This document is an ASCII formatted version of a printed document. The page numbers in this electronic version may not be in the same order as the printed document. The printed document may also contain charts and photographs which are not reproduced in this electronic version. If you require the printed version of this document, contact the Office of Inspector General (IG-1), Department of Energy, 1000 Independence Avenue, SW, Washington, DC, 20585 or call the Office of Inspector General Reports Request Line at (202) 586-2744. DATE: December 1, 1995 IN REPLY REFER TO: IG-1 SUBJECT: INFORMATION: Report on Audit of the Department of Energyms Site Safeguards and Security Plans TO: The Secretary BACKGROUND: The Department's Safeguards and Security program is designed to provide appropriate, efficient, and effective protection of the Departmentms nuclear weapons, nuclear materials, facilities, and classified information. Department of Energy policy, contained in DOE orders, specifies that Departmental interests shall be protected against a range of threats through the development of Site Safeguards and Security Plans (SSSPs). The SSSP is intended to depict the existing condition of safeguards and security site-wide and by facility, establish improvement priorities, and provide an estimate of the resources required to carry out the necessary improvements. The purpose of the audit was to determine if the Office of Safeguards and Security was using revised SSSP guidance as ldefacton policy to evaluate and approve SSSPs, and to determine if the new requirements established by the guidance were justified. The attached report is being sent to inform you of our findings and recommendations. DISCUSSION: The SSSP guidance issued by the Office of Safeguards and Security was used as policy to prepare, complete, and review field site security plans. This guidance was not coordinated with and did not receive concurrence from Headquarters program offices and field sites. In addition, the guidance established new unjustified protection requirements and was used improperly as a tool to evaluate field site performance. The Departmental Directives System Manual states that guidance may only provide non-binding instructions for implementation that are not mandatory and do not establish new requirements. Moreover, policy directives can only be issued with the appropriate review, coordination and concurrence of the affected organizations. We recommended that the Office of Nonproliferation and National Security discontinue using guidance as policy for evaluation, approval, and concurrence of Site Safeguards and Security Plans until they have been formally coordinated and concurred on by program and field elements. We also recommended that all proposed policy changes and guidance, when used as policy, be coordinated with affected program and field offices through the Departmental Directives System. Although the Office of Nonproliferation and National Security agreed that guidance should not be used as policy, they have not agreed to implement the recommendations and stated that they will continue to use the guides. In addition, they did not agree that the guidance issued by their office established requirements or that the new security requirements were unjustified. (Signed) John C. Layton Inspector General Attachment cc: Deputy Secretary Under Secretary U.S. DEPARTMENT OF ENERGY OFFICE OF INSPECTOR GENERAL AUDIT OF THE DEPARTMENT OF ENERGYmS SITE SAFEGUARDS AND SECURITY PLANS The Office of Inspector General wants to make the distribution of its reports as customer friendly and cost effective as possible. Therefore, this report will be available electronically following alternative addresses: Department of Energy Headquarters Gopher gopher.hr.doe.gov Department of Energy Headquarters Anonymous FTP vm1.hqadmin.doe.gov Department of Energy Human Resources and Administration Home Page http://www.hr.doe.gov/refshelf.html Your comments would be appreciated and can be provided on the Customer Response Form attached to the report. This report can be obtained from the U.S. Department of Energy Office of Scientific and Technical Information P.O. Box 62 Oak Ridge, Tennessee 37831 Report Number: DOE/IG-0382 Capital Regional Audit Office Date of Issue: December 1, 1995 Germantown, Maryland 20874 AUDIT OF THE DEPARTMENT OF ENERGY'S SITE SAFEGUARDS AND SECURITY PLANS TABLE OF CONTENTS Page SUMMARY........................................................ 1 PART I - APPROACH AND OVERVIEW ............................... 3 Introduction.................................................... 3 Scope and Methodology................................. 3 Background...................................................... 4 Observations and Conclusions.................. 5 PART II - FINDING AND RECOMMENDATIONS .... .............. 7 Use of Security Guidance............................. 7 PART III - MANAGEMENT AND AUDITOR COMMENTS ...... 14 U.S. DEPARTMENT OF ENERGY OFFICE OF INSPECTOR GENERAL OFFICE OF AUDIT SERVICES AUDIT OF THE DEPARTMENT OF ENERGY'S SITE SAFEGUARDS AND SECURITY PLANS Audit Report Number: DOE/IG-0382 SUMMARY The Department of Energy (Department) is required to protect its nuclear facilities from unauthorized access and theft, diversion, or destruction of special nuclear materials such as plutonium and uranium-235. The facilities housing such nuclear materials are subject to special safeguards and security planning requirements. The steps taken by the field sites to meet these requirements are outlined in a document entitled the lSite Safeguards and Security Plann (SSSP). We initiated the audit at the request of the Office of Nonproliferation and National Security to evaluate the progress made in the SSSP process. The audit was performed to determine whether SSSP guidance was used as policy to evaluate and approve the site plans and whether new security requirements established by the guidance were justified. The SSSP guidance issued by the Office of Safeguards and Security was used as policy to prepare, complete and review field site security plans. This guidance was not coordinated with and did not receive concurrence from Headquarters program offices and field sites. In addition, the guidance established new unjustified protection requirements and was used improperly as a tool to evaluate field site performance. The Departmental Directives System Manual states that guidance may only provide non-binding instructions for implementation that are not mandatory and do not establish new requirements. Moreover, policy directives can only be issued with the appropriate review, coordination and concurrence of the affected organization. These problems occurred because field sites were required to accept the SSSP guides as policy since their site plans would be evaluated against the guidance requirements. The Office of Safeguards and Security had previously tried to issue the new requirements through the Directives System but was unsuccessful in obtaining program and field office concurrence. Subsequently, the guides have not been resubmitted as policy documents through the Department's Directives System. Of the five locations we visited, three had identified facilities that would be pushed above the Office of Safeguards and Security's acceptable level of low risk when new security (consequence) values were incorporated. Each of