19 January 2005
Energy's Abraham Discusses Security Changes at Nuclear Facilities
Outgoing energy secretary says department has made major improvements
The outgoing U.S. energy secretary says he takes personal pride in the enhancement of security programs and improvements in the overall performance of the security personnel and programs protecting nuclear assets vital to U.S. national defense.
Spencer Abraham, speaking to DOE security personnel in Washington January 18, discussed the state of security at Department of Energy (DOE) facilities as of September 11, 2001, and the changes made since that time. Abraham said security failures at DOE nuclear weapons laboratories and production facilities have plagued the department for years. Previous corrective actions, he said, led to the establishment of the National Nuclear Security Administration (NNSA) in 2000. The creation of NNSA was necessary, he said, but not sufficient, explaining that a change in the culture was needed. “We had to bring a new attitude and mindset to how we think about security.”
Beginning with the department’s threat-assessment process, Abraham said he has directed that DOE’s design basis threat (DBT) statement be reviewed annually, and that he personally approved two enhancements to the document in 2003 and 2004. These adjustments, he said, even though some are not yet fully implemented, are “significant increases in the level of protection afforded to our most sensitive national security assets.”
Abraham said he also established the Office of Security and Safety Performance Assurance (SSA) “to foster a more collegial relationship between the DOE Headquarters elements and the field offices that form the Department's safeguards and security program.” He believed that DOE protection program improvements could be done faster and better by improving relationships and interactions between headquarters elements and the field.
Since making those changes, the energy secretary said he has focused on further needs he sees for DOE facilities security:
-- Enhancing cyber security programs to reduce the department's vulnerability to cyber threats and to improve classified data storage/use controls;
-- Consolidating sensitive national security assets to reduce the number of potential targets requiring enhanced protection;
-- Deploying contemporary advancements in security technologies to fortify DOE's "defense in depth" security posture and to implement more cost-effective security solutions;
-- Developing an "elite" protective force -– analogous to the military’s special operations forces -- to secure DOE assets effectively against a wider spectrum of hostile threats; and
-- Improving training programs and institutions in order to develop and maintain DOE's personnel within the security and safety disciplines.
The first of these initiatives centered on shoring up DOE defenses in the protection of the intellectual properties and sensitive data that the department possesses during the course of normal operations. In an era in which massive strides in information retrieval, processing and storage occur on a weekly basis, it was necessary to give the information security program a 21st century focus, Abraham said. The first step was to charter the SSA, through its Office of Cyber Security and Special Reviews, to conduct more stringent probes and attacks on U.S. information systems through enhanced performance testing, including the use of no-notice vulnerability scanning and penetration testing.
Abraham also discussed implementation of the DOE Cyber Security Initiative, and a consolidation program for special nuclear material within DOE sites around the United States, which he termed “by far the most effective measure that can be implemented to reduce the threat of a terrorist attack on the nuclear materials.” He then mentioned specific facilities within sites that have been or will be closed because of the consolidation program, thereby lessening the number of facilities needing enhanced security.
January 18, 2005
Remarks for Energy Secretary Abraham
Forrestal Building, Washington, DC
Thank you all for coming.
Today, I want to speak to you about the major improvements our Department has made in protecting our most sensitive national security assets.
As the 10th and longest serving Secretary of Energy in U.S. history, I have been witness to and been a part of the implementation of significant change amid the diverse missions that this Department has been entrusted to perform in an effective, safe, and secure manner. One of these areas in which I take personal pride is the enhancement of security programs and improving the overall performance of the security organizations protecting the nuclear assets critical to our national defense.
Previous security failures at the Department’s nuclear weapons laboratories and production facilities, some of which played out very publicly in the national headlines, had plagued the Department for years. Past corrective actions by the Department to address these failures centered on the implementation of various leadership changes and organizational realignments within the headquarters security organization, and eventually became the catalyst for the establishment of the semi-autonomous National Nuclear Security Administration or NNSA within the Department four years ago. Those were important changes; but they were not enough. It was clear that structural reorganization would be insufficient without a change in the culture. We had to bring a new attitude and mindset to how we think about security.
Less than nine months after our Administration took office, the urgency of this task was made unmistakably clear by the horrifying events of September 11th . We could no longer afford to regard the security of our nuclear facilities as an afterthought. So, over the last 39 months, our Department has initiated a series of definitive corrective action to improve the security posture and enhance security systems effectiveness across the national nuclear weapons complex.
