b"<html>\n<title> - RESULTS OF SECURITY INSPECTIONS AT THE DEPARTMENT OF ENERGY'S LAWRENCE LIVERMORE NATIONAL LABORATORY</title>\n<body><pre>[House Hearing, 106 Congress]\n[From the U.S. Government Printing Office]\n\n\n\n\n\n \nRESULTS OF SECURITY INSPECTIONS AT THE DEPARTMENT OF ENERGY'S LAWRENCE \n                     LIVERMORE NATIONAL LABORATORY\n\n=======================================================================\n\n                                HEARING\n\n                               before the\n\n                            SUBCOMMITTEE ON\n                      OVERSIGHT AND INVESTIGATIONS\n\n                                 of the\n\n                         COMMITTEE ON COMMERCE\n                        HOUSE OF REPRESENTATIVES\n\n                       ONE HUNDRED SIXTH CONGRESS\n\n                             FIRST SESSION\n\n                               __________\n\n                             JULY 20, 1999\n\n                               __________\n\n                           Serial No. 106-146\n\n                               __________\n\n            Printed for the use of the Committee on Commerce\n\n\n                     U.S. GOVERNMENT PRINTING OFFICE\n58-496CC                     WASHINGTON : 2000\n\n\n\n\n\n\n                         COMMITTEE ON COMMERCE\n\n                     TOM BLILEY, Virginia, Chairman\n\nW.J. ``BILLY'' TAUZIN, Louisiana     JOHN D. DINGELL, Michigan\nMICHAEL G. OXLEY, Ohio               HENRY A. WAXMAN, California\nMICHAEL BILIRAKIS, Florida           EDWARD J. MARKEY, Massachusetts\nJOE BARTON, Texas                    RALPH M. HALL, Texas\nFRED UPTON, Michigan                 RICK BOUCHER, Virginia\nCLIFF STEARNS, Florida               EDOLPHUS TOWNS, New York\nPAUL E. GILLMOR, Ohio                FRANK PALLONE, Jr., New Jersey\n  Vice Chairman                      SHERROD BROWN, Ohio\nJAMES C. GREENWOOD, Pennsylvania     BART GORDON, Tennessee\nCHRISTOPHER COX, California          PETER DEUTSCH, Florida\nNATHAN DEAL, Georgia                 BOBBY L. RUSH, Illinois\nSTEVE LARGENT, Oklahoma              ANNA G. ESHOO, California\nRICHARD BURR, North Carolina         RON KLINK, Pennsylvania\nBRIAN P. BILBRAY, California         BART STUPAK, Michigan\nED WHITFIELD, Kentucky               ELIOT L. ENGEL, New York\nGREG GANSKE, Iowa                    THOMAS C. SAWYER, Ohio\nCHARLIE NORWOOD, Georgia             ALBERT R. WYNN, Maryland\nTOM A. COBURN, Oklahoma              GENE GREEN, Texas\nRICK LAZIO, New York                 KAREN McCARTHY, Missouri\nBARBARA CUBIN, Wyoming               TED STRICKLAND, Ohio\nJAMES E. ROGAN, California           DIANA DeGETTE, Colorado\nJOHN SHIMKUS, Illinois               THOMAS M. BARRETT, Wisconsin\nHEATHER WILSON, New Mexico           BILL LUTHER, Minnesota\nJOHN B. SHADEGG, Arizona             LOIS CAPPS, California\nCHARLES W. ``CHIP'' PICKERING, \nMississippi\nVITO FOSSELLA, New York\nROY BLUNT, Missouri\nED BRYANT, Tennessee\nROBERT L. EHRLICH, Jr., Maryland\n\n                   James E. Derderian, Chief of Staff\n\n                   James D. Barnette, General Counsel\n\n      Reid P.F. Stuntz, Minority Staff Director and Chief Counsel\n\n                                 ______\n\n              Subcommittee on Oversight and Investigations\n\n                     FRED UPTON, Michigan, Chairman\n\nJOE BARTON, Texas                    RON KLINK, Pennsylvania\nCHRISTOPHER COX, California          HENRY A. WAXMAN, California\nRICHARD BURR, North Carolina         BART STUPAK, Michigan\n  Vice Chairman                      GENE GREEN, Texas\nBRIAN P. BILBRAY, California         KAREN McCARTHY, Missouri\nED WHITFIELD, Kentucky               TED STRICKLAND, Ohio\nGREG GANSKE, Iowa                    DIANA DeGETTE, Colorado\nROY BLUNT, Missouri                  JOHN D. DINGELL, Michigan,\nED BRYANT, Tennessee                   (Ex Officio)\nTOM BLILEY, Virginia,\n  (Ex Officio)\n\n                                  (ii)\n\n\n\n\n\n\n                            C O N T E N T S\n\n                               __________\n                                                                   Page\n\nTestimony of:\n    Podonsky, Glenn S., Deputy Assistant Secretary for Oversight, \n      Office of Environment, Safety and Health, Department of \n      Energy.....................................................     7\n    Tarter, C. Bruce, Director, Lawrence Livermore National \n      Laboratory; accompanied by: Martin Domagala, Richard \n      Mortensen, Jim Hirahara, Dennis Fisher, Don Wentz, Bill \n      Hensley, John Jones, and Barbara Stone.....................    11\n    Turner, James, Manager, Oakland Operations Office, Department \n      of Energy..................................................    19\n    Weigand, Gil, Deputy Assistant Secretary, Strategic Computing \n      and Simulation, Department of Energy.......................    17\n\n                                 (iii)\n\n  \n\n\nRESULTS OF SECURITY INSPECTIONS AT THE DEPARTMENT OF ENERGY'S LAWRENCE \n                     LIVERMORE NATIONAL LABORATORY\n\n                              ----------                              \n\n\n                         TUESDAY, JULY 20, 1999\n\n                  House of Representatives,\n                             Committee on Commerce,\n              Subcommittee on Oversight and Investigations,\n                                                    Washington, DC.\n    The subcommittee met, pursuant to notice, at 10 a.m., in \nroom 2322, Rayburn House Office Building, Hon. Fred Upton \n(chairman) presiding.\n    Members present: Representatives Upton, Burr, Bilbray, \nGanske, Blunt, Bryant, Klink, Stupak, Green, McCarthy, \nStrickland, and DeGette.\n    Also present: Representatives Norwood and Shimkus.\n    Staff present: Tom DiLenge, majority counsel; and Reid \nStuntz, minority staff director and chief counsel.\n    Mr. Upton. Good morning, everyone. The subcommittee will \ncome to order.\n    The subcommittee is meeting this morning to hold a hearing \non the results of recent security inspections at the DOE's \nLawrence Livermore lab. After members and witnesses have been \nrecognized for opening statements, the Chair will make a motion \nto hold the remainder of the hearing in executive session. The \nChair will recognize himself for an opening statement.\n    This hearing is a continuation of a classified briefing \nheld for members 3 weeks ago on the results of a recent DOE \ninspection of security at Lawrence Livermore. While that \nbriefing certainly was illuminating, the ability of members and \nstaff to question the witnesses, many of whom are here again \ntoday, was limited by the Department's decision to withhold the \ninspection report and related documents from the committee \nprior to that briefing.\n    Now that we do have the necessary materials and have had a \nchance to review the inspection report in detail, we have \ncalled today's hearing to dig deeper into some of the issues \nraised by this recent inspection. While much of what we discuss \ntoday will be classified and thus discussed behind closed \ndoors, some of what we have learned so far is unclassified and \ncan be and should be discussed publicly. In particular, those \nissues that bear on the seeming inability of the lab and \nDepartment to conduct effective security management and \noversight, to provide accurate information about the state of \nsecurity to policymakers in the Department, the White House and \ncertainly in the Congress, and to take prompt and effective \ncorrective actions with respect to identified vulnerabilities.\n    For example, there are numerous references in the recent \ninspection report to past findings of a similar serious and \nrecurring nature, findings that went uncorrected for years. In \nother cases, the lab and Department field offices failed during \ntheir own security reviews to identify serious issues found by \nthe recent independent inspection team and apparently did not \neven evaluate some significant areas of potential security \nconcern.\n    In still other cases, the lab and field office security \nassessments did reveal vulnerabilities similar to those \nidentified by the outside inspectors, but either corrective \naction was not taken or the program officials determined that \nthe risk was somehow acceptable; that is, until the independent \ninspectors recently put this unwanted spotlight on these \nissues. Despite the recurrence of unresolved deficiencies year \nafter year, we have found that Livermore has never been \nfinancially penalized for these significant security problems \nby the Department in its annual performance evaluations, at \nleast not in recent memory.\n    But even if Livermore had been given unsatisfactory \nsecurity ratings by its Department managers, security measures \nimpact only a very small portion of the financial performance \nfees that the lab can receive under the current contract. I \nbelieve that without a closer link between security performance \nand financial performance, lasting change at Livermore and \nelsewhere in the DOE complex will continue to prove elusive.\n    Finally, we have also learned from this recent Livermore \ninspection that we cannot always believe what we hear about the \nstatus of security reforms at the Department. In particular, \nthe lab directors and Secretary Richardson announced with much \nfanfare back in March a 9-point plan to undertake ambitious \ncomputer security upgrades on an even more ambitious timetable, \nreaching significant milestones within 30 days. And we were \ntold in mid-April that those milestones were reached or would \nbe reached within those 30 days, permitting these computer \nsystems to be brought back on line with enhanced security.\n    Yet now we find that not only did Livermore fail to reach \nsome important milestones as claimed, but that the lab thought \nit didn't really need to do what it had promised to do. And we \nfound out as well that some of what the lab directors and \nSecretary Richardson promised would be done simply is not \ntechnologically feasible at this time and certainly not within \nthe 30 days, which causes us all to worry that either they do \nnot know what they are talking about, or they are more \ninterested in the sound of the message than the reality of \ncomputer security.\n    I hope to explore these and related topics in detail after \nwe move into closed session. But I want to let the American \npeople know that this committee will continue to press the \nDepartment and its labs, including Livermore, to make the \nnecessary changes to improve their security. And we will \ncontinue to dig behind the rhetoric to unmask the reality so \nthat policymakers in both the executive and legislative \nbranches have accurate information upon which to make reasoned \npolicy judgments in this area.\n    I thank our witnesses for appearing before this committee \ntoday, and I will recognize the ranking member, Mr. Klink.