the sites will need to devise and install additional compensatory measures because of the increase in consequence values. The Savannah River Operations Office estimated it would need between $5.1 million and $6.7 million for security upgrades and enhancements along with an additional $1.5 million to reevaluate its SSSPs. The Lawrence Livermore National Laboratory estimated it would spend almost $100,000 annually to maintain additional protective force members. The Los Alamos National Laboratory estimated it would need about $1.2 million annually to add protective force members and another $400,000 for security system upgrades to compensate for the increase in risk. The Rocky Flats Field Office could not provide a timely cost estimate for the increase in risk levels. The Idaho Operations Office had previously established security levels that exceeded the new requirements. We recommended that the Office of Nonproliferation and National Security discontinue using guidance as policy for evaluation, approval, and concurrence of Site Safeguards and Security Plans until they had been formally coordinated and concurred on by program and field elements. We also recommended that all proposed policy changes and guidance, when used as policy, be coordinated with affected program and field offices through the Departmentms Directives System. Although the Office of Nonproliferation and National Security agreed that guidance should not be used as policy, they have not agreed to implement the recommendations and stated that they will continue to use the guides. Management also disagreed that: 1) guidance issued by their office established requirements, 2) the new consequence values were unjustified, or 3) the Design Basis Threat Policy should be coordinated with the affected offices. ________(Signed)______________ PART I APPROACH AND OVERVIEW INTRODUCTION The Department of Energy (Department) is required to protect its nuclear facilities from unauthorized access and theft, diversion, or destruction of special nuclear materials such as plutonium and uranium-235. The facilities housing such nuclear materials are subject to special safeguards and security planning requirements. The steps taken by the field sites to meet these requirements are outlined in a document entitled the lSite Safeguards and Security Plann. The overall audit objective was to review the Site Safeguards and Security Plans (SSSPs) to determine if:  the Office of Safeguards and Security was using revised SSSP guidance as defacto policy to evaluate and approve Site Safeguards and Security Plans.  the new requirements established by the guidance were justified. SCOPE AND METHODOLOGY In response to the Inspector Generalms request for suggested audit areas for Fiscal Year 1995, the Office of Security Affairs recommended three programmatic audits. All three audits addressed planning and implementation of Site Safeguards and Security Plans and compliance with the Secretaryms mandate for approval of the security plans. Our audit was begun in response to managementms request with an expanded scope that included an evaluation of the use of security guidance as policy. The audit was performed from October 19, 1994, to March 31, 1995, at five Departmental locations; the Rocky Flats Field Office, the Idaho Operations Office, the Savannah River Operations Office, and the Lawrence Livermore and Los Alamos National Laboratories. Information was also obtained from personnel in the Offices of Safeguards and Security, Defense Programs, Environmental Management, Energy Research, Security Evaluations, and Human Resources and Administration. A review was made of applicable laws and Departmental orders, implementing procedures and practices, and the approved SSSPs and Master Safeguards and Security Agreements for each site visited. We also reviewed changes in the development and approval process for the SSSPs and identified those facilities with difficulties in the implementation process. An evaluation was made of SSSP guidance documents and implementing instructions issued by the Headquarters program offices and the Office of Safeguards and Security. The audit was made in accordance with generally accepted Government auditing standards for performance audits and included tests of internal controls and compliance with laws and regulations to the extent necessary to satisfy the audit objective. We assessed the significant internal controls to determine whether the Department's Headquarters and field organizations had exercised adequate management control over security operations. Because our review was limited, it would not necessarily have disclosed all internal control deficiencies that may have existed at the time of our audit. Computer-processed data was not utilized to accomplish our audit objectives. An exit conference was held with the Office of Nonproliferation and National Security on September 18, 1995. BACKGROUND The Safeguards and Security Program is designed to provide appropriate, efficient, and effective protection of the Department's nuclear weapons, nuclear materials, facilities, and classified information. Department of Energy policy, contained in DOE orders, specifies that Departmental interests shall be protected against a range of threats through the development of SSSPs. The SSSP is intended to depict the existing condition of safeguards and security site-wide and by facility, establish improvement priorities, and provide for an estimate of the resources required to carry out the necessary improvements. The process for preparing and completing the SSSP generally includes the following key elements:  performance by DOE field sites of vulnerability assessments of the protection measures in place at a sensitive facility;  development of the facility plan, called the Master Safeguards and Security Agreement;  compilation of the facility description and the resource plan (this step is under revision and may or may not be present at all sites); and  evaluation of the completed SSSP plan by the field sites, the Office of Security Affairs, and the responsible Headquarters program office. The completed SSSP plan describes basic protection strategies at the facility as well as ways in which each weakness identified will be corrected. In addition, it describes the overall safeguards and security posture of the area surrounding the facility and incorporates information drawn from the vulnerability assessments and operational plans. Instruction for the preparation and completion of the SSSPs is provided in the lFormat and Content Guide for Site Safeguards and Security Plansn (Format and Content Guide) issued by the Office of Safeguards and Security. This guide gives detailed direction on the facilities which must have a SSSP, the format in which the SSSP is written, and the level of protection for special nuclear material. In conjunction with the issuance of the Format and Content Guide, the lSite Safeguards and Security Plan Acceptance Criteria and Review Guiden (Criteria and Review Guide) was also issued. This guide outlines the methods to be used for the review of SSSPs. Various Departmental offices share responsibility for the safeguards and security management and oversight, including plan preparation and review. The Office of Safeguards and Security is responsible for establishing security policy and for reviewing all the SSSPs for compliance