b'<html>\n<title> - [H.A.S.C. No. 113-13] NUCLEAR SECURITY: ACTIONS, ACCOUNTABILITY AND REFORM</title>\n<body><pre>[House Hearing, 113 Congress]\n[From the U.S. Government Publishing Office]\n\n\n\n \n                         [H.A.S.C. No. 113-13] \n          NUCLEAR SECURITY: ACTIONS, ACCOUNTABILITY AND REFORM\n\n                               __________\n\n                                HEARING\n\n                               BEFORE THE\n\n                    SUBCOMMITTEE ON STRATEGIC FORCES\n\n                                 OF THE\n\n                      COMMITTEE ON ARMED SERVICES\n\n                        HOUSE OF REPRESENTATIVES\n\n                    ONE HUNDRED THIRTEENTH CONGRESS\n\n                             FIRST SESSION\n\n                               __________\n\n                              HEARING HELD\n\n                           FEBRUARY 28, 2013\n\n\n                                     \n[GRAPHIC] [TIFF OMITTED] TONGRESS.#13\n\n                                     \n  \n\n                  U.S. GOVERNMENT PRINTING OFFICE\n79-996                    WASHINGTON : 2013\n-----------------------------------------------------------------------\nFor sale by the Superintendent of Documents, U.S. Government Printing Office, \nhttp://bookstore.gpo.gov. For more information, contact the GPO Customer Contact Center, U.S. Government Printing Office. Phone 202\xef\xbf\xbd09512\xef\xbf\xbd091800, or 866\xef\xbf\xbd09512\xef\xbf\xbd091800 (toll-free). E-mail, <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="8cebfce3cceff9fff8e4e9e0fca2efe3e1a2">[email&#160;protected]</a>  \n\n\n                    SUBCOMMITTEE ON STRATEGIC FORCES\n\n                     MIKE ROGERS, Alabama, Chairman\n\nTRENT FRANKS, Arizona                JIM COOPER, Tennessee\nDOUG LAMBORN, Colorado               LORETTA SANCHEZ, California\nMIKE COFFMAN, Colorado               JAMES R. LANGEVIN, Rhode Island\nMO BROOKS, Alabama                   RICK LARSEN, Washington\nJOE WILSON, South Carolina           JOHN GARAMENDI, California\nMICHAEL R. TURNER, Ohio              HENRY C. ``HANK\'\' JOHNSON, Jr., \nJOHN FLEMING, Louisiana                  Georgia\nRICHARD B. NUGENT, Florida           ANDRE CARSON, Indiana\nJIM BRIDENSTINE, Oklahoma            MARC A. VEASEY, Texas\n                 Drew Walter, Professional Staff Member\n                         Leonor Tomero, Counsel\n                           Eric Smith, Clerk\n\n\n                            C O N T E N T S\n\n                              ----------                              \n\n                     CHRONOLOGICAL LIST OF HEARINGS\n                                  2013\n\n                                                                   Page\n\nHearing:\n\nThursday, February 28, 2013, Nuclear Security: Actions, \n  Accountability and Reform......................................     1\n\nAppendix:\n\nThursday, February 28, 2013......................................    33\n                              ----------                              \n\n                      THURSDAY, FEBRUARY 28, 2013\n          NUCLEAR SECURITY: ACTIONS, ACCOUNTABILITY AND REFORM\n              STATEMENTS PRESENTED BY MEMBERS OF CONGRESS\n\nCooper, Hon. Jim, a Representative from Tennessee, Ranking \n  Member, Subcommittee on Strategic Forces.......................     3\nRogers, Hon. Mike, a Representative from Alabama, Chairman, \n  Subcommittee on Strategic Forces...............................     1\n\n                               WITNESSES\n\nAlston, Maj Gen C. Donald, USAF (Ret.), Former Commander, 20th \n  Air Force, Former Air Force Assistant Chief of Staff for \n  Strategic Deterrence and Nuclear Integration; Brig Gen Sandra \n  E. Finan, USAF, Commander, Air Force Nuclear Weapons Center, \n  Former Principal Assistant Deputy Administrator for Military \n  Applications, National Nuclear Security Administration; and \n  Hon. Gregory H. Friedman, Inspector General, U.S. Department of \n  Energy.........................................................     3\nPoneman, Hon. Daniel B., Deputy Secretary of Energy, U.S. \n  Department of Energy; and Hon. Neile L. Miller, Acting \n  Administrator and Principal Deputy Administrator, National \n  Nuclear Security Administration................................    13\n\n                                APPENDIX\n\nPrepared Statements:\n\n    Alston, Maj. Gen. C. Donald (Ret.)...........................    44\n    Cooper, Hon. Jim.............................................    41\n    Finan, Brig Gen Sandra E.....................................    72\n    Friedman, Hon. Gregory H.....................................    91\n    Poneman, Hon. Daniel B.......................................   101\n    Rogers, Hon. Mike............................................    37\n\nDocuments Submitted for the Record:\n\n    DOE Verbal Shortcuts and Acronyms............................   111\n    NNSA Key Personnel...........................................   112\n    DOE Organization Chart.......................................   113\n    NNSA Organization Chart......................................   114\n\nWitness Responses to Questions Asked During the Hearing:\n\n    Mr. Cooper...................................................   117\n    Mr. Garamendi................................................   117\n\nQuestions Submitted by Members Post Hearing:\n\n    Mr. Cooper...................................................   139\n    Mr. Rogers...................................................   