Let me begin with the Department’s threat assessment process, which determines the appropriate protection measures to effectively secure nuclear weapons components, Special Nuclear Materials, and other sensitive national security assets under DOE’s control. In retrospect, during the years leading up to 9/11, the Department had not sufficiently monitored developments in the threat environment and, as a result, was not sufficiently prepared to address the magnitude of the threat posed by the attacks on the World Trade Center and the Pentagon.
In response to September 11th, armed security forces within the Department were required to far exceed their normal capacity in order to protect personnel and sensitive facilities from a threat level they were not originally established to defend against. Let me point out, however, that though the available security forces were stressed beyond their intended design, they adapted to the unforeseen circumstances appropriately. The security response was sufficient to counter the threat, and commendable in its rapid and effective execution.
Nevertheless, we clearly had to re-evaluate the kinds of threats we might be facing, and the nature of our security response. The Department’s Design Basis Threat (DBT) statement, which was first developed in the mid-80’s had been reviewed and adjusted over the years on an infrequent basis. Details of the postulated adversary size and capabilities contained within the DBT are classified. I can say, however, that the DBT that was approved in 1995 and had remained unchanged until 9/11 was at its lowest level since its initial inception, and paled in comparison to levels played out in the 9/11 attacks.
Though many factors were at work here, the predominant one was undoubtedly the budget process. In essence, the lower the threat, the lower the security posture to defeat the threat, thereby the lower the routine operational cost to implement. Though this past budgetary driven orientation and infrequent assessment of the threat level left the Department flat-footed during a critical period of our nation’s history, the Department was able to effectively respond to the challenge due to the dedication and professionalism of its federal and contractor employees. To avoid such a potentially detrimental miscalculation in the future, the Department must determine the level required to protect our nation’s nuclear security assets based upon the frequent review and formulation of a realistic and credible threat spectrum.
Over the 39 months following 9/11, I have directed that the Department’s DBT be reviewed on an annual basis against the best intelligence information available, and I have personally reviewed and approved two increases in the size of the DBT—one on May 20, 2003 and again on October 18, 2004. These adjustments in the DBT represented significant increases in the level of protection afforded to our most sensitive national security assets. While many of these security enhancements have already been accomplished through short-term measures, we must continue to assure that these vital upgrades are successfully implemented, and that the results of future annual threat assessment activities are based solely upon the latest and most credible intelligence information available.
Clearly, this dramatic increase in the size of our security effort comes with a price tag. But we have made sure that it is fully funded, regardless of other objectives, because this is our top priority.
In addition to this critical change in the development of the DBT, the Department initiated additional changes within its organizational structure to further enhance its competency in managing activities in the areas security and counterintelligence. Under my direction, the Department proposed legislation to consolidate the two separate counterintelligence programs of the Department and the NNSA into a single office to rectify the counterproductive division of this activity within the Department.
In addition, I established the Office of Security and Safety Performance Assurance or SSA to further improve security management and to foster a more collegial relationship between the DOE Headquarters elements and the field offices that form the Department’s safeguards and security program. While I continued to hold line managers accountable for effectively implementing security programs, it was my belief that the Department’s efforts to improve protection programs could be accelerated, and could yield more effective results, through improved relationships and interactions between Headquarters elements and the field. Since its creation in December 2003, the SSA has served as the primary catalyst for increasing the effectiveness and timeliness of protection program upgrades, and for identifying and implementing appropriate technologies where needed in the field.
Though it was generally recognized that the overall protection posture within the Department had improved and was considered to be satisfactory, there remained evidence that it required further improvement to assure that it was fully prepared to successfully and indisputably thwart the future threats of a dedicated and resourceful adversary. To this end, in May 2004, I set out my “Vision of Security for the 21st Century” in a speech at our Savannah River site. This Vision set forth a multi-pronged approach towards furthering the improvement in our security programs, and strengthening our defenses against hostile attacks in whatever forms those attacks might take.
In the speech, and in the subsequent congressional testimony by Deputy Secretary McSlarrow a few days later, we outlined a security plan that consisted of several key points:
- enhancement of cyber security programs to reduce the Department’s vulnerability to cyber threats and to improve controls in the storage and use of classified data;
- consolidation of sensitive national security assets to reduce the number of sensitive targets requiring significant levels of protection and thereby reducing their associated costs;
- deployment of contemporary advancements in security technologies to fortify the Department’s defense in depth security posture and to implement more cost-effective security solutions;
- implementation of measures to foster the development of an “elite” protective force to effectively secure Departmental assets against a wider spectrum of hostile threats;
- and improvement of training programs and institutions in order to develop and maintain the Department’s human capital within the security and safety disciplines.