\n    [The prepared statement of Hon. Fred Upton follows:]\n   Prepared Statement of Hon. Fred Upton, Chairman, Subcommittee on \n                      Oversight and Investigations\n    Today's hearing is the continuation of a classified briefing held \nfor Members three weeks ago on the results of a recent internal \nDepartment of Energy inspection of security at Lawrence Livermore \nNational Laboratory. While that briefing certainly was illuminating, \nthe ability of Members and staff to question the witnesses--many of \nwhom are here again today--was limited by the Department's decision to \nwithhold the inspection report and related documents from the Committee \nprior to that briefing. Now that we finally have received the necessary \nmaterials and have had a chance to review the inspection report in \ndetail, we have called today's hearing to dig deeper into some of the \nissues raised by this recent inspection.\n    While much of what we discuss today will be classified and thus \ndiscussed behind closed doors, some of what we have learned so far is \nunclassified and can and should be discussed publicly--in particular, \nthose issues that bear on the seeming inability of the lab and the \nDepartment to conduct effective security management and oversight, to \nprovide accurate information about the state of security to policy \nmakers in the Department, the White House, and in Congress, and to take \nprompt and effective correction actions with respect to identified \nvulnerabilities.\n    For example, there are numerous references in the recent inspection \nreport to past findings of a similar, serious, and recurring nature--\nfindings that went uncorrected for years. In other cases, the lab and \nDepartment field offices failed, during their own security reviews, to \nidentify serious issues found by the recent independent inspection \nteam, and apparently did not even evaluate some significant areas of \npotential security concern. In still other cases, the lab and field \noffice security assessments did reveal vulnerabilities similar to those \nidentified by the outside inspectors, but either corrective action was \nnot taken or the program officials determined that the risk was somehow \nacceptable--that is, until the independent inspectors recently put this \nunwanted spotlight on these issues.\n    And, despite the recurrence of unresolved deficiencies year after \nyear, we've learned that Livermore has never been financially penalized \nfor these significant security problems by the Department in its annual \ncontract performance evaluations--at least not in recent memory. But \neven if Livermore had been given unsatisfactory security ratings by its \nDepartment managers, security measures impact only a very small portion \nof the financial performance fees that the lab can receive under the \ncurrent contract. I believe that, without a closer link between \nsecurity performance and financial performance, lasting change at \nLivermore and elsewhere in the D-O-E complex will continue to prove \nelusive.\n    Finally, we've also learned from this recent Livermore inspection \nthat we can't always believe what we hear about the status of security \nreforms at the Department. In particular, the lab directors and \nSecretary Richardson announced with much fanfare back in March a Nine \nPoint Plan to undertake ambitious computer security upgrades on an even \nmore ambitious timetable--reaching significant milestones within only \n30 days. And we were told in mid-April that those milestones had in \nfact been reached or would be reached within those 30 days, permitting \nthese computer systems to be brought back on-line with enhanced \nsecurity.\n    Yet now we find out that not only did Livermore fail to reach some \nimportant milestones as claimed, but that the lab thought it didn't \nreally need to do exactly what it had promised to do. And we find out, \nas well, that some of what the lab directors and Secretary Richardson \npromised would be done simply is not technologically feasible at this \ntime or certainly not doable within 30 days--which causes me to worry \nthat either they don't know what they are talking about, or they are \nmore interested in the sound of the message than the reality of \ncomputer security.\n    I hope to explore these and related topics in detail, after we move \ninto the closed session. But I want to let the American people know \nthat this Committee will continue to press the Department and its labs, \nincluding Livermore, to make the necessary changes to improve their \nsecurity. And we will continue to dig behind the rhetoric to unmask the \nreality, so that policy makers in both the executive and legislative \nbranches have accurate information upon which to make reasoned policy \njudgments in this area.\n    I thank our witnesses for appearing before this Subcommittee today, \nand I will now recognize Ranking Member Klink, for an opening \nstatement.\n\n    Mr. Klink. Thank you, Mr. Chairman for holding this follow-\nup hearing. This committee was responsible for the \nestablishment of the Office of Security Evaluation back in the \nlate 1980's because of previous security crises at the Nation's \nweapons facility. Yet the Congress and the country has been \nrocked again by allegations that year of espionage and poor \nsecurity of all types at the Nation's weapons laboratories. \nBoth the Rudman report and internal reports from the Department \nof Energy have made it clear that security directives, even \nwhen issued by the President of the United States, were ignored \nand even flaunted by the laboratories and their scientists.\n    Senator Rudman spoke eloquently of the arrogant culture of \nthe laboratories but, inexplicably, he didn't think that the \ncontractors who run the facilities were responsible for \nsecurity, although their contracts specifically do give them \nthose jobs. All we have to do is look at Dr. Tarter's testimony \ntoday to find out who is in charge. Dr. Tarter magnanimously \nstates that he is committed to DOE, that he will fund and \nimplement the Secretary's 9-point information security action \nplan. Until reading his testimony, I didn't know Dr. Tarter had \nthat choice.\n    One of the key questions I hope that we can answer today, \nand I want to ask him, is whether Lawrence Livermore's contract \ngives the University of California the responsibility and the \nbudget for providing security for the Nation's weapons secrets, \nand if he has ever been hindered by the Department from \ncarrying out those responsibilities. Then I want to ask if he \nconsiders that this is an optional responsibility, depending on \nwhether or not he would like to carry it out.\n    Surprisingly, the response in Congress to these new \nallegations has been to propose legislation to give the \nlaboratories, the field offices that directly supervise them, \nand the Defense Programs operation more independence and lack \nof oversight than ever before. The Assistant Secretary for \nDefense Programs, who was finally asked to resign a few weeks \nago, last week came before another House committee and said \nthese problems were everyone's fault, but mostly they were not \nhis. He was praised for his fine work. This is the same person \nwho, according to testimony in the Senate by Notra Trulock \nearlier this year, stopped Mr. Trulock in 1997 from briefing \nformer Secretary Pena about alleged spying at Los Alamos \nbecause it might have a negative effect on his budget request.\n    Nothing we have heard in our recent hearings gives any \nindication that these changes will have the desired long-term \neffect in security, safety, or in any other areas. Last week in \nthe committee's hearing on the reorganization of the Department \nbeing proposed by various congressional committees, a variety \nof experts stated that these reorganizations would very \npossibly make the accountability situation worse than it is \nnow. This can only have a negative effect on security efforts.\n    Two weeks before that, we held a hearing on radiation \nsafety enforcement security at DOE weapons facilities, at which \nLawrence Livermore Laboratory was prominently featured because \nof the assessment of the largest fine in history of the \nDepartment for safety violations. And, again, there was great \nfrustration expressed by the Department's enforcement staff \nbecause of the recalcitrant attitude of the laboratory and the \nfailure of the field offices to force change.\n    The historically poor state of security at Lawrence \nLivermore's laboratory is more than evident from the lab \ndirector's testimony today of all the steps he is now taking to \nimprove security. I must ask why these actions were not taken \nyears ago. I look forward to obtaining a clear statement from \nLawrence Livermore and the University of California of their \nresponsibility for maintaining adequate security. Then perhaps \nthe next time this happens, perhaps the Congress will not fool \nitself about where the blame should lie.\n    With that, Mr. Chairman, I yield back my time.\n    Mr. Upton. Are there other members seeking to give an \nopening statement?\n    Mr. Burr. Mr. Chairman, just a brief one. I thank the \nchairman and I thank our witnesses for returning and for the \naddition of other ones. Let me suggest to you today that as we \nhave looked at this, three things have popped up: culture, \ncontractors and complacency, and I think those are the three \nareas that we need to deal with.\n    Culture, something that was not a factor over the last 12 \nmonths but possibly 12 or 20 years, the culture that has to be \nchanged, and that in fact the inspectors have recognized and \nhighlighted as one of the challenges that they have.\n    Contractors. From a standpoint that these in many cases are \nprojects that have never been bid, we have to look at the \nrelationship of the contract. We have to look at certain areas \nof the contract. One very glaring thing in your public \nstatement, Mr. Tarter, is that you refer to the marginal rating \nin materials and control and accountability as in the Annual \nReport to the President. Yet the report to the President under \nmaterials control and accountability is unsatisfactory. \nMarginal and unsatisfactory are completely different, by \ndefinition, but I think this gets at the heart of the cultural \nand the complacency problem, that we read them as in fact the \nsame. Complacency not only by contractors, but DOE, about a \nsense of urgency of addressing things that deal with national \nsecurity, deal with security of any corporation about secrets \nor about sensitive material that they have.\n    I am hopeful that as we move through this, Mr. Chairman, \nthat in a bipartisan way we can work with inspectors to make \nsure that we have an accurate way to gauge in the future not \nonly our progress but our success at maintaining the safeguards \nand securities that are needed.\n    I thank the chairman for the time and I yield back.\n    Mr. Upton. Mr. Stupak.