with the policy. Headquarters program managers and field site managers have responsibility and accountability for implementing effective safeguards and security measures at the facilities. The field sites, through their survey and validation efforts, evaluate whether the protection measures in place comply with the basic policy requirements. Finally, the Office of Security Evaluations provides independent assurance of the field sites compliance with the requirements through inspections and evaluations. In October 1992, the General Accounting Office reported that the Department had not completed the required security plans for all facilities and stated that the Department had a lack of commitment at all levels to security planning. Since then the Secretary mandated that the Department's Site Safeguards and Security Plans be completed and approved by April 1994. Although not all facilities met this time-frame, all but one facility had an approved SSSP at the end of the field work (March 1995). The Rocky Flats Field Office had completed all evaluations and assessments, but still needed the required Headquarters concurrences and approvals on the document. OBSERVATIONS AND CONCLUSIONS The SSSP guidance issued by the Office of Safeguards and Security was used as policy to prepare, complete and review field site security plans. This guidance was not coordinated with and did not receive concurrence from Headquarters program offices and field sites. In addition, the guidance established new unjustified protection requirements and was used improperly as a tool to evaluate field site performance. The Departmental Directives System Manual states that guidance may only provide non-binding instructions for implementation that are not mandatory and do not establish new requirements. Also, policy directives can only be issued with the appropriate review, coordination and concurrence of the affected organizations. The review showed, however, that field sites were required to accept the SSSP guides as policy because their site plans would be evaluated against the guidance requirements. The Office of Safeguards and Security had previously tried to issue the new requirements through the Departmentms directives system but was unsuccessful in obtaining program and field office concurrence. Improperly establishing policy is counter- productive to the Department's continuing efforts to meet Presidential initiatives to reduce regulatory requirements. In addition, the issuance of new guidance as ldefacton policy with unjustified increases for new SSSP requirements will cause the sites to spend millions of dollars for security improvements or compensatory measures. Of the sites visited, three of the five locations had identified facilities that will be pushed above the Office of Safeguards and Security's acceptable level of low risk when the new security (consequence) values are incorporated. Each of the sites will need to devise and install additional compensatory measures to counter increases in the levels of risk caused by unjustified increases in consequence values. The Savannah River Operations Office estimated it would need between $5.1 million and $6.7 million for security upgrades and enhancements along with an additional $1.5 million to reevaluate their SSSPs. The Lawrence Livermore National Laboratory estimated it would spend almost $100,000 annually to maintain additional protective force members. The Los Alamos National Laboratory estimated it would need about $1.2 million annually to add protective force members and another $400,000 for security system upgrades to compensate for the increase in risk. Cost estimates were not received from Rocky Flats Field Office and Idaho Operations Office. Rocky Flats could not provide a timely cost estimate and Idaho had already established security levels above the new requirements. We recommended that the Office of Nonproliferation and National Security discontinue using guidance as policy for evaluation, approval, and concurrence of Site Safeguards and Security Plans until they have been formally coordinated and concurred on by program and field elements. We also recommended that all proposed policy changes and guidance, when used as policy, be coordinated with affected program and field offices through the Departmental Directives System. Although the Office of Nonproliferation and National Security agreed that guidance should not be used as policy, they have not agreed to implement the recommendations and stated that they will continue to use the guides. Management also disagreed that: 1) guidance issued by their office established requirements, 2) the new consequence values were unjustified, or 3) the Design Basis Threat Policy should be coordinated with the affected offices. Use of guidance as policy by the Office of Safeguards and Security constitutes an internal control weakness that should be considered when preparing the yearend assurance memorandum on internal controls. The audit finding is discussed in detail in Part II of this report. Management's detailed comments, along with auditor responses, where appropriate, are contained in Part III of the report. PART II FINDING AND RECOMMENDATIONS Use of Security Guidance FINDING The Department's Directives System Manual provides that before guidance is allowed to be used as policy it must be coordinated with and concurred upon by program and field offices. Guidance issued outside of the Directives System cannot be used as binding policy to establish new requirements or to evaluate performance. However, the audit showed that guidance issued by the Office of Safeguards and Security was used as policy to prepare, complete, and review site SSSPs. Moreover, the guidance established new unjustified requirements for the protection of special nuclear material and was used improperly as a tool to evaluate site security performance. This occurred because the Office of Safeguards and Security did not follow the directive system for communication of proposed changes including the proper Departmental coordination and concurrence process. Implementing the revised security guidance will cost the Department at least $5.5 million to $7.1 million for upgrades and enhancements and another $1.5 million to reanalyze the sites current SSSPs. In addition, annual costs of $1.3 million will be required for additional protective force members. RECOMMENDATIONS We recommend that the Director, Office of Nonproliferation and National Security ensure that the Office of Safeguards and Security: 1. Discontinue using the lFormat and Contentn and the lCriteria and Reviewn Guides as policy for evaluation, approval and concurrence of Site Safeguards and Security Plans until formal coordination and concurrence has been obtained from program and field elements. 