The first of these initiatives centered on shoring up our defenses in the protection of the intellectual properties and sensitive data that the Department possesses during the course of normal operations. In an era in which massive strides in information retrieval, processing, and storage occur on a weekly basis; it was necessary to give our information security program a 21st century focus. The first step was to charter the SSA, through its Office of Cyber Security and Special Reviews, to conduct more stringent probes and attacks on our own information systems through enhanced performance testing, including the use of no-notice vulnerability scanning and penetration testing.
The next step was to implement a Cyber Security Initiative that:
- facilitated dissemination of cyber threat information;
- coordinated the identification and selection of enhanced intrusion detection systems to identify cyber attacks;
- developed policies and procedures designed to minimize the Department’s exposure to Internet threats;
- improved cyber security awareness among the workforce;
- and redefined processes to improve the operational security aspects of publicly available information online.
The third step was to eliminate the ability of an insider to transport classified data in electronic form on physical media outside of approved classified processing areas through the implementation of a more secure classified desk-top computing approach. To accomplish this goal, the Department’s Chief Information Officer has been tasked with the responsibility for identifying and implementing high-speed diskless computing technologies to perform desk-top weapons design functions within five years.
Another major security initiative is focused upon the consolidation of Special Nuclear Material across the complex. By far the most effective measure that can be implemented to reduce the threat of a terrorist attack on the nuclear materials at eleven DOE sites around the country is to reduce the number of attractive targets within its operational facilities.
This potential reduction in risk must be weighed against operational support requirements necessary to accomplish the important work conducted at these facilities in support of maintaining the nation’s nuclear deterrence capability. We must continually balance the critical work performed at the Department’s facilities against the protection of those very same facilities against the threat of terrorist acts. In the end, the Department is obligated to reduce the number of sites possessing Special Nuclear Material to an absolute minimum, consistent with accomplishing its mission, and to minimize the risk to the remaining materials at each site through consolidation.
The Department has made substantial progress toward this goal. In September 2004, the Department began moving Special Nuclear Material from the controversial Technical Area-18 at Los Alamos National Laboratories to the more secure setting of the Nevada Test Site’s Device Assembly Facility. Upon completion of the movement of these materials, TA-18 will no longer perform missions involving the use of Category I or II Special Nuclear Material.
In the area of facility closure, examples of expedited progress within the DOE complex include:
- the Rocky Flats Environmental Technology Site;
- and Oak Ridge’s K-25 facility.
Other facilities have been identified for decontamination and decommissioning, and will be de-inventoried as soon as possible to facilitate closure activities.
The list of these facilities targeted for closure includes:
- Savannah River Site’s 200 F canyon and 100 K reactor basins;
- Oak Ridge National Laboratories’ Building 3019;
- and Hanford’s Plutonium Finishing Plant.
In order for us to achieve the necessary consolidation of materials, we must locate adequate final storage facilities. This includes not only identifying suitable facilities that provide inherent protection properties for sensitive nuclear materials, but also working with state and local governments at the potential receiving sites.
In addition to these infrastructure and material security measures, we are also making good progress in ensuring the highest quality and appropriate number of security forces personnel. In its immediate response to the attacks of 9/11, the Department enhanced its security posture through a combination of increases in security officer staffing, deployment of additional weapons and equipment, and greater restrictions on personnel access and facility operations. These measures varied to some degree from site to site based upon unique local circumstances and perceived site-specific threats. Due to the prolonged time frames required to hire, train, and eventually obtain suitable security clearances for security police officers, increased staffing was initially achieved through the considerable burden of overtime on existing forces. Given the protracted clearance process that was in place at that time, the Department modified its personnel security program to streamline the process in order to be more responsive to the needs of the field, while maintaining effective internal security precautions. Since that time, additional security police officers have been hired, trained, and cleared to assist in alleviating the overtime burden.
The last remaining question is whether these security personnel should operate under a single contractor, but with different contracts at the various sites, a single contract throughout all DOE facilities, or whether they should be made a federal force. We are comprehensively studying that question now in order to determine the best, most effective, option.
In addition to providing adequate numbers of our security force, we are also working bolster its defense in depth strategy and to increase the availability of protective forces to train on critical tactical response skills. The Department has only begun to scratch the surface of a virtual gold mine of innovative thinking and technological development that is well within its own competencies and capabilities. To focus this technological development capacity within the Department on security upgrades, in July 2004 I established the Pacific Northwest National Laboratories as the “DOE Center of Excellence for Technology Deployment”.
