Protection of U.S. nuclear arsenal faulted by experts

The federal agency charged with protecting the country's nuclear weapons arsenal should address "shortcomings" in how its secures its facilities, according to a report released on Thursday by the National Research Council.

The report faulted the National Nuclear Security Administration, a semi-autonomous agency within the Energy Department, for lacking a comprehensive understanding of different enemy attack scenarios that could threaten NNSA storage facilities, and warned that security at the agency's sites would remain "out of balance" without strengthened agency leadership and a "major shift in approach."

NNSA leaders also do not understand the full extent of the "interactions and dependencies among security [systems]," NRC asserted. Sarah Case, the NRC program officer who was study director of the report, declined to elaborate on the security interactions and dependencies referenced in the report, citing the full report's classified status. The public report noted some recommendations "that were judged too sensitive to reproduce" were left out of the abridged public version.

The Senate Appropriations Committee requested the report in 2008 to address ballooning security costs at NNSA, which have grown from $550 million in fiscal 2002 to more than $900 million in fiscal 2010. NNSA management has been questioned by the Government Accountability Office. In January, NNSA received a program management award from the nonprofit Project Management Institute for IT work relating to President Obama's Global Threat Reduction Initiative.

The NRC report warned against using a quantitative strategy -- which NRC was specifically tasked to evaluate -- to better assess security risks while keeping an eye on overall costs. "There is no comprehensive analytical basis for defining the attack strategies that a malicious, creative and deliberate adversary might employ," the report concluded. But it was acknowledged that a "rigorous assessment of security risk" would prove useful to NNSA.

In part, the report restated a line familiar to outside evaluators of NNSA: Serious communication and information issues within the agency continue to hinder its ability to manage projects and fulfill its mission.

To secure its facilities more efficiently, NNSA should better integrate its own security efforts and better coordinate with cooperating agencies, the report said: "Coordination, communication and joint exercises that include all relevant security organizations are necessary" to improve NNSA facility security.

NNSA spokesman Bill Gibbons told Government Executive his agency "has some of the most formidable, robust and layered physical security systems in the world to appropriately guard against any attempt by adversaries to compromise our facilities, systems, equipment or materials. Security is a top priority," he said.

"The NNSA appreciates the work of the National Academies to develop their report. The recommendations are very thoughtful and are consistent with NNSA's efforts to enhance our risk management processes and refine the vulnerability assessment program through our security reform initiative." He added that NNSA will work with other elements of the Energy Department, including the Office of Health, Safety and Security, "to analyze the recommendations and incorporate them into the ongoing reengineering of the NNSA's nuclear security management program as appropriate."

This story has been updated, to include NNSA's comment and to clarify the description of the report.

Stay up-to-date with federal news alerts and analysis — Sign up for GovExec's email newsletters.
Close [ x ] More from GovExec

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Sponsored by G Suite

    Cross-Agency Teamwork, Anytime and Anywhere

    Dan McCrae, director of IT service delivery division, National Oceanic and Atmospheric Administration (NOAA)

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

  • Federal IT Applications: Assessing Government's Core Drivers

    In order to better understand the current state of external and internal-facing agency workplace applications, Government Business Council (GBC) and Riverbed undertook an in-depth research study of federal employees. Overall, survey findings indicate that federal IT applications still face a gamut of challenges with regard to quality, reliability, and performance management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security


When you download a report, your information may be shared with the underwriters of that document.