\n    Mr. Stupak. Thank you, Mr. Chairman. I will be brief. Mr. \nChairman, we have had a number of hearings on this whole \nsituation, and I think back to the April 20 hearing in which we \ntalked about the real fundamental problem is the lack of \naccountability; that when things happen we, the U.S. \nGovernment, are not holding people accountable. And I think \nthat if we would do that, then these things would not recur \nwith such frequency.\n    Let me go back to what we have learned. We have had these \nconcerns brought up in 1976, 1982, 1988, 1992, 1997, and now \n1998 and 1999. And we always get assurances things will be \ndifferent, but they never are. They never are.\n    From the chairman's comments to Ranking Member Klink, to \neverybody here, they are frustrated and really not quite sure \nwhat we should do. So I think we should go back to our \nfundamental problem here, which is lack of responsibility and \naccountability.\n    So why we ever approved another 5-year extension for \nLivermore Lab is beyond me. I think we should start with \naccountability and responsibility and pull that contract today. \nMaybe then--maybe then people will understand we are serious \nabout this. I am not trying to pile on anyone, but I am just as \nfrustrated as anybody up here, and if we are really going to \nhave accountability and responsibility, then let us begin by \npulling that contract.\n    I yield back my time, Mr. Chairman.\n    Mr. Upton. Other members? Mr. Shimkus.\n    Mr. Shimkus. Thank you, Mr. Chairman. I just want to follow \nup on my colleague from Michigan's point. I believe that the \nonly way you can change the corporate culture is you remove the \npeople who are established in the culture of whatever, the \ncorporation, and we just don't do that. And some are the rules \nthat we have put in place protecting employees or contractors.\n    I would like to see swift change in that and I agree with \nmy colleague from Michigan that we ought to--this is something \nwe ought to micromanage for a while through yearly contracts, \nand I am willing to be involved in that. We have had enough, \nand I think the displeasure of Congress is going to be felt. I \nyield back the balance of my time.\n    Mr. Upton. Other members?\n    [Additional statements submitted for the record follow:]\n Prepared Statement of Hon. Tom Bliley, Chairman, Committee on Commerce\n    Thank you, Mr. Chairman. Today's hearing is the continuation of \nwhat I promised back in March. At that time, I promised that, in light \nof the breaking reports about lax security at our nuclear weapon labs, \nthis Committee would take a long, hard look at security at each of the \nmajor Department of Energy nuclear facilities, whose general management \nfalls within this Committee's primary jurisdiction.\n    But well before this recent security scandal, I directed Committee \nstaff to work with the General Accounting Office to re-evaluate the \nstatus of security at these facilities. I did so because of the \nDepartment's poor history in implementing lasting reforms--the last \nwave of which occurred in the early 1990s under then-Secretary Watkins. \nThat G-A-0 review is still underway, and today's hearing will \ncomplement that work by providing very timely information about one \nparticular and troublesome lab--Lawrence Livermore National Laboratory \nin California.\n    Let me state at the outset that Livermore is not being singled out \nby this Committee for criticism. Nor do I believe it is the worst \noffender. But Livermore was the first of the major labs to receive an \ninternal security inspection following the Department's claims of major \nsecurity reforms. Despite all of the high-profile attention that this \ntopic has received at Livermore and across the D-O-E complex since \nearlier this year, Livermore simply did not hold up well under this \nlatest scrutiny. While we cannot discuss the specifics of the report's \nfindings in this open session, I can say that some of them are simply \nstunning--and have left me scratching my head, wondering how on earth \nthings like this could have been happening for so long at a nuclear \nweapons lab without someone standing up and saying ``this must stop.''\n    Well, let me say that this, indeed, must stop. It is clear to me \nthat, without aggressive and sustained internal and external oversight, \nLivermore will never fully correct these deficiencies, and I hope that \nthis Committee's efforts to shine a spotlight on Livermore's troubles \nwill assist those within the lab and the Department who truly want to \nachieve reform rather than just talk about it.\n    I understand that the Department's internal inspection team is \ncurrently reviewing Sandia National Laboratory and plans to inspect Los \nAlamos in the near future as well. I expect that we will hold similar \nhearings on the findings of those inspections, too. I hope that the \nCommittee will not have to be prevented from gaining timely information \nabout those inspections as it was with respect to the Livermore report. \nIt troubles me that the Department forced excessive delays and my \nissuance of subpoenas to secure important materials for today's \nhearing.\n    This Committee has the absolute right to gain real-time and candid \ninformation about security at the Department's facilities. I am not \ninterested in DOE whitewashing, defensive posturing, or the \nAdministration's ``all is now well'' spin. And I intend to continue to \ntake whatever steps are necessary to secure security information in a \ntimely fashion. If the Secretary needs to rearrange his schedule to \nkeep one step ahead of this Committee's work, that's fine with me--I \ndon't know what other issue could be more important to him right now \nanyway. But I certainly won't let the Department continue to delay our \nreview of this matter, which is of pressing concern to our Nation's \nsecurity and to the American public.\n    Thank you, Mr. Chairman, for your continuing focus on this matter.\n\n    Mr. Upton. Okay. If not, if there are no further opening \nstatements, the Chair will recognize our witnesses: Dr. Gil \nWeigand, Deputy Assistant Secretary for Strategic Computing and \nSimulation at the Department of Energy; Mr. Glenn Podonsky, \nDeputy Assistant Secretary for Oversight, Office of \nEnvironment, Safety and Health at Department of Energy; Dr. \nJames Turner, Manager of the Oakland Operations Office at the \nDepartment of Energy; and Dr. Bruce Tarter, Director of \nLawrence Livermore National Lab.\n    I think all of you are aware that this subcommittee is an \ninvestigative subcommittee and, as such, we have always had the \nlong-term practice of taking testimony under oath. Do any of \nyou have objection to doing that?\n    We also advise you that each of you, under the Rules of the \nHouse, you are entitled to be advised by counsel. Do any of you \nhave desire to be advised by counsel?\n    If not, in that case if you would stand and raise your \nright hand, and also, I guess, include the folks that may be \ntestifying with you later on.\n    [Witnesses sworn.]\n    Mr. Upton. You are now under oath and you are now allowed \nto give, hopefully, a 5-minute summary of your written \nstatement and we will start with Mr. Podonsky. Welcome back.\n\nTESTIMONY OF GLENN S. PODONSKY, DEPUTY ASSISTANT SECRETARY FOR \nOVERSIGHT, OFFICE OF ENVIRONMENT, SAFETY AND HEALTH, DEPARTMENT \n   OF ENERGY; C. BRUCE TARTER, DIRECTOR, LAWRENCE LIVERMORE \n NATIONAL LABORATORY; ACCOMPANIED BY: MARTIN DOMAGALA, RICHARD \n    MORTENSEN, JIM HIRAHARA, DENNIS FISHER, DON WENTZ, BILL \n  HENSLEY, JOHN JONES, AND BARBARA STONE; GIL WEIGAND, DEPUTY \n   ASSISTANT SECRETARY, STRATEGIC COMPUTING AND SIMULATION, \n   DEPARTMENT OF ENERGY; AND JAMES TURNER, MANAGER, OAKLAND \n            OPERATIONS OFFICE, DEPARTMENT OF ENERGY\n\n    Mr. Podonsky. Thank you, Mr. Chairman. I appreciate the \nopportunity to again appear before the committee to discuss the \nOffice of Independent Oversight and Inspection of the Lawrence \nLivermore National Laboratory. Just for clarification, I am now \nthe director of the newly created Office of Independent \nOversight and Performance.\n    As you know, we provided a classified briefing to members \nof this committee on July 1 on the results of our May 1999 \ninspection of safeguards and security programs at the Lawrence \nLivermore National Laboratory. At the briefing, we also \nprovided copies of the classified inspection report.\n    At this time, I would also like to introduce Ms. Barbara \nStone who is sitting behind me, who is the Director of the \nOffice of Security Evaluations. Ms. Stone was unable to appear \nat the July 1 briefing as she was away on a much needed \nvacation. At that briefing we had Mr. John Hyndman, who is now \nengaged in the inspection of Sandia National Laboratory where \nMs. Stone and I will be proceeding immediately following this \nhearing.\n    For the benefit of those who were unable to attend the July \n1 briefing, I would like to provide some background on who we \nare. My office is responsible for providing the Secretary an \nindependent, impartial view of the effectiveness and safeguards \nof security, cybersecurity and emergency management policies \nand programs throughout the Department of Energy. The Office of \nSecurity Evaluations which performed the inspection at Lawrence \nLivermore National Laboratory is one of the three offices that \nreport to me.\n    As you may recall, the Office of Security Evaluations was \noriginally established in 1984 to provide the Energy Department \nan independent assessment on the effectiveness of safeguards \nand security policies and programs throughout the Department. \nCongressman Dingell and Congressman Bliley were instrumental in \nthe formation of that office.\n    As part of Secretary Richardson's recent effort to \nstrengthen independent oversight of safeguards and security, \nthe Office of Independent Oversight and Performance has now \nbeen elevated to report directly to him.\n    Now, I would like to take a minute to provide an \nunclassified summary of the May Livermore inspection. Our \noverall conclusion was that improvements were being made at \nLivermore but significant weaknesses remained to be addressed. \nFor example, we saw improvements in the intrusion detection \nsystems and significant progress to improve classified \ninformation on computer systems. However, we identified \nweaknesses that warrant continued attention in a number of \nareas. One of the weaknesses involved inadequate vulnerability \nassessments of the Superblock which is the area at Livermore \nwhere special nuclear material is used and stored. We also \nnoted weaknesses in some aspects of Livermore's ability to \naccurately measure some types of nuclear materials. Other \nweaknesses were evident in Livermore's programs for protecting \nclassified and sensitive information.\n    We identified weaknesses in their methods for storage of \nclassified parts and some of the control of access areas \ncontaining classified matter. We were also concerned about \nforeign nationals being able to access Livermore unclassified \ncomputers through dial-up access. We noted that some aspects of \nthe 9-point security plan for cybersecurity, which is a plan \nfor improving classified information, required some work. Let \nme emphasize that these weaknesses warrant significant \nattention and require prompt action; however, as I told this \ncommittee during the briefing on July 1, we believe that the \nresponsible line managers which are here today from the Office \nof Defense Programs, the Oakland Operations Office, and \nLivermore National Laboratory, are taking the inspection report \nseriously now.