As demonstrated by our military forces in Afghanistan and Iraq, prudent and judicious application of technology can serve as a force multiplier to enhance protective force response to a hostile attack by:
- increasing their tactical ability to bring effective fire upon an adversary force;
- enhancing their survivability against hostile fire;
- and improving the command and control of responding forces.
We in DOE pride ourselves on our technology. We are well known worldwide as a source of safeguards and security technology, and we have developed and applied such technologies for use by other Federal agencies and other governments. It’s high time we take advantage of this technological base, and apply it more frequently to our own security needs. Therefore, in concert with the Center of Excellence for Technology Deployment, I have directed NNSA and SSA to establish a Blue Sky Commission charged with identifying emerging security technologies that we should invest in, or possibly modify for our use. This will be a long term effort to complement the near-term proposals I have just outlined, and will focus on technologies that could alter security over the coming decades.
While the implementation of security technology is intended to limit the Department’s dependency upon increased protective force staffing levels, the Department has also instituted its “elite protective force” initiative to further enhance the knowledge, skills, and physical abilities of protective force personnel to effectively respond to a wider range of violent terrorist threats. Currently, the Department’s armed protective forces represent the very best of their kind, not just within the DOE complex, but also in the world. Over the years the security police officers that comprise this force have consistently maintained a set of challenging training qualifications and physical fitness standards similar to those of police organizations considered to be the best in the country. However, those police type standards, as challenging as they might be, are no longer adequate to support the protection needs of the Department’s nuclear weapons complex in light of the recent developments in the terrorist threat.
As a case in point, in its recent comprehensive review of the Department’s protective forces, the SSA highlighted in its report that the role of the protective force in recent years has transitioned from the classic police operational model to a more military oriented model requiring an intensive focus on the move, shoot, and communicate skills normally attributed to those capabilities of elite military ground combat units. Even before the events of 9/11, we all admired the elite military units that defend our country -- units such as the Special Forces, Rangers or SEALS. Though we have units within the Department’s protective forces that exhibit this same level of excellence, I foresee a future in which all protective forces directly responsible for the protection of our most sensitive assets are transformed into such an elite fighting force.
Upon the announcement of these security initiatives, I directed the NNSA and SSA to jointly review the options available to the Department to achieve the implementation of an elite force at DOE facilities possessing Category I or II quantities of Special Nuclear Material. The findings of the review were reported in October of this year and were reiterated in a recent memorandum to my office from the NNSA Administrator and the SSA Director. In their correspondence they recommended that the Department undertake a series of specific actions designed to elevate protective force capabilities to the elite level. In regard to specific protective force actions, the review recommended that the Department:
- infuse protective force policy with an “expectation of excellence” and an emphasis on combating the armed terrorist threat;
- implement medical and physical fitness standards necessary to support “elite force” performance capabilities;
- reorganize protective force shifts into tactically cohesive units with appropriate operational command, control and communications systems;
- reorient protective force assignments to concentrate response resources in a tactical posture;
- require development of tactical response plans that locate protective forces either in direct defense of target locations or in appropriate ready response positions;
- relieve protective force personnel of non-essential routine duties to permit concentration on training and testing in support of their primary tactical mission;
- maximize focus on tactical training by directing the initiation of training shifts in order for them to training as a team in the manner that they are expected to fight;
- institute more rigorous and frequent performance testing to hone critical tactical skills in realistic and demanding environments;
- and reexamine the applicability of current industrial safety standards against the levels needed to satisfy the intensity and rigor of required tactical training.
The Department must continue to proceed with the implementation of these and other protective force recommendations to achieve the elite protective force envisioned in this initiative. There will be significant hurtles to overcome, however, the investment in time and energies will result in significant benefits towards the assurance that the national nuclear security assets under the control of the Department are secure against anticipated hostile threats.
The final initiative that I wish to address today closely supports the achievement of the elite protective force initiative, in that it involves the improvement of training programs and institutions in order to develop and maintain the Department’s human capital within the security and safety disciplines.
In July 2003 the NNSA Administrator formed a commissioned headed by Admiral Henry Chiles to examine the specific needs of the NNSA concerning the recruitment, development, and maintenance of security professionals within its ranks. The results of this review were reported in March of this year and based upon the recommendations of this commission we have initiated corrective action, not only within the NSSA, but within the Department’s entire safeguards and security community to develop and maintain a high degree of security expertise. With the establishment of the SSA in December 2003, the Department took the first of several essential steps towards the advancement of security and safety training programs.