121\n          NUCLEAR SECURITY: ACTIONS, ACCOUNTABILITY AND REFORM\n\n                              ----------                              \n\n                  House of Representatives,\n                       Committee on Armed Services,\n                          Subcommittee on Strategic Forces,\n                       Washington, DC, Thursday, February 28, 2013.\n    The subcommittee met, pursuant to call, at 10:30 a.m., in \nroom 2212, Rayburn House Office Building, Hon. Mike Rogers \n(chairman of the subcommittee) presiding.\n\n OPENING STATEMENT OF HON. MIKE ROGERS, A REPRESENTATIVE FROM \n      ALABAMA, CHAIRMAN, SUBCOMMITTEE ON STRATEGIC FORCES\n\n    Mr. Rogers. This hearing of the Armed Services Subcommittee \non Strategic Forces is called to order. I want to say good \nmorning and welcome everybody to today\'s hearing on nuclear \nsecurity at the Department of Energy\'s National Nuclear \nSecurity Administration [NNSA]. Before we get into the hearing, \nI want to welcome our new members to the committee. First and \nforemost, I want to recognize our ranking member, Mr. Cooper of \nTennessee, my friend and colleague of many years. I look \nforward to working closely with him over the next 2 years as we \ncarry out this important work.\n    I am not sure they are here, but new to our Strategic \nForces Subcommittee on the Republican side are Mr. Coffman of \nColorado, Mr. Wilson of South Carolina, Mr. Nugent of Florida, \nMr. Bridenstine of Oklahoma. On the Democrat side: Mr. Johnson \nof Georgia, and Mr. Carson of Indiana, and Mr. Veasey of Texas. \nI look forward to working with all of you, as well as my \ncolleagues who are returning for another 2 years on the \nStrategic Forces oversight subcommittee.\n    This subcommittee has responsibility for many big critical \nimportant issues, and we are going to get into one of them \nright now. Today\'s hearing is part of the committee\'s \ncontinuing oversight of the aftermath of the security breach at \nY-12 National Security Complex in July of last year. At this \npoint, the facts of the incident are well established so I \nwon\'t repeat them. Needless to say, the intrusion was \nastonishing and completely unacceptable.\n    Through its hearing and closed briefing last September, the \nsubcommittee is aware of the immediate corrective actions taken \nby the NNSA and the DOE [Department of Energy]. Today\'s hearing \nis focused on the broader implications of the incident, \nincluding organizational leadership and structural failures \nthat enabled it to occur. Reviewing the testimony from our \nfirst witness panel as well as the other reports on DOE nuclear \nsecurity stretching back 15 years, I am deeply concerned that \nwe have been identifying the same problem for more than a \ndecade.\n    For instance, in a 1999 report by the President\'s Foreign \nIntelligence Advisory Board, it said the DOE, ``Embodied \nscience at its very best and security at its worst.\'\'\n    Highlighting a string of recurring security problems in the \n1990s, the board described DOE as a ``dysfunctional bureaucracy \nthat has proven it is incapable of reforming itself.\'\'\n    In 2002, a few years after Congress created NNSA in an \neffort to address these concerns, another study by the \nCommission on Science and Security found the same problems. In \n2005, an independent study of NNSA security conducted by \nAdmiral Richard Mies again made very similar findings saying \nthat the problems were, ``they are not new, many continue to \nexist because of the lack of clear accountability, excessive \nbureaucracy, and organizational stovepipes, lack of \ncollaboration, and unwieldy, cumbersome processes.\'\'\n    Those reports were from 1999, 2002 and 2005. So where are \nwe today? To anyone paying attention, the answer is undeniably, \nnowhere. The assessments done after the Y-12 incident showed \nthat the exact same fundamental problems remain. Regardless of \nthe structural issues, there is also a problem of \naccountability. The only people who have been fired as a result \nof the Y-12 incident are a few guards, but no Federal officials \nhave been fired. Some NNSA site and headquarters security \nofficials have been reassigned to other positions within the \nDOD or allowed to retire but not fired. This is not \naccountability. It is the exact opposite of what Secretary of \nDefense Gates did after the Air Force\'s nuclear security \nproblems in 2007 and 2008. His demonstration of accountability \nin the Air Force\'s senior-most leadership is my example of a \nfirm system of accountability, and it should be everyone\'s.\n    Our first panel of witnesses will help us explore what \nchanges are needed to ensure a breach like Y-12 does not happen \nagain. They are each the author of separate independent \nassessments of the Y-12 incident or broader security issues at \nDOD and NNSA. The witnesses are Major General Donald Alston, \nformer commander, 20th Air Force, and former Air Force \nAssistant Chief of Staff, Strategic Deterrence and Nuclear \nIntegration; Brigadier General Sandra Finan, U.S. Air Force, \nCommander of the Air Force Nuclear Weapons Center, and former \nPrincipal Deputy Assistant Administrator for Military \nApplications, National Nuclear Security Administration; and the \nHonorable Gregory Friedman, Inspector General, U.S. Department \nof Energy. I want to thank our witnesses for appearing today \nand the time they have put in preparing their testimony. I know \nit is a labor, but we do appreciate it.