2. Coordinate all proposed policy changes and guidance, when used as policy, with affected program and field offices through the Departmental Directives System. MANAGEMENT REACTION Although the Office of Nonproliferation and National Security agreed that guidance should not be used as policy, they have not agreed to implement the recommendations and stated that they will continue to use the guides. Management also disagreed that: 1) guidance issued by their office established requirements, 2) the new consequence values were unjustified, or 3) the Design Basis Threat Policy should be coordinated with the affected offices. Detailed management and auditor comments are included in Part III. DETAILS OF FINDING DIRECTIVES SYSTEM The Departmental Directives System Manual, dated December 1993, defines the different types of directives and describes the hierarchy of each directive including the use of guidance and policy documents. The Manual prescribes that guidance may only provide non-binding instructions for implementation and that guidance is not mandatory and may not establish new requirements or be used as a tool for evaluating performance. It also outlines the procedures for issuing policy, including development, review, coordination, issue resolution, concurrence, and implementation. The Manual requires Headquarters elements responsible for development of a directive to prepare a project plan that includes performing a cost-benefit analysis. Any ldirectivesn issued outside of the Directives System boundaries are considered unauthorized or lroguen directives. These are defined as guidance or requirements that cross organizational lines and are conveyed by memorandum or other means rather than through the Directives System. SITE SAFEGUARDS AND SECURITY PLANS Department of Energy policy specifies that Departmental interests shall be protected against a range of threats through the development of SSSPs. The SSSP is to show the existing security conditions at each site and facility, establish security improvement priorities, and estimate the resources required to implement the improvements. The SSSP contains the following three volumes:  Master Safeguards and Security Agreement (MSSA);  Facility Descriptions and Operational Plans; and  Resource Plans. Before implementation, the SSSPs must be approved by the Heads of Field Elements and the appropriate program offices, and concurred upon by the Office of Safeguards and Security. The completed SSSP describes basic protection strategies that the site will use and ways each weakness identified will be corrected. SECURITY GUIDES The Office of Safeguards and Security issued two security guides in 1993 that directed how the sites will prepare and obtain approval for their SSSPs. The lFormat and Content Guide for Site Safeguards and Security Plansn provided detailed direction on the facilities which must have a SSSP, the format in which the SSSP is written, and the level of security protection for special nuclear material. In conjunction with the Format and Content Guide, the lSite Safeguards and Security Plan Acceptance Criteria and Review Guiden was also issued. This guide outlines methods for the review and approval of the site SSSPs. The guide requires field and/or operations office security personnel to perform a detailed review of the SSSP that includes onsite observation and performance testing, usually referred to as a validation review. After the validation review, the Office of Safeguards and Security and the Program Offices perform similar reviews called verification reviews. The verification results are used to determine if the SSSP is either approved or not approved by Headquarters officials. COORDINATION AND CONCURRENCE OF SECURITY GUIDES The Office of Safeguards and Security issued guidance that was used as policy to prepare, complete, and review Departmental site SSSPs. This unauthorized policy issued through the Format and Content Guide and Criteria and Review Guide was not coordinated with and did not receive concurrence from affected program and field offices. The guides included new security requirements for protection against theft and diversion of special nuclear material that were increased by security officials without providing adequate justification. In addition, the guidance was used improperly by the Office of Safeguards and Security as a tool to evaluate site security performance. New Requirements Increase Consequence Values The new security requirements developed for protection against theft and diversion of special nuclear material were increased from previously accepted levels. In April 1993 a new Format and Content Guide was issued by the Office of Safeguards and Security which raised the consequence values for all types of materials except assembled weapons and test devices. The increase in these values caused an automatic increase in the risk level assigned to each facility. When a facility's risk level changes, an evaluation of the new level must be completed. If the new level exceeds the acceptable level of low risk established by the Office of Safeguards and Security, upgrades and enhancements must be put in place to return the risk level to low. The consequence values were previously set at levels accepted by the DOE security complex and have been used relatively consistently for the last 7 years. The new values had been discussed at previous quality panel meetings where program and field offices disagreed with raising the values without adequate justification. Several field and program offices have since requested justification for the increase and have not received a response that they considered satisfactory from the Office of Safeguards and Security. Requests for Justification We requested justification from the Office of Safeguards and Security for the increase in the theft and diversion consequence values. Security officials did not provide a valid reason why the increase was made. Instead, our inquiries were redirected to different policy and program officials. Further, one official stated that he could not say why the values went up. Sites could use their own site specific information if they wanted to; however, during the verification review, Headquarters would evaluate the SSSP on the values found in the guidance. Another official could not provide justification for the increase, but stated that if a site could provide adequate justification for using the lower values, that was fine. He added however, that no site has ever used lower values and had their SSSP approved. The Office of Defense Programs had also requested the justification for the increase, but was unsuccessful in obtaining it. Further, officials from the Office of Environmental Management (EM) requested justification for the increase in consequence values and were told that the new values were chosen because no alternative was proposed. Additionally, EM personnel stated that although the field offices disagreed with the values, Security Affairs would be using these values to evaluate the field. In February 1995, a security quality panel meeting was held in Albuquerque, New Mexico. At this meeting, Departmental officials from across the complex again requested justification for the increase in consequence values. Site security personnel who attended the panel informed us that no justification was forthcoming. As of the date of this report, the Office of Safeguards and Security has not responded to these requests for justification. Measuring Site Performance Guidance documents issued by the Office of Safeguards and Security were used improperly as policy for the preparation and approval of SSSPs. The purpose of guides are to instruct, inform, or request action, but they should not establish or change policy, requirements, procedures, or responsibilities. The "Format and Content Guide for Site Safeguards and Security Plans" and its companion, the "Site Safeguards and Security Plan Acceptance Criteria and Review