One of the first orders of business for the newly established SSA was the reformation and management of the Department’s National Training Center in Albuquerque, NM. Throughout 2004, this Center has made promising progress towards the Department’s goal of creating a focal point for the development, training and refinement of safety and security skills and practices to be applied throughout the DOE complex. On November 5th of this year I determined that the NTC was ready to take on its new mission and formally designated the NTC as the “Center of Excellence in Security and Safety Professional Development for the Department of Energy.” Though significant progress has been achieved, a considerable amount work still lays ahead of the NTC and the Department in the enhancement our capability to service the training and professional development needs of our personnel within the security and safety disciplines.
These are some of the actions we have undertaken to improve security at the Department’s nuclear sites. It is a task we have taken very seriously. Indeed, I believe the level of our commitment be seen in the fact that under our Administration, the budget for these programs has increased from less than $1 billion, to almost $2 billion annually. We have, almost literally, doubled our efforts to make the Department’s facilities safe and secure.
Before I close, I would like to add a word about the private energy sector. There is perhaps no topic that I am asked about more frequently than the vulnerability of the nation’s energy infrastructure. Private power plants, oil refineries, pipelines, the electricity grid, and other such facilities are obviously not Department of Energy sites. But they are essential to our national and economic security. A terrorist attack resulting in a major disruption in our energy supply could be devastating to our economy.
So our Office of Energy Assurance has been working with the Nuclear Regulatory Commission and the Department of Homeland Security to identify the most crucial components of our energy infrastructure, and suggest ways that private industry, in cooperation with government, can improve security and mitigate the dangers of a possible attack. Part of this effort has involved a reinvigorated effort to communicate and cooperate with state governments, which usually have jurisdiction over these facilities.
We are also deploying the Department’s special technological expertise through a cyber security initiative for the private sector. Working with the Energy Assurance Office, our Idaho National Engineering and Environmental Laboratory is identifying and addressing vulnerabilities in the computer programs—so-called SCADA [pron. SKAY-da] networks—that runs power plants, control switches, and otherwise regulate the nation’s energy systems. This initiative is helping to provide secure, reliable, and efficient computer processes across the energy sector.
These are some of highlights of what our Department has done over the last four years to improve the overall preparedness and performance of our security programs. Many objectives have been completed and many initiatives require further support and commitment by the Department of the future to bring them into fruition.
In order to sustain the progress in the performance of its security programs, the Department must continue to:
- base the design of its protection measures and defensive strategies on current, credible, and realistic assessments of the threats;
- complete the crucial security upgrades already in progress in order to maintain the highest levels of protection in a cost-effective manner;
- and refine the organizational structure of its various elements charged with security responsibilities to foster a security organizational culture with a consolidated focus – the consistent application of effective protection measures for the security of the sensitive and vital assets entrusted to the Department.
Furthermore, in order to effectively fulfill future security needs and to successfully withstand the threats and challenges in the years to come, I hope that the Department will continue to move ahead with the plan we outlined in the “Vision of Security for the 21st Century.”
The Department must remain committed to:
- enhance its cyber security programs to reduce the Department’s vulnerability to cyber threats and to improve controls in the storage and use of classified data;
- consolidate sensitive national security assets to reduce the number of sensitive targets requiring significant levels of protection;
- deploy advanced security technologies to reinforce the Department’s defense in depth security posture;
- implement an “elite protective force” to effectively secure Departmental assets against a wider spectrum of hostile threats;
- and improve training programs and institutions to develop and maintain critical security expertise within the Department’s human capital.
Continued support towards the implementation of these security initiatives will assist in ensuring that the Department is adequately positioned to successfully protect its sensitive nuclear materials, personnel, facilities, and the surrounding communities from the impacts of potential hostile actions against Department of Energy interests.
During the transitional process of relinquishing the reigns of my office, I hope to effectively relay to my successor the vital role that the security program plays in the protection of the national security assets entrusted to the Department.
As I have publicly stated on previous occasions - as Secretary of Energy my philosophy on security has been quite simple: When it comes to the security of a Department with the responsibilities ours has – of maintaining the nation’s nuclear weapons stockpile, providing nuclear propulsion for the Navy, and coordinating global nonproliferation efforts – there is no room for error.
I am proud of what have accomplished over the last four years, and I believe the progress we have made will make it possible for my successor complete this vital work.
Forrestal Building, Washington, DC