\n    I have a longer version of my statement that I am, without \nobjection, going to offer for the record. Hearing none, it is \nso ordered. And with that, I want to turn to my friend and \ncolleague from Tennessee, Mr. Jim Cooper, for any opening \ncomments that he may have.\n    [The prepared statement of Mr. Rogers can be found in the \nAppendix on page 37.]\n\nSTATEMENT OF HON. JIM COOPER, A REPRESENTATIVE FROM TENNESSEE, \n        RANKING MEMBER, SUBCOMMITTEE ON STRATEGIC FORCES\n\n    Mr. Cooper. Thank you, Chairman Rogers, I look forward to \nworking with you and our colleagues on these important issues \nthis year. I would just like to ask, in view of the shortness \nof the time, that my opening statement be inserted in the \nrecord.\n    [The prepared statement of Mr. Cooper can be found in the \nAppendix on page 41.]\n    Mr. Rogers. Thank you, sir. In concert with that, as you \nall may have been told before the hearing we will be called for \nvotes in a little while, so we will dispense with the reading \nof your opening statements; they will be submitted for the \nrecord without objection, and we will go straight to the \nquestioning of the witnesses. The witness order will be General \nAlston, sorry, we won\'t let you stay retired; General Finan, \nthanks for putting your NNSA hat on one last time to help the \nsubcommittee understand these issues, and Mr. Friedman.\n    [The prepared statements of General Alston, General Finan, \nand Mr. Friedman can be found in the Appendix beginning on page \n44.]\n\n MAJ GEN C. DONALD ALSTON, USAF (RET.), FORMER COMMANDER, 20TH \n   AIR FORCE, FORMER AIR FORCE ASSISTANT CHIEF OF STAFF FOR \n STRATEGIC DETERRENCE AND NUCLEAR INTEGRATION; BRIG GEN SANDRA \n E. FINAN, USAF, COMMANDER, AIR FORCE NUCLEAR WEAPONS CENTER, \n FORMER PRINCIPAL ASSISTANT DEPUTY ADMINISTRATOR FOR MILITARY \n  APPLICATIONS, NATIONAL NUCLEAR SECURITY ADMINISTRATION; AND \nHON. GREGORY H. FRIEDMAN, INSPECTOR GENERAL, U.S. DEPARTMENT OF \n                             ENERGY\n\n    Mr. Rogers. We will begin with 5-minute rounds of questions \nand then we will have a second panel after that. I will start \nthe questions here.\n    General Alston, you and Mr. Augustine and Dr. Meserve seem \nto have read the many reports and independent reviews of DOE \nsecurity that have been conducted previously. Your letter to \nSecretary Chu calls it, ``The considerable body of work that \nhas been done on the subject over the past decade.\'\' In \nparticular, you mention the review done by Admiral Mies in \n2005. You heard me, in my opening statement, mention a few \nothers, but there are many more. How do your findings and \nrecommendations compare to those contained in the findings of \nall the previous reports?\n    General Alston. Mr. Chairman, thank you very much.\n    Mr. Rogers. Your microphone needs to be turned on, please.\n    General Alston. Need coaching and I am trainable. Mr. \nChairman, thank you for the question, I would say that probably \nthe most disturbing thing that Dr. Meserve, Mr. Augustine, and \nI found was the recurring evidence of problems that have \nexisted before. And when you take a close look at Admiral Mies\' \nwork that he did, I count about 111 recommendations that the \nDepartment of Energy showed us, a matrix, we had grades on \nthem, and without doing an exhaustive detailed cross-check of \nwhat Admiral Mies found and what we were finding but doing a \nrather cursory look at that, I would take issue with a variety \nof those assessments in terms of the health of those particular \nfindings.\n    Of course, since 2005, there has been a lot of time over \nthe course of those 8 years, and I can\'t say that I saw any \nevidence of reaching back to the Mies reports. So I don\'t know \nhow fresh the management of the Mies findings and \nrecommendations was. I don\'t know the last time they revisited \nthat or if that is a regular phenomenon that they do revisit \nall those findings. But just a few of them that point towards \nculture and things that we found to be a legacy of challenges \nin the Department of Energy: no team approach toward security, \nstruggling to succeed in an atmosphere of conflicting \nviewpoints, headquarters versus the field, lab versus lab, site \noffice versus contractor, academic versus operational, union \nversus management, and then non-NNSA elements in the Department \nof Energy.\n    There have been recurring challenges as site field offices \nwould see a need to upgrade security. We saw lack of \ndiscipline, that Admiral Mies found as well, in terms of having \na broad strategic vision for what the overall security \nrequirements and standards should be, and a sensitivity to \nelevate the unique features of each site as opposed to having \nstandardized common security requirements being the principal \nfocus and the site offices having to defend wanting to be \ndifferent. But without discipline and strong central management \nof that, then folks could conceive, design, develop, and deploy \nsystems that might not be as fully vetted and ready as they \nneed to be, and I think Y-12 is a good example of that.\n    Mr. Rogers. Why do you think this culture was allowed to \ncontinue? Because it did happen over years. In your opinion, \nafter each of these studies, were there any consequences and \nthen they would lapse back into this culture or were there \nnever any consequences?