Guide" were proposed as implementing guides to standardize documentation and evaluation of field sites' security plans. When issued as guides, these documents did not require processing through the Department's Directives System and compliance was not mandatory. However, because these guides were used by security officials as an evaluation tool to measure site performance, they were no longer a recommended way of doing business, but the only way. All sites were informed that the two guides would be used to review their SSSPs. In an April 1993 memorandum to all field security directors, the Director, Office of Safeguards and Security stated that his office lintends to use the guides in the course of reviewing plans sent to DOE Headquarters for approval and/or concurrence.n Any comments received on draft SSSPs must be addressed by the site before the Office of Security Affairs will provide their concurrence on the document. Without this concurrence, program office officials will not approve the field site's SSSP and the site remains out of compliance with DOE orders until this approval is received. Some sites had received comments on their SSSPs based specifically on guidance lrequirementsn during Headquarters verification reviews. For example, in a December 1994 memorandum from the Chief of the Materials Control and Accountability Branch, Office of Safeguards and Security, the Rocky Flats Field Office was notified of a nonconcurrence on their SSSP. Listed as a primary concern was the fact that Rocky Flats' SSSP did not reflect the revised 1993 consequence values for theft of special nuclear materials. Those values are found only in the Format and Content Guide issued by the Office of Safeguards and Security. At the completion of audit field work (March 1995), the Rocky Flats' SSSP had still not received the necessary concurrence. Sites do not wish to be cited by the Department's Office of Security Evaluations, the General Accounting Office, or any other reviewing entity for being out of compliance with the approval requirement. For example, the Office of Security Evaluations criticized the Savannah River Operations Office in a 1993 report for having a large and continuing safeguards and security investment that was not supported by a SSSP. Their report found that this office had not based facility planning, program execution, and program evaluation on an approved Master Safeguards and Security Agreement and SSSP. The approval of the SSSP document has also been vital enough to warrant the attention of the General Accounting Office in a report issued in October 1992 (Nuclear Security: Safeguards and Security Planning at DOE Facilities Incomplete, GAO/RCED-93-14). The report cited the Department for having unapproved SSSPs and having a lack of commitment to safeguards and security planning. It continued to say that one of the reasons the SSSPs were not approved was that program guidance from Headquarters was evolving throughout the planning process. An example of noncompliance with the Department's directives system is issuance of the Design Basis Threat Policy (Threat Policy). The Threat Policy dictates the threat strategies used in the SSSP and provides the basis for all security costs incurred by the Department. It is revised regularly by Security Affairs, but no field or program office is given the opportunity to provide input to this document. Program offices in Headquarters have repeatedly asked the Office of Security Affairs to participate in the revision process but the requests have not been granted. For example, the Director, Office of Safeguards and Security Management, Office of Environmental Management, stated in a July 1994 memorandum that it was essential for EM as well as other program offices to be active participants in the Threat Policy annual review. Officials from the Office of Threat Assessment, which assists in addressing national threat issues, stated that they had no problem with allowing program officials an opportunity to participate in the revision process, and, further, that if the Threat Policy was defendable there was no reason not to allow field and Headquarters personnel an opportunity to review it. The Office of Human Resources and Administration agrees that the Threat Policy should be issued as formal Departmental policy; however, they do not currently have a procedure to process and issue classified policy. REASONS FOR CURRENT PRACTICES The Office of Safeguards and Security did not completely follow the appropriate procedures for communication of proposed policy, including the proper Departmental coordination and concurrence. The review showed that although attempts were made to issue the new security requirements through the Directives System, they were met with significant objection and nonconcurrence from Departmental elements and program offices. Consequently, guidance was subsequently issued outside of the Directives System to establish policies that Departmental elements and program offices had nonconcurred in. In late 1992, the Office of Safeguards and Security drafted DOE Order 5630.XX, lSafeguards and Security Management and Planning Process.n This order was sent through the Office of Human Resources and Administration, as required by the directives system, for review and comment by the affected offices. The order contained much the same provisions as the guidance does today and would have established a comprehensive process for the development and issuance of SSSPs, including an expanded base of facilities required to submit SSSPs and a revised format for the SSSPs. The order also would have required the use of the two guides issued by Safeguards and Security. Comments returned on the draft order contained numerous objections to the proposed revisions, including nonconcurrences from the Offices of Defense Programs, Environmental Management, Energy Research, Intelligence (currently part of the Office of Nonproliferation and National Security), and Nuclear Energy. The Office of Defense Programs' comments called for the recision of the guides pending the resolution of nonconcurrences by program offices. The Office of Environmental Management objected to the fact that they had twice previously provided comments that had not been addressed and provided several reasons for their nonconcurrence including the resource intensive verification process called for in the draft order. The Office of Intelligence, now part of the same organization as the Office of Safeguards and Security, stated that lIN [Office of Intelligence] not only disagrees with the order as written, but also with the implied techniques of execution through uncoordinated Guides...n The Office of Nuclear Energy also cited Safeguards and Security for not addressing previous concerns and for not providing cost benefit justification as requested. The draft order has not been processed through the Departmental Directives System since the Office of Safeguards and Security received the nonconcurrence comments. EFFECTS OF GUIDANCE REQUIREMENTS Allowing policy to be issued by means other than the Directives System or Secretarial approval is counter- productive to the Department's efforts to meet Presidential initiatives to reduce regulatory requirements. In addition, the unjustified increases for new SSSP requirements will cause the sites to spend millions of dollars for improvements or