\n    Although the formal inspection ended in May, the Office of \nIndependent Oversight has continued to follow up on the \nprogress to address identified deficiencies. We have been in \nfrequent contact with the responsible DOE and Livermore \nmanagers since the inspection ended. Our follow-up efforts \nindicated that corrective actions are underway. For example, at \nthe time of our July 1 briefing to this committee and as part \nof our follow-up, my office sent our inspectors back to \nLivermore to review progress at Superblock in the areas of \nmodeling and testing, which is needed to verify the \neffectiveness of the protective strategy and response plan at \nLivermore.\n    Since the May 1999 inspection, Livermore has developed and \nis implementing a program of testing and modeling that is \nappropriate for verifying the effectiveness of protective force \nresponse. Livermore has also placed additional protective force \npersonnel in the Superblock to improve response capability \nunder the new protective strategy as defined. The Office of \nOversight will continue to conduct follow-up visits and perform \nindependent testing to verify the effectiveness of Livermore's \ncorrective actions.\n    In summary, I would like to say that the deficiencies at \nLivermore appear to be receding with a high level of management \nattention now. It is clear throughout the DOE management chain \nthat the efforts to improve safeguards and security have the \npersonal attention and support of Secretary Richardson. While \nnot diminishing the significance of the deficiencies identified \nby my inspectors, our follow-up efforts indicate that \ncorrective actions are being taken to address the \nvulnerabilities that we have identified.\n    As I previously stated on July 1, this has not always been \nthe case in our experience at the Department of Energy. We have \nseen countless reports, including many of ours, where plans and \ncorrective actions were made with little effect. But we believe \nSecretary Richardson has made and continues to make a \nsignificant difference. He is a Secretary who is completely \nengaged. This is why we are confident that corrective actions \nwill now be taken.\n    However, I assure you that the Office of Independent \nOversight will continue to follow up and make certain that \nthese corrective actions are effective. And as I stated in the \nJuly 1 briefing, we will trust but we will continue to verify. \nThank you, Mr. Chairman.\n    [The prepared statement of Glenn S. Podonsky follows:]\n     Prepared Statement of Glenn S. Podonsky, Office of Office of \n Independent Oversight and Performance Assurance, Department of Energy\n    Thank you Mr. Chairman. I appreciate the opportunity to again \nappear before this committee to discuss the recent Office of \nIndependent Oversight inspection of the Lawrence Livermore National \nLaboratory.\n    I am the Director of the newly created Office of Independent \nOversight and Performance Assurance. As you know, we provided a \nclassified briefing to members of this committee on July 1st on the \nresults of our May 1999 inspection of safeguards and security programs \nat the Livermore National Laboratory. At that briefing, we provided \ncopies of the inspection report to the Committee.\n    At this time, I would like to introduce Ms. Barbara Stone, Director \nof the Office of Security Evaluations. Ms. Stone was unable to attend \nthe July 1st briefing as she was away on a much-needed vacation. At \nthat briefing, Mr. John Hyndman provided some details on the Livermore \ninspection results. Mr. Hyndman is now engaged in an inspection of \nSandia National Laboratories as part of our ongoing effort to review \nall three of the major weapons laboratories.\n    For the benefit of those who were unable to attend the July 1st \nbriefing, I would like to provide some background on who we are. My \noffice is responsible for providing the Secretary an independent, \nimpartial view of the effectiveness of Safeguards and Security, Cyber \nSecurity, and Emergency Management policies and programs throughout the \nDepartment of Energy. The Office of Security Evaluations performed the \ninspection of the Livermore Laboratory. It is one of three offices that \nreport to me. As you may recall, the Office of Security Evaluations was \noriginally established in 1984 to provide the Energy Department an \nindependent assessment of the effectiveness of Safeguards and Security \npolicies and programs throughout the Department. Congressman Dingell \nand Congressman Bliley were instrumental in the formation of this \noffice. As part of Secretary Richardson's recent efforts to strengthen \nindependent oversight of safeguards and security, the Office of \nIndependent Oversight and Performance Assurance has been elevated to \nreport directly to the Secretary.\n    Now, I will take just a minute to provide an unclassified summary \nof the results of the May Livermore inspection. Our overall conclusion \nwas that improvements were being made at Livermore, but that \nsignificant weaknesses remain to be addressed. For example, we saw \nimprovements in the intrusion detection systems and significant \nprogress to improve the security of classified information on computer \nsystems. However, we identified weaknesses that warrant continuous \nattention in a number of areas. One of the weaknesses involved \ninadequate vulnerability assessments of the Superblock, which is the \narea at Livermore where special nuclear material is used and stored. We \nalso noted weaknesses in some aspects of Livermore's ability to \naccurately measure some types of nuclear materials. Other weaknesses \nwere evident in Livermore's programs for protecting classified and \nsensitive information. We identified weaknesses in the methods for \nstorage of classified parts and in some of the controls on access to \nareas containing classified matter. We were also concerned about \nforeign nationals being able to access Livermore's unclassified \ncomputers through dial up access. We noted that some aspects of the \n``nine-point'' plan, which is a DOE plan for improving security of \nclassified information, required work.\n    Let me emphasize that these weaknesses warrant significant \nattention and require prompt action. However, as I told you during the \nbriefing on July 1st, we believe that the responsible line managers, \nwhich include the Office of Defense Programs, the Oakland Operations \nOffice, and, and the Lawrence Livermore National Laboratory contractor \nmanagement team, are taking the inspection report seriously.\n    Although the formal inspection ended in May, the Office of \nIndependent Oversight has continued to follow-up on the progress to \naddress identified deficiencies. We have been in frequent contact with \nthe responsible DOE and Livermore managers since the inspection ended. \nOur follow-up efforts indicate that corrective actions are underway. \nFor example, at the time of our July 1st briefing to this committee, \nand as part of our follow-up efforts, my office sent our inspectors \nback to Livermore to review progress at the Superblock in the areas of \nmodeling and testing, which is needed to verify the effectiveness of \nthe protection strategy and response plan at Livermore. Since the May \n1999 inspection, Livermore has developed and is implementing a program \nof testing and modeling that is appropriate for verifying the \neffectiveness of the protective force response. Livermore also has \nplaced additional protective force personnel in the Superblock to \nimprove response capability until the new protection strategy is \ndetermined.\n    The Office of Independent Oversight will continue to conduct \nfollow-up visits and perform independent testing to verify the \neffectiveness of Livermore's corrective actions.\n    In closing, I would like to say that the deficiencies at Livermore \nappear to be receiving a high level of management attention. It is \nclear throughout the DOE management chain that the efforts to improve \nsafeguards and security have the personal attention and support of \nSecretary Richardson. While not diminishing the significance of the \ndeficiencies identified in our report, our follow-up efforts indicate \nthat corrective actions are being taken on the vulnerabilities we have \nidentified. As I have previously stated, this has not always been the \ncase in our experiences with the Department. We have seen countless \nreports, including many of ours, where commitment, plans, and \ncorrective actions were made with little results. But, we believe \nSecretary Richardson has made, and continues to make, a significant \ndifference. He is a Secretary who is completely engaged. This is why we \nhave confidence that corrective actions will be taken. However, I \nassure you that the Office of Independent Oversight will continue to \nfollow-up to make certain that the corrective actions are effective. As \nI indicted at the July 1st briefing, we will trust, but we will verify.\n    Thank you again Mr. Chairman, we are now ready for your questions.\n\n    Mr. Upton. Dr. Tarter--by the way, Mr. Podonsky, we did \nwant to receive copies of your testimony in advance. Would it \nbe possible maybe for one of our clerks to get a copy of your \nopening remarks there, and we will make copies for members here \nin time for the questions. Could someone maybe do that for me?\n\n                  TESTIMONY OF C. BRUCE TARTER\n\n    Mr. Tarter. Thank you, Mr. Chairman. Let me begin with a \nbrief statement which is, I think, part of the opening page in \nmy testimony. But, as I think all of you know, we are a \nnational security laboratory. Nearly all of the work of the \nlaboratory is focused on national security. And my particular \nhighest responsibility each year is to certify certainly to the \nPresident of the United States that the United States stockpile \nof nuclear weapons is safe and reliable. That is the focus of \nthe laboratory. And obviously being able to carry out \noperations in a safe and secure manner is an essential \ningredient in making that annual certification to the President \nwhich we have now been able to make--this year will be the \nfourth year we have formally made that recommendation on the \nweapons in our stockpile.\n    To do that, we have three kinds of security at the \nlaboratory. There is physical security, there is cybersecurity, \nand there is essentially what I would call personnel security. \nAnd I think the OSE evaluation focused primarily on physical \nsecurity and cybersecurity, and I will make a comment or two \nabout those, and then I will also make an additional comment \nabout personnel security, which I think is equally important \nbut is not the specific subject of the OSE evaluation.