-computer network across to an unclassified network for years?undetected. A monitoring system set up to detect such activities was triggered at least twice by Lee’s unauthorized activities?but lab system administrators ignored the alerts. The unclassified network storing Lee’s nuclear library was successfully hacked hundreds of times from outside the United States.
Reorganizations and restructuring of the Energy Department, mandated by Congress and implemented in 2000, were supposed put a stop to all this. Then Secretary Bill Richardson appointed a retired Air Force general as his “Security Czar” and established an independent office within the Department to act as his “junkyard dogs” by aggressively monitoring lab compliance with security regulations. Lab management contracts would henceforth contain performance clauses that tied compliance to financial awards.
But if the November Energy Department report is accurate, that system of independent oversight seems to have failed. The report documents the Livermore lab’s handling of missing sets of master keys and also master key cards. In the course of an inventory, Livermore discovered that it had been missing two master keys for at least three years. Another master key and two master key cards were missing for what the report labels an “Indeterminate period.” Lab security officials seemed unconcerned about the loss; they told inspectors that missing keys always turned up, at least they always had in the past. The report criticizes the officials for failing to recognize that the lab had experienced a “double failure,” defined as “two primary types of security locks protecting the same area compromised at the same time.”
Worse yet, it was learned that Energy Department oversight inspections of Livermore security practices had failed to uncover the loss of master keys and master key cards. Consistently since at least 2000, Livermore’s performance on “key control and inventory” has been rated “Satisfactory.” Overall, Livermore’s physical security systems have been rated “Effective performance.” In short, the “junkyard dogs” did not live up to their billing; they failed to detect the potential threat to security resulting from the “double failure.” The November report concluded there can be “little doubt that the level of security afforded [sensitive/classified] areas was adversely affected.” But those ratings ensured the labs would receive their performance fees and bonuses on time.