compensatory measures. Of the sites we visited, Savannah River Operations Office, Lawrence Livermore National Laboratory, and Los Alamos National Laboratory all have facilities that will be pushed above the acceptable level of risk when the new consequence values are used. Each of these sites will need to devise and install costly additional compensatory measures to counter the increases in the levels of risk caused by the unjustified increases in the consequence values. Compensatory measures would include the designing of new security systems, installation of a Perimeter Intrusion Detection Alarm System, and/or hiring of additional security police officers. At the Savannah River site, between $5.1 million and $6.7 million will need to be spent on upgrades and enhancements and $1.5 million to reevaluate the SSSPs. At Lawrence Livermore National Laboratory almost $100,000 will be spent annually to maintain additional protective force members. Los Alamos National Laboratory will spend $1.2 million annually to add protective force members and $400,000 for security system upgrades to compensate for the increase in risk. Cost estimates were not received from Rocky Flats Field Office and Idaho Operations Office. Rocky Flats could not provide a timely cost estimate and Idaho had already established security levels above the new requirements. Although cost data was not readily available from each Departmental site, we expect that other sites, such as Rocky Flats, will also have to spend significant additional funds to install upgrades and enhancements to their facility protection systems where the new guide requirements have raised their security risks above the lacceptablen level. PART III MANAGEMENT AND AUDITOR COMMENTS Although the Office of Nonproliferation and National Security agreed that guidance should not be used as policy, they have not agreed to implement the recommendations and stated that they will continue to use the guides. Management also disagreed that: 1) guidance issued by their office established requirements, 2) the new consequence values were unjustified, or 3) the Design Basis Threat Policy should be coordinated with the affected offices. Recommendation 1 We recommend that the Director, Office of Nonproliferation and National Security ensure that the Office of Safeguards and Security discontinue using the lFormat and Contentn and the lCriteria and Reviewn Guides as policy for evaluation, approval, and concurrence of Site Safeguards and Security Plans until formal coordination and concurrence have been obtained from program and field elements. Management Comments. Management agreed that the guides should not be used as policy and stated that the lFormat and Contentn and the lCriteria and Reviewn Guides are, in fact, just guides. They were designed to replace the l1989 SSSP Preparation Guiden and have been reviewed numerous times by the field. They will continue to be used. Management also stated that the guidance was designed to provide a consistent and standardized methodology to implement policy. The guides provide the standardization for the planning process, particularly in the areas of development, preparation, review, and acceptance. Eliminating the guides will increase the likelihood that inconsistent approaches for evaluating SSSPs across the Department will be developed and implemented. Such inconsistencies can have significant impacts on safeguards and security programs with respect to efficiencies (e.g., resource allocations) and system effectiveness. The lack of guidance limits Headquarters and the fields ability to evaluate protection program plans and procedures across the spectrum of threats (in terms of consequences and risk) characteristic of facility operations and other factors. Auditor Comments. While management stated that they agreed with the recommendation, their response does not indicate that action is planned to correct the problem identified. By issuing guidance and informing the field sites that they would be evaluated against the guidance requirements, the Office of Safeguards and Security circumvented the Departmentms Directives System (Directives System) and forced facilities to use the SSSP guidance as policy. This guidance is used during the SSSP verification reviews, which involve visits from the Office of Safeguards and Security along with the responsible program offices, (primarily Defense Programs and Environmental Management) to evaluate each SSSP. Safeguards and Security must concur with the document and the Headquarters program office must approve it. Departmental officials have informed us that without Safeguards and Securityms concurrence, the program office managers are unwilling to approve the Site Safeguards and Security Plan. Without this approval, the sites can be cited for noncompliance with Departmental orders by the Office of Security Evaluations. Although the guides used to evaluate site performance have been reviewed lnumerousn times, they were not issued through the Directives System and, consequently, comments provided were not required to be addressed by the Office of Safeguards and Security. The Office of Human Resources and Administration agreed that if the guides were being used to evaluate the SSSPs, then the requirements in these guides were being treated as policy. One official stated that allowing program directors to issue policy defeated the purpose of current initiatives of the National Performance Review and the Presidentms September 1993 Executive Order to eliminate agency internal management regulations. Also the requirements established by the Office of Safeguards and Security in these policies would neither be subjected to review by affected parties nor cost-benefit analyses required under the Directives System. The Office of Inspector General is not advocating the elimination of the guides. We fully support the idea of consistent and standardized methodology for the development of SSSPs. However, use of these guides for site evaluation must be discontinued until they have been issued as policy under the Directives System. Recommendation 2 We recommend that the Director, Office of Nonproliferation and National Security ensure that the Office of Safeguards and Security coordinate all proposed policy changes and guidance, when used as policy, with affected program and field offices through the Departmental Directives System. Management Comments. Management concurred in principle with the recommendations and stated that all proposed policy changes subject to the Directives System must be coordinated with program and field offices. It was further stated that guidance is not considered as policy and therefore implemented programs should not be subject to explicit inspection against the guidance. Requirements, whether or not justified, have never been and cannot be established by guidance. Within the Department, requirements can only be established by policy promulgated through the Directives System. Actual publication of policy, in the form of a Departmental directive is the last step in a process which involves coordination with organizations who are affected by the policy/requirement and who are in a position to provide meaningful input to the process. Guidance issued to the field is only intended as a means to share lessons learned in order to enhance the effectiveness and efficiency of site safeguards