\n    In physical security, I think the area which Mr. Podonsky \nhas mentioned of greatest concern, and I think to some degree \nof greatest difficulty, is that involving the guarding of \nspecial nuclear materials. And I think in all of these areas in \nphysical security and cybersecurity as well as the personnel \nsecurity, three factors come into play. One, the threat \nchanges. The threat evolves. And I think one of the major \nfeatures of the annual OSE evaluation is not to review the same \nset of issues each year, but to engage the threat as it's \nevolving and also technology as it's evolving in order to meet \nthat threat.\n    In the area of physical security, I think, as Mr. Podonsky \nindicated, that we are focused very well on a plan involving a \nhigher level of technology to provide the assurances and \nsimulations to guarantee the safety of the special nuclear \nmaterials. And I think that plan--he described it both in your \nprevious hearing, and we are in an iterative process with the \nDepartment to assure that we will reach closure on that in the \nnear future.\n    In the area of cybersecurity--and I have testified to this \nin several other hearings in the past months--I think it is a \ncomplicated area for the U.S. Government. And I think Dr. \nWeigand may in his own testimony--Dr. Weigand is a particular \nexpert in this area--make additional comments. This is not a \nsimple thing, whether you are the Bank of America, a national \nsecurity laboratory, or perhaps even Congress.\n    Technology is evolving very rapidly, and I think this is a \ncomplex area.\n    I believe you, Mr. Klink, asked about our commitment. My \ncommitment in the area of cybersecurity goes beyond that needed \nto simply satisfy the OSE evaluation. I think because of the \nhigh reliance on cyberwork in our programmatic work, as well as \nits high vulnerability as part of intrinsic security, I am \ncommitted to not just passing the bar, but passing it with a \nsignificant gap. I think we have to do much better and I think \nwe have begun to be engaged with the other pieces of the U.S. \nGovernment, the National Security Administration, the \nDepartment of Defense and other areas to try to make the best \ntechnology fit into cybersecurity.\n    Let me remind the committee of one issue which has been \nbrought out in the evaluations, but just again to reemphasize--\nat Livermore, as is true at other national security \nlaboratories, there are two kinds of computers and computer \nnetworks. There is a classified computer network in which \nalmost all of the national security work is done, the design of \nbombs, the assessment of nuclear intelligence from other \ncountries, all of those issues. And that computer system has no \nelectronic links to any of the unclassified computer systems. \nIt can't get there. There is an air gap as big as between your \ndesk and mine. There is no way to transmit information between \nthose two systems.\n    In the area of cybersecurity we have, I think on our own \nbut also as a result of the Secretary's strong emphasis in this \narea, reinforced the security of the classified network and all \nof the classified computing.\n    In addition, I think we have as part of the 9-point plan, \nas part of the additional measures we have taken, we have taken \na number of steps to enhance even further the general security \nof the unclassified computer networks. Again, as I think all of \nyou know, that is not a technologically simple exercise to do. \nAnd I think Dr. Weigand may wish to comment on that, but I \nthink we are putting major resources and major effort into the \ntechnology and the interactions necessary to accomplish that.\n    The third piece of security at the laboratory involves \npersonnel security. And this is a matter of basically having \nthe people who work at the laboratory and national security be \nreliable and be trusted people. Now, that is not the job of the \nlaboratory, that is the job of the Department of Energy to \nclear them at the proper level. But it is the job of the \nlaboratory to basically have a counterintelligence program \nwhich assesses threats, assesses interactions, and makes \nrecommendations on how we can best both train the employees, \ntrain the system to sense vulnerabilities and to sense the \nthreat, and the whole variety of issues that come under the \nword ``counterintelligence.''\n    I believe at our laboratory--and it has been put into the \nrecord in testimony not by people from the laboratory but by \npeople from the Department--that we have an excellent, an \noutstanding at some levels, counterintelligence program. And I \nthink in many respects, ensuring that that program is on a par \nwith the best in the world is equally important to the physical \nand the cybersecurity. And I think we have spent a great deal \nof time in the two standdowns, security immersion things in \ntraining and educating the people on a threat, on the \nvulnerabilities, which both because of technology and because \nof the evolving world general political structure, are very, \nvery different than they were in 1985 or 1990; and that, I \nthink, is why I believe the OSE inspections are a healthy \nthing. I think finding issues--an OSE team that could not find \nissues, I think wouldn't be a good OSE team. The laboratory \nthat did not have corrective action plans to respond to those \nwould not be an appropriate thing. To have a clean perfect \nrecord is neither testing us nor their system.\n    So I believe that process is a healthy process. I think the \ntension is a healthy tension and I think we're engaged in that \nprocess very well today. And when I made my comment about \ncommitment, I think the commitment again is not this year, or \nother years, simply now to pass the bar but to pass the bar \nwith a sufficient measure, a gap that in fact it will provide \nconfidence in the Congress as well as in the Department that in \nfact the laboratory and its facilities are secure. Thank you \nvery much Mr. Chairman.\n    [The prepared statement of C. Bruce Tarter follows:]\n  Prepared Statement of C. Bruce Tarter, Director, Lawrence Livermore \n             National Laboratory, University of California\n\n                            OPENING REMARKS\n    Mr. Chairman and members of the committee, I am the Director of the \nLawrence Livermore National Laboratory (LLNL). Our Laboratory was \nfounded in 1952 as a nuclear weapons laboratory, and national security \ncontinues to be our central mission. Livermore is a principal \nparticipant in the Department of Energy's Stockpile Stewardship \nProgram, heavily involved in programs to prevent the proliferation of \nweapons of mass destruction, and engaged in energy, environmental, and \nbioscience R&D as well as industrial applications of our core \ntechnologies.\n    Our National Security mission and safeguards and security are \ninextricably linked, and we take both of them very seriously at \nLivermore. We cannot carry out our National Security mission \neffectively without appropriate protection of classified and sensitive \ninformation and materials. Like National Security, safeguards and \nsecurity continues to evolve in terms of requirements and objectives. \nWe have an extensive security and counterintelligence infrastructure in \nplace at our Laboratory, and we continually make adjustments and \nupgrades to address new threats and concerns. Through a process of \ninternal self-assessments, technical consultants, and external reviews, \nwe ensure our readiness to deal with a broad spectrum of threats. At \nLivermore, we believe our Special Nuclear Materials (SNM) and sensitive \nand classified information are secure.\n    The review recently conducted by the Office of Security Evaluations \n(OSE) was helpful in identifying areas for improvement. The OSE \nconcluded that in two key areas, Physical Security which deals with the \ntechnical systems that help protect Special Nuclear Material, and \nClassified Cyber Security, which deals with the protection of our \nclassified computing networks, the Laboratory received the highest \npossible rating.\n    That is not to say we do not have work to do. Opportunities for \nimprovement were noted in all areas of the OSE report, and the \nLaboratory is firmly committed to addressing them. I would like to \nassure you that the concerns raised in the OSE report are receiving \nhigh priority, and resources are being made available by the Laboratory \nto address them.\n    We have invested heavily in enhanced employee training in security \nat Livermore. In April, we underwent an intensive two-day cyber \nsecurity stand-down in which we addressed not only cyber security, but \nalso conducted formal sessions on general security requirements and \ncounterintelligence. In June, in response to Secretary Richardson's 5-\npoint Security Immersion Program, we ceased all normal operations for \ntwo additional days of security training. Our employees were fully \nengaged in these training programs, and have made many suggestions for \nfurther improving security.\n    One concern raised by the OSE team had to do with the mixed Q and L \nclearance environment in the Limited Area of the Laboratory. In recent \nyears, DOE's goal has been to reduce the number of Q clearances. This \nhas been accompanied by an increase in the number of individuals having \nan L clearance. These are individuals who are allowed physical access \nto the Limited Area but who do not have access to weapons data. For the \nrecord, I would like to note that there are no foreign nationals at \nLLNL with an L clearance. Any LLNL foreign national visiting the \nLimited Areas has always required an escort. Within the Limited Area, \nwe rely largely on administrative controls to prohibit access to \nclassified information by L-cleared personnel. We believe that, \nalthough well intended, the reduction in Q clearances has lessened \nsecurity, and we would like to see funding made available for Q-\nclearances for all personnel requiring access to the Limited Area of \nthe Laboratory.\n    The Annual Report to the President on Safeguards and Security rated \nLLNL ``Unsatisfactory'' in the area of Materials Control and \nAccountability (MC&A) and ``Marginal'' overall. More recently, the \nApril/May OSE Inspection rated LLNL ``Marginal'' in this MC&A area. In \na letter to Assistant Secretary Vic Reis dated May 14, 1999, I \npersonally assured him that the Laboratory was committed to rectifying \nthe rating in MC&A before the end of the calendar year. I would like to \nnote that we are on schedule in our action plan, with most actions \nalready complete. Similarly, in that same letter to Dr. Reis, I \ncommitted to funding and implementing the LLNL Tri-Lab INFOSEC Action \nPlan as approved by DOE. Again, many actions have already been \ncompleted and we continue to be on schedule. I note these formal \ncommitments in that they also address some of the concerns raised in \nthe OSE evaluation.