\n    General Alston. We found it difficult to have traceable \nauthority from the field up the chain of command to find \nunambiguous certainty that somebody was in charge of one \nelement of security or another. And because that seemed \nambiguous, and because there was a prevailing notion that it is \nan eyes-on/hands-off surveillance mantra, that the field--the \nsites have, over time, enjoyed being distanced from the \nheadquarters and sort of being alone and unafraid, and \ncertainly, I was in a military organization and we didn\'t like \ninterference from the headquarters.\n    However, when it comes to security, I think there are \nbenefits to having good central management that may not be true \nfor science, but I do believe it is true for security.\n    Mr. Rogers. Do you believe that if there had been somebody \nat the top of the command chain held responsible for the \nfindings of any of these earlier studies in a significant way \nby termination that it would have helped to eliminate that \nculture\'s continuance?\n    General Alston. Well, sir, that would be one action that \ncould be taken, but that action alone I don\'t think would \nnecessarily have resulted in all of the fundamental changes \nthat would have had to occur.\n    Mr. Rogers. Why?\n    General Alston. Well, I think that gets everybody\'s \nattention. I showed up on the Air Staff the same weekend that \nwe had our unauthorized munitions transfer from Minot to \nBarksdale, a very epic failure for our Air Force. So, I was \nthere for the next 3 years working that particular problem. The \nAir Force did not--we worked the problem hard for the first \nyear, but when we lost the Chief and the Secretary, life was \ndifferent, and the entire Air Force had to rally around not a \nsecurity problem, but an enterprise failure. And because we \nlooked at this in the largest context, I believe that after \nspending 9 months working the problem to no one\'s satisfaction, \nthat it certainly was an extraordinary accountability action by \nSecretary Gates which had the Air Force focus on that problem \nin a way that we had failed to focus on it before, this is \nabsolutely true.\n    Mr. Rogers. Thank you very much. The chair now recognizes \nthe ranking member for any questions he may have.\n    Mr. Cooper. Thank you, Mr. Chairman. There are lots of \nissues here, too much red tape in the bureaucracy, questionable \ncontractor performance. But I think that one thing folks back \nhome understand is what do we get for taxpayer dollars? And the \ninspector general [IG] pointed out that DOE-wide we are \nspending something like $1 billion a year just in protection of \nfacilities. And he mentions in his testimony that $700 million \nper year spent on complex-wide protective force of about 4,000 \nworkers, contract professionals; that would be $175,000 \ncompensation for each guard; that is a lot. And a lot of folks \nback home would ask, well, we paid all these people, did we get \nany security and result in return?\n    The focus, of course, of today\'s hearing is the Y-12 \nfacility, which we discover now wasn\'t even nun-proofed, much \nless terrorist-proofed. And the expenditures are called for the \nY-12 facility, we just spent $150 million a year protecting \nthat one plant, and yet we couldn\'t catch two 70-year-olds and \none 80-year-old as they breached the perimeter. And as the \nchairman has quite correctly pointed out, it is hard to find \nthat anybody was punished except the lowest level guard, and it \ndoesn\'t seem like this is a fair way to treat a security lapse \nof this type.\n    So I know that time is of the essence, I just want to \nencourage the IG and I appreciate the work of Meserve and Finan \nto help us understand this. But the bottom line is taxpayers \nneed to get results for their dollars. Right now in DOE, it \ndoesn\'t seem like we are getting those results. Welcome a \ncomment, but I know that time is short.\n    Mr. Friedman. Mr. Cooper, are you asking me for a comment? \nI think you have synthesized the high points, several of the \nhigh points in our reports over time. I might point out that \nsafeguards and security, from our perspective, has been a \nmanagement challenge at the Department of Energy for at least \nthe last decade, so this is a continuing problem. And if I may \nrespond subsequently to a question from the chairman to General \nAlston, we have found over time that, I think the chairman \nphrased it exactly correctly, that there has been a lack of \nsustained effort to cure a problem. There has been sort of a \nshort-term fix and then the fix, and the effort to fix \nevaporates over time.\n    And secondly, if I can, security cannot be a sideline, it \nhas got to be integrated into the very essence of a production \nplant like Y-12 and all the other department facilities. So it \nhas to be an integrated approach from the get-go to the end \nrather than a separate function. So I think those are two \nhighlights, and your issue that you have highlighted, Mr. \nCooper, about costs are ones of course that concern us a great \ndeal.\n    Mr. Cooper. It shouldn\'t just concern us. We paid no \ntelling how many tens of hundreds, millions of dollars for \ncameras at Y-12 that didn\'t work, and an alarm system that gave \noff hundreds of false alarms a day. Where is the refund from \nthe contractor? You know, the best we can tell, people got \nperformance bonuses. Excellent ratings. This is astonishing \nthat the taxpayer got back so little for their money, \nespecially in such a secure installation. I thank the chairman; \nI yield back the balance of my time.