and security programs as they endeavor to meet requirements established in the directives. Auditor Comments. Although management agreed in principle, their proposed actions do not meet the intent of the recommendation. As stated in our comments to Recommendation 1, evaluation of the field sitesm SSSPs against the guidance creates ldefacton policy. Therefore, although actual guidance does not require coordination, guidance used as policy does. General Comments The Office of Nonproliferation and National Security twice provided general comments to our report which have been incorporated where appropriate. The Office of Nonproliferation and National Security stated that the protection of weapons, material, information, personnel, and property under the jurisdiction of the Department of Energy is of primary importance to their office. In order to provide proper protection, planning--and subsequent implementation of those plans--must be accomplished correctly and in a timely manner. Management Comments. Management stated that the report erroneously asserts that the guides are policy and mandatory. In fact, the guides are discretionary and the field elements may use any format they choose as long as the tenets and requirements of Departmental orders are met. Auditor Comments. We agree that all guides are supposed to be discretionary; however, the way in which the SSSP guides are used, to evaluate SSSPs, makes them mandatory rather than discretionary. The Inspector Generalms Office does not state that guides are policy and mandatory, only that the SSSP guides have been used improperly and have become ldefacton policy. Since the Office of Safeguards and Security uses the guides to evaluate the SSSP, and the site must have Safeguards and Securityms concurrence on the document, and that concurrence cannot be obtained without following the guides, the guides become mandatory. Management Comments. Management stated that the Departmentms Directives System Manual has never been coordinated and therefore has never been published. It exists only as a draft and therefore cannot establish publication policy requirements. Auditor Comments. The Office of Human Resources and Administration issued the New Directives System Manual (DOE M 251.1-1) in May 1995 and again in October 1995. Prior to its final issuance, the draft was considered and used as policy by the Department. The Manual states, as did the draft, that guides provide non-mandatory, supplemental information and may not impose additional requirements. In addition, it calls for the review of a proposed directive by Departmental Elements and contractors to identify significant issues, determine the feasibility of implementing the proposed directive, provide suggestions for alternate approaches, and provide estimates of implementation costs when requested. Management Comments. The Office of Nonproliferation and National Security disagreed with the idea that the issuance of the Design Basis Threat Policy was an example of noncompliance with the Directives System. They indicated that there are no provisions for classified directives within the Directives System. In addition, they stated that the Design Basis Threat Policy is a national threat statement baseline which represents a coordinated Department of Defense-Department of Energy-Nuclear Regulatory Commission position. The Design Basis Threat Policy is coordinated within the Department with the appropriate elements, e.g., the Threat Assessment office and Counterintelligence office, the only other Departmental elements who can address national threat issues. This coordinated position is crucial to protection reciprocity issues at a time of increased Department of Defense- Department of Energy interaction regarding weapons disassembly and protection of special nuclear material. Auditor Comments. Although there are no provisions for classified directives, one purpose of the Directives System is to ensure cost-effective and efficient use of resources in implementing policy requirements. The Threat Policy currently is a significant driver of security costs and resource allocations and has a major impact on program operations. As stated in the report, officials from the Office of Threat Assessment stated that if the Threat Policy was defendable there was no reason not to allow field and Headquarters personnel an opportunity to review it. The Office of Human Resources and Administration agrees that the Threat Policy should be issued as formal Departmental policy; however, they do not currently have a procedure to process and issue classified policy. In addition, the fact that the Departmentms Design Basis Threat Policy, which is a significant driver of costs in the Department, is classified does not eliminate the requirement for coordination with all affected offices through the Directives System. In this time of budget reductions, it is particularly important to coordinate policy requirements with management since they are responsible for accomplishing set objectives whether they be operational or security. Management Comments. Management stated that in 1993, the Office of Safeguards and Security increased the consequence values contained in the Site Safeguards and Security Planning guide for diversion and theft of special nuclear material. These changes were the result of increased emphasis on radiological sabotage. A working group was established consisting of program office and field representatives to evaluate existing sabotage policies and to recommend changes to these policies to make it more comprehensive. This working group, co-chaired by the Director of the Office of Safeguards and Security, actively participated in the development of interim policy for performing graded assessments of radiological and toxicological sabotage vulnerabilities to achieve greater consistency and completeness in addressing graded protection against unacceptable impacts on the health and safety of employees, the public, the environment, and Departmental programs. Incremental increases in the consequence values were made in 1993 as a function of material type and form and its potential use in a sabotage event. The approach taken in making the changes in the consequence values has been presented to Headquarters and field elements on several occasions as explanations and justifications for this increase in consequence value. One such occasion was a 1994 Vulnerability Assessment Working Group meeting in Albuquerque. At this meeting, participants, representing program offices, operations offices and facilities, were requested to comment on these changes. To date no one has provided comments or impacts of these changes to the Office of Safeguards and Security. Auditor Comments. The increased emphasis on radiological sabotage was the impetus for the creation of the radiological/toxicological consequence values, not increases in the theft and diversion values. They are presented as separate tables in the SSSP guides. Because of the distinction made in the SSSP guides between these values, our audit did not address the justification for the radiological sabotage values. Other members of the developmental working group, cited by the Office of Safeguards and Security, including representatives from Defense Programs and Environmental Management, did not agree with the rationale for the increase in the theft/diversion