The report faulted the National Nuclear Security Administration, a semi-autonomous agency within the Energy Department, for lacking a comprehensive understanding of different enemy attack scenarios that could threaten NNSA storage facilities, and warned that security at the agency's sites would remain "out of balance" without strengthened agency leadership and a "major shift in approach."
NNSA leaders also do not understand the full extent of the "interactions and dependencies among security [systems]," NRC asserted. Sarah Case, the NRC program officer who was study director of the report, declined to elaborate on the security interactions and dependencies referenced in the report, citing the full report's classified status. The public report noted some recommendations "that were judged too sensitive to reproduce" were left out of the abridged public version.
The Senate Appropriations Committee requested the report in 2008 to address ballooning security costs at NNSA, which have grown from $550 million in fiscal 2002 to more than $900 million in fiscal 2010. NNSA management has been questioned by the Government Accountability Office. In January, NNSA received a program management award from the nonprofit Project Management Institute for IT work relating to President Obama's Global Threat Reduction Initiative.
The NRC report warned against using a quantitative strategy -- which NRC was specifically tasked to evaluate -- to better assess security risks while keeping an eye on overall costs. "There is no comprehensive analytical basis for defining the attack strategies that a malicious, creative and deliberate adversary might employ," the report concluded. But it was acknowledged that a "rigorous assessment of security risk" would prove useful to NNSA.
In part, the report restated a line familiar to outside evaluators of NNSA: Serious communication and information issues within the agency continue to hinder its ability to manage projects and fulfill its mission.
To secure its facilities more efficiently, NNSA should better integrate its own security efforts and better coordinate with cooperating agencies, the report said: "Coordination, communication and joint exercises that include all relevant security organizations are necessary" to improve NNSA facility security.
NNSA spokesman Bill Gibbons told Government Executive his agency "has some of the most formidable, robust and layered physical security systems in the world to appropriately guard against any attempt by adversaries to compromise our facilities, systems, equipment or materials. Security is a top priority," he said.
"The NNSA appreciates the work of the National Academies to develop their report. The recommendations are very thoughtful and are consistent with NNSA's efforts to enhance our risk management processes and refine the vulnerability assessment program through our security reform initiative." He added that NNSA will work with other elements of the Energy Department, including the Office of Health, Safety and Security, "to analyze the recommendations and incorporate them into the ongoing reengineering of the NNSA's nuclear security management program as appropriate."
This story has been updated, to include NNSA's comment and to clarify the description of the report.