\n    Mr. Rogers. I thank the gentleman. The chair now recognizes \nmy friend from Arizona, Mr. Franks, for 5 minutes.\n    Mr. Franks. Well, thank you, Mr. Chairman, thank all of you \nfor being here. I don\'t want to mischaracterize my friend\'s \ncomments about the 80-year-old nun, it seemed like he kind of \ndid that in a rather diminishing way. I understand she was \nquite spry for 80, and that that should be taken into account. \nWhen you make the comparison about the guards costing about \n$175,000 a year for taxpayers, I have been looking at the \nnumbers here, and that is about what Congress gets paid, and I \nam afraid the connections and the parallels here are a little \nfrightening for someone like myself, because we wonder if maybe \nwe are not all a little bit overpaid.\n    It is very easy for us to kind of, as I just did, make \nlittle jokes about these kinds of things and sort of step back \nfrom almost a holier-than-thou position. It is easy from an \narmchair perspective to say ``how could this ever happen.\'\' And \nyet in a sense, that is a little bit--that is our job here on \nthe committee to try to exert some oversight that hopefully \nwill change a culture that has made a particular error here in \na better direction.\n    I know that if we really were all honest with ourselves, we \nwould look at this from a much larger perspective. History has \nbeen pretty unkind to those who have tried to maintain nuclear \nsecurity. If we had done that well decades ago when we first \ngained this technology, the Soviets would never have gained \nthat technology and there never would have been a Cold War. So, \nthis is not as unprecedented; I think I remember some story \nwhere we had to drop one of our atomic bombs off the coast out \nof a plane, I think it is still there, years ago.\n    These are not as unprecedented as they seem, but because \nthey are so serious, it occurs to me that we have to try to \nback up and ask ourselves, why is it that there is this \nhallmark for us letting these kinds of things be so easily \nsecured when the implications are so profound? So I guess I am \ngoing to ask sort of a question for all of the panel members. \nIf there was one thing that you could do in this particular \ninstance and in a broader instance of trying to help both our \ncivilians infrastructure and our military apparatus understand \nthe need for more security when it comes to nuclear technology \nand weapons that have these profound implications, what is the \none thing, General, I will start with you, that you would \nsuggest that we do? Is it a mind-set? Is it a systemic issue? \nWhat would you postulate?\n    General Alston. Well, sir, I would tell you that Mr. \nAugustine and I, in particular, and I think Dr. Meserve \nmentioned it as well, but the cultural challenges facing the \nDepartment of Energy when it comes to a culture that doesn\'t \nsegment security, doesn\'t segment safety, but rather looks at \nthem as all essential to mission as opposed to trade space, \nthat that is a very profound challenge because taking culture \non head-on is a very challenging effort. But, we found that \nthis, and I have had recent discussions informally with people \nnot involved directly with this where security is now perceived \nas, you know, we have to go through the hurt right now. And, \nsecurity is perceived as sapping strength and competing with \nscience and other priorities in the Department.\n    So I think there is still a long way to go in a pervasive \nculture where every last person that is working in NNSA or the \nDepartment of Energy sees security, and safety, and mission, \nnot as separate things that need to be tended to, and \nprioritized, but rather have a common view how important and \nvital they are and essential every day to mission success.\n    Mr. Franks. General Finan.\n    General Finan. Well, I would echo what General Alston just \nsaid and I think that is the primary thing you have to do is \nwork on the culture so rather than repeat that, I think given \nculture as an issue that must be addressed, I think the next \nthing that we have to think about is lines of authority. We \nhave to be very clear on who is responsible for what. We have \nto then follow up and give the authorities necessary to execute \nthose responsibilities and once we do those two things \nthroughout the chain of command, then we can hold people \naccountable. But one of the continuing things that NNSA and DOE \nbefore it have struggled with was defining roles and \nresponsibilities and then giving the appropriate authority to \nexecute those responsibilities, and that has been a \nlongstanding issue that we really need to straighten out in \norder to create that accountability and ownership of that \nsecurity mission.\n    Mr. Friedman. Mr. Franks, I concur with what has been said \npreviously. And maybe this is too far down in the weeds, but if \nthere was, in addition to what has already been said, if there \nwas one problem, and I guess it builds on what General Finan \njust referred to is that we need to be sure that employees at \nall levels are empowered to raise serious issues and that there \nis a process in place to ensure that those issues are, in fact, \naddressed. I think that applies in terms of safety, it \ncertainly applies in terms of security. And it certainly was a \nproblem, a root cause problem we found at least with regard to \nthe Y-12 issue and security generally throughout the Department \nof Energy.\n    Mr. Franks. Thank you. And thank you, Mr. Chairman.