consequence values and have continued to state this at many discussion opportunities including the 1994 and 1995 Vulnerability Assessment Working Group meetings in Albuquerque. Officials from the Offices of Environmental Management and Defense Programs stated that they never agreed to the incremental change to the consequence values and that they have been trying unsuccessfully to convene a meeting with Nonproliferation and National Security officials to discuss the reasoning behind the increase from the time it was proposed. Management Comments. Management stated that the issuance of the guides was not related to draft order 5630.XX since the guides were in process in early 1991, well before the draft order. The contents of the guides were not included in the draft order and, while most field comments had been addressed, Headquarters opposition to the draft order was directed towards roles and responsibilities and not the body of the order. Auditor Comments. While the guides may have been written before the order, they were included as a requirement of the proposed order. In DOE Draft Order 5630.XX it states that lThe kFormat and Content Guide for Site Safeguards and Security Plansm shall be used as the basis for format, content, and general development of SSSPs. The kSite Safeguards and Security Acceptance Criteria and Review Guidem shall be used in the evaluation of SSSPs and VARs during the review and approval process.n This is further emphasized by the comment to the draft order by the Office of Intelligence which stated that they lnot only disagree with the order as written but also with the implied techniques of execution through uncoordinated Guides....n The fact that the order was never published indicates that the Headquarters and field comments had not been sufficiently addressed by the Office of Safeguards and Security. Management Comments. Management felt that the statement made regarding the cost at Savannah River is misleading. They stated that the Savannah River Operations Office spent over $7 million and five years developing their SSSP, while completing only one plan. Subsequently, the Office of Safeguards and Security sent a team to Savannah River in the spring of 1994. During the two months that the team was at Savannah River, the team utilized the revised planning guidance and completed five planning documents for less than $200,000. Auditor Comments. While it is commendable that the Office of Safeguards and Security aided Savannah River in the completion of their SSSPs for a significantly less dollar figure than what was previously spent, the report primarily focuses on the costs to implement the plans, rather than the costs of initial development. Management Comments. Management also objected to the use of the General Accounting Office report (RCED-93-14) issued October 1992. They stated that, during a close-out meeting between the GAO and the Office of Safeguards and Security, GAO agreed they had been misled by both field and Headquarters elements. GAO also agreed that guidance and policy had not changed prior to late 1992 and that programmatic and field elements still had not completed SSSP/MSSAs after 5 years. Auditor Comments. The documentation used to support the statements made by GAO do not indicate any discussion or agreement on the part of GAO to change the report. We saw no indication that supports the Office of Safeguards and Securityms assertion of misleading information. Moreover, DOE comments to the report include agreement from responsible DOE officials, including the Director, Office of Safeguards and Security with the facts presented in the report. Management Comments. Management asserted that the SSSP guidance was used as guidance, not policy, and that guidance is designed to provide a consistent and standardized methodology to implement policy. In this case, the SSSP guides provide the standardization for the SSSP process, particularly in the areas of development, preparation, review and acceptance. In addition, the guides are discretionary and sites are allowed to use the 1989 guidance, the revised guidance, or develop their own format. However, a plethora of formats and contents will significantly increase the cost and decrease the effectiveness of any planning process and resource optimization initiative. Auditor Comments. The Office of Inspector General does not advocate the elimination of the guides and supports a consistent and standardized methodology. Our report emphasizes that the appropriate review and coordination of the guides take place if they are to be used as evaluation tools. Management Comments. Management stated that the guides are cost-effective in that they provide a cohesive, standardized, consistent format and methodology for the preparation, development, review, and acceptance of MSSAs/SSSPs. This standardization was missing under the process depicted in 5630.13 and 5630.14. Comments at the VA Quality Panels by field sites have stated that the cost to produce a SSSP under the revised format is the same, if not less than the 1989 format and the cost to update and maintain the document is substantially less than the MSSA format. Auditor Comments. Again, we are not advocating the elimination of the guides. We commend the Office of Safeguards and Security for its initiative to introduce a more cost-effective, standardized and consistent format for the SSSP process. Our problem is not with the format itself or with the cost of producing the document. Our concerns are with the use of new requirements without coordination with affected elements and the costs to add security enhancements and upgrades as a result of the implementation of the new SSSPs. IG Report No. DOE/IG-0382 CUSTOMER RESPONSE FORM The Office of Inspector General has a continuing interest in improving the usefulness of its products. We wish to make our reports as respon- sive as possible to our customers' requirements, and therefore ask that you consider sharing your thoughts with us. On the back of this form, you may suggest improvements to enhance the effectiveness of future reports. Please include answers to the following questions if they are applicable to you: 1. What additional background information about the selection, scheduling, scope, or procedures of the audit or inspection would have been helpful to the reader in understanding this report? 2. What additional information related to findings and recommendations could have been included in this report to assist management in implementing corrective actions? 3. What format, stylistic, or organizational changes might have made this report's overall message more clear to the reader? 4. What additional actions could the Office of Inspector General have taken on the issues discussed in this report which would have been helpful? Please include your name and telephone number so that we may contact you should we have any questions about your comments. Name Date ______________________ Telephone Organization ______________ When you have completed this form, you may telefax it to the Office of Inspector General at (202) 586-0948, or you may mail it to: Office of Inspector General (IG-1) Department of Energy Washington, D.C. 20585 ATTN: Customer Relations If you wish to discuss this report or your comments with a staff member of the Office of Inspector General, please contact Wilma Slaughter at (202) 586-1924.