\n    The OSE team was careful to note in their report major improvements \nmade in the Safeguards and Security program to address past concerns, \nand these improvements are continuing. There have been important \ntechnical upgrades to the Perimeter Intrusion Detection and Alarm \nSystem (PIDAS) that surrounds our Superblock, which contains our \nPlutonium facility, to provide early detection of both airborne and \nbridging attacks. We have recruited and put in place an offensively \ntrained Special Response Team having the training necessary to \nimplement a recovery or recapture action. One hundred percent searches \nare conducted at material access area portals in the Plutonium \nFacility. Over 100 simulations of adversary attacks have been \ncompleted, and we are continuing to refine our simulation methodology, \nattack scenarios, and defensive strategies. We have engaged an external \nadvisory group of very senior former military and FBI experts to advise \nus in this work. Since the completion of the OSE SE we have committed \nadditional officers to the Superblock and taken other compensatory \nmeasures to assure the security of our SNM assets.\n    Other improvements noted in the OSE report include the installation \nof an intrusion detection system in a building inside the Limited Area \nused for the storage of classified non-SNM weapons parts. Alarm systems \nare now in design for two other facilities in the Limited Area. Foreign \nOwnership, Control or Influence (FOCI) reviews of all contractors have \nbeen completed. A baseline inventory of plutonium has been completed, \nand improved procedures to ensure effective and timely accounting for \nany inventory differences have been put in place.\n    In the area of cyber security, we have already implemented many \nelements of the Tri-Lab Committee's ``nine point plan.'' For example, \nsteps have been taken to ensure the physical incompatibility of \nremovable media between classified and nearby unclassified computer \nsystems. Scanning of outgoing e-mail has been instituted, and funding \nhas been committed for implementation of a multi-level system that will \nseparate sensitive unclassified computer processing from the remainder \nof unclassified processing. The frequency of vulnerability scans of \nnetwork computers is being increased, and unclassified archives are \nbeing scanned for classified content. To date over 4 million files have \nbeen scanned, and no classified content has been found. Procedures for \nauthorizing access to unclassified computers by foreign nationals have \nbeen tightened, and today no foreign nationals have access to Livermore \nunclassified computer networks without having gone through an indices \ncheck and having a formal computer security plan approved by the \nLaboratory. All dial-up access by foreign nationals is routed through a \ncommon terminal server which has special intrusion detection software.\n    In summary, safeguards and security go hand in hand with our \nNational Security mission at Livermore. We are committed to an \nexcellent safeguards and security program, and have been taking, and \nwill continue to take, the steps necessary to achieve it.\n\n                     PHYSICAL SECURITY AT LIVERMORE\n    Livermore's security construct is based on a series of defensive \nlayers--a graded approach that provides increasing barriers that \ncorrespond to the increasing value of critical Laboratory assets.\n    Clearances, badging, and background checks on Laboratory employees \n(including subcontractors) constitute a first line of defense. Those \npeople with access to classified assets undergo background \ninvestigations associated with DOE Q, L or sensitive compartmented \ninformation (SCI) clearances as appropriate. Reinvestigations are \nscheduled automatically at five-year intervals or as needed on a for-\ncause basis.\n    Livermore uses a defense-in-depth approach to physical barriers--\nfences, doors, repositories, and vaults. The Laboratory's outer \nperimeter fence provides the basic physical protection to U.S. \ngovernment property. Additional protection is provided for ``limited'' \nareas where classified assets are present. The level of clearance \nrequired to freely transit these areas is also higher. Classified parts \nand materials are provided additional physical protection and access \ncontrol. Significant quantities of special nuclear material receive the \nhighest level of protection, with vault-like physical protection as \nwell as aggressive armed defense and response capabilities.\n    At each physical barrier (e.g., fence, building, vault), there are \nvarious levels of access control. Access control is performed either by \nsecurity officers or automated security access portals. At more \nrestricted areas, access is checked against specific access lists. \nNeed-to-know is required, in addition to the appropriate clearance, \nbefore an individual is allowed access to classified assets.\n    The Laboratory employs security officers who are fully trained and \naccredited to meet DOE criteria. The level of training varies with the \nassignment (defensive, offensive, or special response). We currently \nhave over 40 offensively trained officers in our Special Response Team \nand have a new group beginning academy training next month. Training is \nextensive and performance based. The security force undergoes regular \nperformance tests, self-assessments, DOE surveillance, and inspections.\n    Physical security is designed into new facilities and facility \nmodifications. Detection systems are continuously monitored and \nroutinely tested. The Laboratory's security system is prepared for \narmed response to all unauthorized intrusions.\n    In the Annual Report to the President on Safeguards and Security we \nreceived a ``Marginal'' rating overall but, an ``Unsatisfactory'' \nrating in MC&A. The issue involved our inability to meet SNM inventory \nrequirements at a time when the Plutonium Facility was shut down to \naddress safety concerns, preventing monitoring and measurements. Now \nthat safety concerns have been addressed and the facility reopened, we \nhave resumed all special nuclear material measurements and inventory \nmonitoring and we believe we will be in compliance with DOE \nrequirements.\n    We have high confidence in our Safeguards and Security programs and \nin the security of our critical assets. We have implemented technical \nand procedural enhancements to strengthen our physical security, \nremedied material control and accounting deficiencies, and fully \nupgraded our strategy to protect nuclear material at our Laboratory.\n\n                      CYBER SECURITY AT LIVERMORE\n    Cyber or computer security is a critical element of Livermore's \noverall security construct. The Laboratory has both classified computer \nnetworks and unclassified computer networks. The two are separate and \nare not connected. We also have numerous stand-alone computer systems \nand local area networks in both classified and unclassified areas. \nThere are no connections from Livermore's classified computers to the \noutside world except through NSA-approved encryption.\n    In addition to physical barriers between the unclassified and \nclassified computing environments at Livermore, there are need-to-know \nbarriers within the classified computer systems. Access to a classified \ncomputing network does not grant users access to all the information in \nthat network. The same need-to-know requirements that apply to verbally \ncommunicated information and documents also apply to computer-stored \ninformation.\n    Recent concerns about espionage involving computer-based \ninformation and codes spurred a thorough reassessment of computer \nsecurity at our Laboratory, including threat awareness and training. We \nsupport the Secretary of Energy's cyber security initiative and are \ncontributing to his INFOSEC planning.\n    On April 2, 1999, the Secretary of Energy called for a stand-down \nof all classified computing at the three DOE national security \nlaboratories. At Livermore, we went even further and shut down all \nclassified computing, all co-located unclassified computing, and all \nunclassified supercomputing. The stand-down was the first step of a \nTri-Lab INFOSEC Action Plan that has been developed and approved by \nSecretary Richardson. The plan consists of nine action items with \nspecific scheduled milestones. We have met all milestones to date. We \nwill continue working with the DOE Office of Chief Information Officer \n(CIO) to fully implement the Tri-Lab INFOSEC Action Plan and further \nenhance cyber security at the Laboratory.\n    In addition, on June 21-22, we conducted a two-day-long Security \nImmersion Program at Livermore to accelerate the security initiatives \nlaunched by Secretary Richardson in April. Supervisors were instructed \nto ensure that all Laboratory employees complete the program, which was \ndirected toward five objectives identified by the Secretary to \nstrengthen security at the laboratories, assessing security issues in \nindividual work areas, and applying what has been learned to each \nindividual's workplace.\n    We have taken dramatic steps to focus the attention of all \nLaboratory employees on the threat of foreign intelligence sources as \nrelated to cyber security. All employees (including those who do not \nnormally use computers but could have need or access in the future) \nreceived special computer security training. We also trained \nsubcontractor employees and consultants. All computing was discontinued \nuntil training was complete for all employees on site. Employees who \nwere on travel or leave were trained immediately upon their return. In \naddition, we have since expanded our on-going computer security \ntraining and threat awareness training for all Laboratory personnel \nusing classified computers. This training is unclassified and \naccessible via a website to make it readily available to our employees \nand easy to update.\n    Every computer work area and environment at Livermore was evaluated \nand changes were made as necessary to ensure that LLNL classified and \nsensitive computing meet the highest standards of information security. \nIn particular:\n\n<bullet> We have also taken measures to preclude the transfer of \n        information from classified to unclassified computers in a \n        single work area by the use of removable media.\n<bullet> We have instituted two-person controls over the authorized \n        transfer of unclassified information from classified computers \n        to unclassified computers.\n<bullet> Until a more permanent security fix is in place, since April \n        2, 1999, we have temporarily disabled the file interchange \n        system on the classified supercomputer so that it is impossible \n        to transfer files from the classified supercomputers or the \n        archives to an unclassified computer.\n<bullet> We also have begun to scan outgoing presumably unclassified e-\n        mail as well as computer files for possible sensitive or \n        classified information. To date, we have scanned over 4 million \n        files in our effort to ensure there is no classified material \n        in unclassified computer files. No issues have arisen.