\n    Mr. Rogers. I thank the gentleman. The chair now recognizes \nMr. Garamendi for 5 minutes.\n    Mr. Garamendi. I would like each of the witnesses to take a \nminute and a half and talk about where we are today. This is \nall history; what has been done along the lines, if you know, \nto carry out the recommendations that have been made? We will \nstart with the General, General Finan.\n    General Finan. I left NNSA over a month ago, but before I \nleft, I can tell you that there was structural changes \noccurring within the security organization so they were in the \nprocess of implementing the recommendations to stand up an \noperationally focused organization that would help ensure \nstandardization across the fields. They were also in the \nprocess of creating standards and criteria for security so that \npeople in the field would know what standard they needed to \nmeet and what criteria would be used to evaluate them. There \nwere personnel changes that had occurred in order to bring in \nwhat I call true security expertise. Security is a special \nskill, and we have people throughout this country who have \nthose skills, and so we need to seek out those individuals and \nbring them in so that they can bring that skill set to the \nNNSA. So, that was ongoing. So, basically all the \nrecommendations that I had out of my reports were being enacted \nat the time I left.\n    Mr. Garamendi. And Mr. Friedman.\n    Mr. Friedman. With regard to the recommendations we made in \nour earlier report, Congressman, we have not received the final \ndepartmental position, so we are not--we have heard anecdotal \ninformation of what steps have been taken and we are waiting \nfor that to occur. In the interim, between our reports, both \nGeneral Alston and his group and General Finan have done their \nreports. We have also issued a report on the contractor \nassurance system which is a system that NNSA has in place to \nevaluate contractor actions. We intend to go back at some point \nin the future and look at the process and determine whether the \nfixes that have been committed to and promised have, in fact, \nbeen made.\n    Mr. Garamendi. When is that point in the future?\n    Mr. Friedman. I guess that is the pointed question I wasn\'t \nprepared to answer. We will--it is a high priority for us \nbecause obviously security is essential in a nuclear weapons \nenvironment.\n    General Alston. I left the effort the first week of \nDecember, and the draft recommendations, which we were exposed \nto, were not in the charter that Secretary Chu had given us, so \nI don\'t think I am in a position to comment.\n    Mr. Garamendi. Good. Let me go back to you, Mr. Friedman. \nOne of the oversight and review organizations is you, and it \nwould seem to me that holding people accountable is what you \nguys do, so I am concerned about your response that at some \npoint in the future and so on and so forth. I would like a more \nprecise answer. And with that, Mr. Chairman, I yield back.\n    [The information referred to was not available at the time \nof printing.]\n    Mr. Rogers. I thank the gentleman. The chair now recognizes \nMr. Nugent for 5 minutes.\n    Mr. Nugent. Mr. Friedman, just to follow up on Mr. \nGaramendi\'s question, you do the inspection, you prepare a \nreport, you send it to the powers to be, and they are the ones \nthat have to make things accountable, am I correct on that? Do \nyou hold them accountable, or do the administrators hold their \nrank and file accountable?\n    Mr. Friedman. Well, our reports in these instances, \nCongressman, were sent to the Secretary; it is ultimately the \nSecretary\'s responsibility to hold his subordinates \nresponsible.\n    Mr. Nugent. I would think, General Alston, when you took \nover as related to the incident in the Air Force, were people \nheld accountable at the upper echelons, or was it just the \nlowest ranking folks that are easy picking when something goes \nwrong, or do you look at the culture, which I have heard from \nall three of you in regards to how things actually occur?\n    General Alston. Initially, it was just the lower level \nleadership, wing commander, squadron commander, a couple of \ngroup commanders, so there were a handful of colonels. \nFollowing the installation of the new Secretary and the new \nchief of staff, I know there was a further detailed review, and \nI am not privy to exactly what the actions were.\n    From a distance I understand that General Schwartz, as one \nof his initial responsibilities after evaluating how to do \naccountability in these circumstances, taking in stock not just \nthe unauthorized movement in the nuclear weapons, but also the \nincident that involved some components that were opened in a \nbox in Taiwan, that the chief of staff then personally dealt \nwith the general officers in ways that I am just not personally \nprivy to.\n    Mr. Nugent. You know, in experience, in regards to leading \nan organization, somebody has to be accountable. And typically, \nwhen you discipline the lower ranks and you mentioned it, there \nare other folks because it is a culture, and all three of you \nhave mentioned that, a culture of really failed leadership \nwithin NNSA and DOE as it relates to security. How do we--if \nyou were in charge, how do you fix that specifically from the \nIG\'s perspective? Where does the ball finally end?\n    Mr. Friedman. As I alluded to in my earlier comment, \nCongressman, security cannot be treated as a stepchild, as a \nside show, it has got to be integrated into the process from \nthe very outset. And that is one of the key issues that we have \nfound has not been in place. You can call that a cultural \nissue, perhaps that is correct, and I think--I would refer to \nit as a ``tone at the top\'\' issue. It has to flow down from the \nhighest levels of the Department and permeate and people have \nto be held accountable. I know that may sound like a textbook \nsort of lessons, but I think that is what needs to be done and \nit seems to me there has been a commitment to begin that \nprocess. And as I alluded to earlier, sustainability is really \nthe issue. We are on a path now, we have anecdotal information \nthat changes have been made, not personnel changes that you are \nreferring to, I understand that, but changes have been made in \nthe systems. The question is will that be sustained going \nforward?\n    Mr. Nugent. And it really is buy-in from the leadership. \nYou can change systems and you can change policies, but if \nthere is no one there to actually make sure that the rank and \nfile are following the policies and procedures, nothing gets \ndone from a positive standpoint. So we can talk the game, but \nat the end of the day how is NNSA and DOE actually going to \nhold the upper-level administrators accountable for the \nsecurity that is so important to this Nation? How do you \nsuggest that happen?\n    Mr. Friedman. Well, I think the administrator of NNSA \nreports to the Secretary of Energy under the current format. \nAnd ultimately, and obviously there are changes in process as \nwe speak. Ultimately, it will be the responsibility of the \nSecretary to set the tone at the top with regard to security, \nand make sure that his subordinates and his direct reports \ncertainly understand the emphasis on security and his desire to \nensure that at a subsequent point, he can come back to them and \nreceive confirmation that security has been treated as a \npriority.\n    Mr. Nugent. I thank all three of you for your testimony, \nand I think your direction in regards to what the issues are, \nor more importantly--I mean, you have identified the people \nthat actually have to make it happen obviously aren\'t here at \nthis point. So thank you very much.\n    Mr. Rogers. Thank the gentleman. You know, it is astounding \nto me, we are not talking about an equipment site, we are \ntalking about nuclear materials. And I keep hearing this issue \nabout, well, it is a culture and we need to have more \nresponsibility up the chain of command, nobody is talking about \nfiring anybody. You know, as the general said earlier, when the \nSecretary ran off the Secretary of the Air Force and the chief \nof staff, it got everybody\'s attention. It seems like nobody is \ntalking about we have to go to those levels of responsibility \nand run somebody off to make sure everybody understands that \nsecurity is integral, and has got to be a part of the system. \nBut, I don\'t hear anybody calling for that, but that is just \nme. Mr. Wilson is recognized for five minutes.\n    Mr. Wilson. Thank you, Mr. Chairman. And thank you all for \nbeing here today, and Mr. Friedman, I am an alumnus of \nDepartment of Energy, so I appreciate your service there as IG, \na very important position. In fact, it is so important, and \nGeneral Finan, for both of you, you refer to an eyes-on/hands-\noff approach to oversight. Can you explain why you flagged this \nas a concern? Why did this contribute to the security failure? \nAnd where did this approach come from? And what has been done \nand it has been referenced, but what has been done to fix this, \nbeginning with the general?\n    General Finan. Yes, sir. Eyes-on/hands-off was interpreted \nin the security community at NNSA to mean that Federal \npersonnel were not really to interact with the contractor in \nexecuting security duties, they were only to watch them execute \nduties. And in many cases, not even allowed to interact with \nthe contractor as they accomplished those duties. What that \nevolved to was basically a completely Federal hands-off policy; \nthat said, in my Federal role, I can\'t tell the contractor what \nto do. I can give general directions that say, okay you need to \nsecure a site, but the Federal personnel then failed to give \nadditional directions that said anything about how. Well, \nnuclear security is absolutely critical, and it is inherently a \nFederal responsibility, and that means the Federal personnel \nhave a responsibility and a duty to be a little bit more \nspecific, and in fact, tell contractors exactly how to do \nnuclear security.\n    Now there are some variations and things like that, but \nwhat evolved over time was rather than evaluate--if you ask me \nto evaluate nuclear security, I am going to come up with \nscenarios that I think are significant and then I am going ask \nthe contractor to execute them so I can see the contractor \nexecute those duties. We took--eyes-on/hands-off took the \nFederal Government out of that role. What it did was it let the \ncontractor decide what scenarios would be evaluated and it was \nall about contractor self-assessment and Federal oversight was, \nin fact, diminished. And so what happened is we really didn\'t \nhave any insight. Federal personnel in NNSA did not have \ninsight into the details of how the contractor was executing \nthat mission. And so, that really is eyes-on/hands-off and \nwhere it evolved to.