\n<bullet> We have strong need-to-know controls on our classified \n        network; yet we are investigating ways to provide an even \n        greater level of protection. We are also studying how to apply \n        these same concepts to the unclassified systems to provide \n        better protection to unclassified sensitive information.\nIn addition, I have also created a Computer Security Policy Board \ncomprised of senior managers to both develop policies and advise me on \nmatters related to unclassified computer security. (Classified computer \nsecurity policy is defined by DOE Orders.)\n    On our unclassified computing network, we are improving the way we \nprotect unclassified sensitive information. Some information must be \navailable worldwide, but other information must be protected for \nprivacy, proprietary, or export control reasons. We are implementing \nadditional ``firewalls'' within our unclassified network to separate \nfully accessible information from unclassified sensitive information. \nFor several years, Livermore has had an ongoing program to annually \nscan/audit a sub-set of its unclassified computer systems for security \nvulnerabilities. We have expanded this policy so that now all \nunclassified computer systems must be scanned at least once a year and \nthat appropriate correction/fixes to detect vulnerabilities must be \nundertaken immediately.\n    The Laboratory has long had a policy of monitoring users accessing \nour computer resources via the Internet. We have now expanded our \nmonitoring to cover all dial in access to Livermore computers. Any \nForeign Nationals (FNs) with dial-in capabilities are monitored. \nAdditionally, any FN granted access to unclassified computer resources \nmust first have a programmatic justification of need by the sponsoring \nLaboratory program and an approved security plan on record for each FN. \nThe Laboratory required that all FNs with access to computer resources \nhad to be recertified by June 30, 1999. No one was ``grandfathered'' in \nunder our process and those not recertified are being denied access to \nthe computer resources. Certification refers to having a programmatic \njustification and a security plan in place. Livermore will require that \nall FNs granted access to Laboratory computer resources must be \nprocessed through the Foreign Visits and Assignments Office. This will \nensure that any FN with access to Laboratory computer resources will \nhave met the necessary criteria and that their access to computer \nresources is being monitored.\n    Finally, our Laboratory is working with personnel at Sandia, Los \nAlamos, and DOE to develop a ``best in practice'' plan for cyber \nsecurity. So far, we have completed a benchmarking of several \norganizations inside and outside of the government to determine what \nothers are doing to protect information from both outsiders and \ninsiders. This planning activity has an oversight board that is \ncurrently being staffed with cyber security professionals from industry \nalong with the CIOs from the three laboratories.\n    Our approach to cyber security goes beyond addressing \nvulnerabilities or problems that we identify or that are brought to our \nattention. We are using this cyber security upgrade as an opportunity \nto apply our multi-disciplinary approach to science and technology to \nbecome a model for cyber security. Leading-edge cyber security is vital \nto our programmatic missions and is an area where we can leverage our \nexpertise to enhance national security in the broadest sense.\n\n                            CLOSING REMARKS\n    Accomplishing our national security mission requires outstanding \nscience and technology. Simultaneously, we must ensure that the \napplication of that science and technology to national security is \nprotected at all levels. We have long recognized the inherent challenge \ninvolved in protecting national security information while fostering \nthe interchange of ideas required for cutting-edge science and \ntechnology. Indeed, to a considerable degree, the nation's security \nrests on the technological advances that arise from the world-class R&D \nconducted at Livermore and the other national security laboratories.\n    A multi-faceted security apparatus is in place at our Laboratory, \nincluding physical security, operational security, personnel security, \ninformation security, communications security, cyber security, \ncounterintelligence, and employee security awareness. We continually \nmake adjustments and upgrades to address new threats and concerns. We \ntake strong positive action on security and counterintelligence issues, \nwhether they are anticipated or identified by us or others, or are \nbrought to our attention in the form of executive or departmental \norders or inspections. Proactive and effective security and \ncounterintelligence allows us to meet the challenge of ensuring \nnational security while operating in a global world.The recent \nevaluation conducted by OSE noted many improvements to LLNL's security \nsystem while identifying areas for further improvement. We have \nprepared an aggressive corrective action plan that, technology \npermitting, will resolve any issues by the end of the year. I have \ncommitted the resources and established the priority to ensure that \nthis plan is executed. Corrective actions have already been taken on \nmany issues and, as appropriate, compensatory actions are in place. I \nam confident that at LLNL, our Special Nuclear Material and sensitive \nand classified information are secure.\n\n    Mr. Upton. Thank you. Dr. Weigand, would you like to \ncomment?\n\n                    STATEMENT OF GIL WEIGAND\n\n    Mr. Weigand. I will make a set of very brief comments. I \nwould like to give you the opportunity to ask me any questions \nthat you would like.\n    Good morning, Mr. Chairman, and subcommittee members. I am \nDr. Gil Weigand. I am the Deputy Assistant Secretary for \nResearch Development Simulation and Defense Programs. That is a \nslightly different title than you utilized. We are in the \nprocess of reorganization, as you are well aware, trying to \ndefine line management a little bit better, and two \norganizations have been combined and now I am responsible. I \nhave been in this position for 8 months and this position is \nresponsible for the laboratories.\n    I was put in this position because I bring to that position \nindustry and DOD program management experience. As I indicated \nin the July 1 testimony to the subcommittee, Defense Programs \nrecognizes that our job is to fix the problems. We agree \nsubstantially with the issues identified by Mr. Podonsky and \nhis team and have taken both immediate and interim actions to \naddress their concerns. I want to point out that since taking \nthis position in this area that involves Livermore and the \nsecurity, I have put in place no less than four corrective \naction plans. And those corrective action plans have milestones \nthat have weekly or monthly obligations by the laboratory, and \nto date the laboratory has not missed a single one of them.\n    I also, when finding out the results from Mr. Podonsky, \nbefore he even left the site we were in the process of doing \nwhat I call a path forward plan, which was an immediate layout \nof the plan that ultimately became part of the broader planning \nfor corrective action on this in the area of special nuclear \nmaterials. It is extremely important that we protect those \nmaterials, but it is also extremely important that I have those \nfacilities available and open to me, since I am equally \nresponsible now for the facilities and for the conduct of the \nresearch and development at the laboratories. A draft of that \nplan, by the way, has been reviewed by Mr. Podonsky's team and \nwe have incorporated their comments.\n    As a result of the cybersecurity concerns, we directed the \nformation of a cybersecurity integrated security management \nplan. The first step is the development of a plan by August 1 \nwhich will create the most aggressive, across-the-board advance \nin cybersecurity at the labs. Not on my account. That will not \nbe me that is basically saying that, but by the account of some \nof the Nation's foremost experts in cybersecurity.\n    The management team is headed by Bill Crowell, former \ndeputy director of NSA. Last the Department, at the direction \nof Secretary Moniz, have taken parts of the corrective action \nplans that we have created and incorporated those into the \nDepartment's goalposts plan which will result in a green \ndesignation for safeguards and security at LLNL, the Livermore \nlabs, by the end of the year.\n    As you recall, Mr. Chairman, Bill Hensley and I briefed you \nin the last hearing on some of those actions and we will be \nhappy to more extensively amplify on those in the closed \nsession. The detailed are classified.\n    Since the July 1 hearing, the corrective action plan has \nbeen finalized, with specific milestones assuring the concerns \nidentified by Mr. Podonsky are appropriately addressed by the \nend of the calendar year. Since I now have a completed and \ncorrective action plan, I intend to also implement some \nmeasures by which there is accountability. And I intend to hold \nboth Federal managers accountable and laboratory managers \naccountable.\n    In addition to that, I have directed that there be the \ncreation of a tracking system to specifically track each issue \nas corrective actions and associated milestones are completed \nor not completed. Mr. Hensley, who directs our security office \nat Defense Programs, has created three viewgraphs that we will \ntake up with you in later session. They are very brief, but we \nwanted to give you a status of where we stand.\n    Thank you very much for the opportunity to provide you with \nanother update on the progress of security, and I am available \nfor questions.\n    [The prepared statement of Gil Weigand follows:]\n   Prepared Statement of Gil Weigand, Deputy Assistant Secretary for \nResearch, Development and Simulation at Defense Programs, Department of \n                                 Energy\n    Good morning Mr. Chairman and Subcommittee Members: I am Dr. Gil \nWeigand, I am the Deputy Assistant Secretary for Research, Development \nand Simulation at Defense Programs. I have been in this current \nposition for about 8 months. I was put in this position because I would \nbring to this position industry and DoD program management experience.\n    As I indicated during the July 1, 1999 testimony to the \nSubcommittee, Defense Programs (DP) recognizes that our job is ``TO FIX \nTHE PROBLEMS.'' We agree substantially with the issues identified by \nMr. Podonsky and his team and have both immediate and interim actions \nto address their concerns. I have directed that a corrective action \nplan in general for safeguards and a path-forward plan specifically for \nthe special nuclear material areas be developed which addresses each of \nthe concerns in Mr. Podonsky team's findings. A draft of that plan has \nbeen reviewed by Mr. Podonsky's team and we have incorporated their \ncomments. Furthermore, as a result of cyber-security concerns, I \ndirected the formation of a cyber-security integrated security \nmanagement plan. The first step is the development of a plan by August \n1 which will create the most aggressive across the board advance in \ncyber-security at the labs, not by my account, but by the account of \nsome of the nations foremost experts in cybersecurity. The management \nteam is headed by Bill Crowell, former Deputy Director of NSA. Lastly, \nthe department under the direction of Undersecretary Moniz we have \ncreated plans, the Department's Goal Posts Plan, which will result in a \n``green'' designation for safeguards and security at LLNL by the end of \nthe year. As you will recall, Mr. Hensley and I briefed you during the \nlast Hearing on some of those actions.\n    Since the July 1, 1999 Hearing, the corrective action plan has been \nfinalized with specific milestones for assuring the concerns identified \nby Mr. Podonsky are appropriately addressed by the end of the calendar \nyear. A tracking system is being developed to specifically track each \nissue, its corrective action(s), and associated milestones.\n    Mr. Hensley who directs the security office at Defense Programs \nwill conclude our time here by providing you with a three slide summary \nof the corrective action plan's status. We will provide for the record \nthe classified detailed corrective action briefing.\n    Thank you very much for the opportunity to provide you with another \nupdate on our progress in security. Mr. Hensley please provide the \ncommittee with you status report.\n\n    Mr. Upton. Thank you. Dr. Turner, do you have something you \nwould like to add?\n\n                    STATEMENT OF JAMES TURNER\n\n    Mr. Turner. Yes, sir, I do. I appreciate the opportunity to \nbe here. I would like to start with some summary statements and \nthen step back from that to give you a quick overview of our \nrole as a field element.\n    First of all, back in April, Bruce and I, along with some \nothers, were involved in a video teleconference with the \nSecretary. At that time I gave him my personal assurance that \nwe would do everything that was necessary to correct the items \nthat were found in the 1998 Report to the President, as well as \nthe things that Glenn's team came up with.\n    I saw the Secretary last week at an event and personally \nreiterated my assurance. I spent part of last week going over \nthe issues regarding storage of classified parts. We were \nbriefed on the upgrades to the alarm system that was being put \nin place, as well as continuously tracking the corrective \naction plan. All the items are on track in that corrective \naction plan. They are being completed on time. And I think this \nrepresents a commitment from all of us at the table to make \nthat happen.\n    That being said, let me step back for a moment and talk \nabout our role and responsibility as a field element and the \nteam that we have here today. First of all, we're the \ncontracting officer for Lawrence Livermore National Laboratory. \nIn conjunction with headquarters, we set expectations for the \nlaboratory in a number of areas, including security, and we \nassess their performance annually. We also provide Federal \noversight, and in that role we have the line management \nfunction in safety and security at the lab. We provide \nassurance to headquarters that not only are the provisions of \nthe contract being met, but also DOE policy objectives are \nbeing met by the laboratory.\n    In the implementation of that security role, we develop an \nannual a site safeguards and security plan which provides a \nprotection strategy for the laboratory as well as specific \nperformance measures in the contract on which the laboratory is \ngraded. We have an onsite presence which means that on a daily \nbasis people are walking through the facilities, checking \nthings and looking at how things are being done to understand \nwhat the laboratory is doing. And, on occasion when it is \nnecessary, there are findings and concerns that are developed \nout of that but it also provides us a direct way to track and \nvalidate that corrective actions are in fact being done.\n    There is an annual survey report which summaries of these \ndaily operational awareness activities. The report goes into \nthe contract assessment as well as inputs provided to \nheadquarters. We, in turn, are overseen by headquarters. \nDefense programs is our boss for everything that goes on at \nLivermore. That is very clear to us. We have a management \nagreement that has been signed with Gil Weigand, and there is \nalso another document that has been signed which has been \npresented to Vic Reis for signature that spells out roles and \nresponsibilities for our office and defense programs.\n    We also appreciate the input from the Office of Security \nEvaluations, Glenn's office, because they provide us with \nincreased confidence in what we're doing and what we're \nfinding. They also share with us their experience from other \nparts of the complex. They see the whole picture while we only \nsee a part of it, and it is best practices that we can \nincorporate.\n    We have reported on some progress at the July 1 briefing. \nSince then, there has been additional progress. Glenn talked \nabout the progress that's been made in the protection strategy \nfor Superblock. Also, the laboratory has completed the second \nof three bimonthly inventories for materials control and \naccountability. We wanted them to complete three before we \nwould go back and look at our evaluation. They are also \nupgrading the alarm systems for the storage of classified \nparts.\n    As far as my role is concerned, I am a physicist. I have \nbeen at Oakland for 5 years. I have been the manager there for \n4 years. Prior to going to Oakland, I was the director of the \nDefense Programs Office of Nuclear Weapons Security, and in \nthat capacity I had the responsibility for safety, security and \nuse control. So for me, it is more than an intellectual \nexercise, it is something that I feel, something I live and \nsomething I sincerely believe.\n    I am out at Livermore at least 1 day a week. We have weekly \nmeetings with our site manager where we talk about what is his \nassessment of how we're moving on the corrective action plan. I \nmeet once a week with Livermore senior management and we \ndiscuss security--an item on that agenda is always the \ncorrective action plan.\n    Again, speaking for the office, I will give my personal \nassurance to the Secretary as well as provide it to you, that \nwe will do the things that are necessary to get the lab green \nor satisfactory by the end of the year.\n    I would also like to take the opportunity to introduce the \nmembers of our team that are here today. First of all, Marty \nDomagala, our Deputy Manager is here. He led the team that came \nback for the July 1 briefing. Jim Hirahara, our Assistant \nManager for Operations and Safe Management. One of his \nresponsibilities is the University of California contract. I \nunderstand there were some questions that came up the last time \nabout that. And also Rich Mortensen, our Director of Safeguards \nSecurity. With that, I am happy to answer any questions that \nyou may have.\n    Mr. Upton. Terrific. Having completed our witnesses' public \nstatements, the Chair will recognize himself for a unanimous \nconsent request and to offer a motion.\n    Mr. Stupak. Mr. Chairman, before we do that, I hate to \ninterrupt you, but Dr. Weigand and Dr. Turner both had \nstatements before them. We never received copies of those. \nCould we get copies of those statements I would like to look at \nthe in the future?\n    Mr. Weigand. Absolutely. I was not asked to provide--and I \napologize for not thinking forward on that.\n    Mr. Turner. I was under the understanding that an oral \nstatement--but we will certainly provide.\n    Mr. Upton. Terrific. Thank you. Without objection, staff of \nthe majority--my motion is this: Without objection, staff of \nthe majority and minority parties may be recognized to question \nwitnesses for equal 30 minute blocks pursuant to clause 2(j) of \nrule XI of the Rules of the House. Is there objection? Hearing \nnone.\n    Mr. Barton. Mr. Chairman?\n    Mr. Upton. The gentleman is recognized.\n    Mr. Barton. You want the staff to question the witnesses in \nthis hearing or later on?\n    Mr. Upton. Later on. It will be part of the hearing.\n    Hearing none, so ordered.\n    Further, the Chair moves that pursuant to clause 2(g) of \nRule XI, the Rules of the House, the remainder of this hearing \nto conducted in executive session to protect information that \nmight endanger national security. Is there discussion on the \nmotion? If there is no discussion, pursuant to the rule, a \nrecorded vote is ordered.\n    All in favor of moving to executive session will indicate \nby saying aye.\n    Opposed, say nay.\n    The Clerk will call the roll.\n    The Clerk. Mr. Barton.\n    Mr. Barton. Yes.\n    The Clerk. Mr. Barton votes aye.\n    Mr. Cox.\n    [No response.]\n    The Clerk. Mr. Burr.\n    Mr. Burr. Aye.\n    The Clerk. Mr. Burr votes aye.\n    Mr. Bilbray.\n    Mr. Bilbray. Aye.\n    The Clerk. Mr. Bilbray votes aye.\n    Mr. Whitfield.\n    [No response.]\n    The Clerk. Mr. Ganske.\n    Mr. Ganske. Aye.\n    The Clerk. Mr. Ganske votes aye.\n    Mr. Blunt.\n    [No response.]\n    The Clerk. Mr. Bryant.\n    Mr. Bryant. Aye.\n    The Clerk. Mr. Bryant votes aye.\n    Mr. Bliley.\n    [No response.]\n    The Clerk. Mr. Klink.\n    Mr. Klink. Aye.\n    The Clerk. Mr. Klink votes aye.\n    Mr. Waxman.\n    [No response.]\n    The Clerk. Mr. Stupak.\n    Mr. Stupak. No.\n    The Clerk. Mr. Stupak votes no.\n    Mr. Green.\n    [No response.]\n    The Clerk. Ms. McCarthy.\n    Ms. McCarthy. Aye.\n    The Clerk. Ms. McCarthy votes aye.\n    Mr. Strickland.\n    Mr. Strickland. No.\n    The Clerk. Mr. Strickland votes no.\n    Ms. DeGette.\n    Ms. DeGette. Aye.\n    The Clerk. Ms. DeGette votes aye.\n    Mr. Dingell.\n    [No response.]\n    The Clerk. Mr. Upton.\n    Mr. Upton. Aye.\n    The Clerk. Mr. Upton votes aye.\n    Mr. Upton. The Clerk will report the result.\n    The Clerk. Mr. Chairman, on that vote there were 9 ayes, 2 \nnoes.\n    Mr. Upton. Members having voted in the affirmative and a \nquorum being present, the motion is agreed to. Accordingly, the \nChair declares the subcommittee in recess subject to the call \nof the Chair, pending which all members, staff, witnesses, and \nguests will leave the room.\n    The Capitol Police at this point will secure the room and I \nwould note that we will come back at 11:05 for members that are \ngoing to be able to come back.\n    [Whereupon, at 10:45 a.m., the subcommittee recessed. To \nreconvene at 11:05 a.m. executive session.]\n\x1a\n</pre></body></html>\n"