\n    Mr. Wilson. I appreciate your raising that because I am \nvery grateful the Savannah River Site is in the district that I \nrepresent, in Aiken and Barnwell County. And, I have had the \nopportunity to visit so many times, and to see the \nextraordinary personnel of perimeter security, so I have seen a \npositive. So it is startling to me that something like this \ncould occur. Mr. Friedman.\n    Mr. Friedman. I associate myself with General Finan\'s \nremarks. I think she has characterized it perfectly, but if I \ncan take a minute and describe a specific that was in our \noriginal findings. There were very, very expensive, costly \ncameras and detection equipment at Y-12 that was inoperable for \nup to 6 months and just the backlog of repairs had never been \naddressed. Now, the local Federal officials were aware of it, \nbut they did not feel they were empowered because of eyes-on/\nhands-off essentially, they didn\'t feel they were empowered to \nforce the contractor to reprioritize the work, the maintenance \nwork that was being done to be sure the detection equipment was \noperating as intended. It was a vital essence, essential part \nof the perimeter defense mechanism at the site. And that is an \nexample of how we have gotten to the point where, as I said \nearlier, we need to empower these individuals to ensure if they \nhave a problem like that, number one, they can bring it up with \nthe contractor and ensure that the issue is addressed. And \nnumber two, if it is not addressed, that it goes to the \nAdministrator and that there is appropriate action taken.\n    Mr. Wilson. And that is particularly startling because when \nwe think of the new technologies, we think of this as better. \nAnd so I know that your report indicates that there should be \nperiodic in-depth reviews of contractor security, and certainly \nthat would include that the equipment is working.\n    Mr. Friedman. Absolutely. It is vital. There is no excuse \nas far as I am concerned, in an environment such as Y-12, one \nof the most sensitive sites in this Nation, to have equipment \ninoperable and not treat it as a critical priority to get it \nback on line as quickly as possible.\n    Mr. Wilson. And for the protection of the American people, \nagain, the new technologies we have should be used to their \nhighest and best use, and I appreciate your efforts, all of you \nto do this. I yield the balance of my time.\n    Mr. Rogers. I thank the gentleman and the chair now \nrecognizes Mr. Lamborn for 5 minutes.\n    Mr. Lamborn. Thank you, Mr. Chairman. I want to thank all \nof you for what you have done to serve and help our country. \nYou can all jump in on this question, but General Alston, I \nwant to ask you a two-part question. When there was the \nunauthorized transfer of nuclear weapons from Minot to \nBarksdale, the Air Force really drilled down and saw this as a \nbroad issue that had to be addressed, even going so far as to \nreemphasizing the importance of the nuclear mission in the Air \nForce all the way back to the Air Force Academy, which is in my \ndistrict. So could you address how that was done? And then how \ndoes that contrast with what is being done, if there is a \ncontrast with the Y-12 incident?\n    General Alston. Well, sir, thank you for that question. \nWhat we recognized was that the Air Force, having been flying \ncombat missions for such an extended period of time, and with \nthe emerging emphasis on irregular warfare, that conventional \noperations and irregular warfare were elevated in their \npriority in terms of the way the Air Force resourced itself and \nthe tempo and deployments. And the price you paid for that was \na de-emphasis in the nuclear part of our mission set. And, we \nwere born in that strategic attack mind-set and capability, but \nwe had lost that focus because of other competing priorities. \nSo when we looked at the professional military education for \nour NCOs and our officers, we reassessed that there was \ninsufficient, and, in some cases, very little to non-existent \nelements of nuclear in those programs so that a broad brush was \npainted across all of our airmen as opposed to just those who \nhave nuclear mission responsibilities today, because we felt it \nwas important that everyone in the Air Force should have a \nbroad sense of what we are about as airmen.\n    And so, we attacked that and there was a lot of re-attack \nas we looked and evaluated, looked and evaluated, and changed \nthose programs so that we were satisfied the modules on nuclear \nwere worthy at that level of education. But we didn\'t want to \nsort of cashier or contract out, if you will, strategic \ndeterrence to just the nuclear operators; everyone needed to \nunderstand the larger context as best we could do.\n    Now the whole service was energized in the face of this \nepic failure, and we considered it an enterprise failure. This \nwas mission failure at historic levels for us and we looked at \nit that way.\n    The challenge, I think, with the Y-12 situation is we \ndidn\'t necessarily find a pervasive evaluation that this was \nmission failure that could be a wakeup call across the \nenterprise. The guys at Oak Ridge made a very bad mistake, but \nthe guys at Pantex or the guys at Savannah River have not made \nthat transgression. So weaknesses that might be systemic in \nother places with the distance that the sites preferred we \ndidn\'t witness a strong embrace to say, truly, how can we \nventilate the deficiencies there and see them here. I believe \nthat work took place. I just think that the self-critical \ncapacity can be improved in the NNSA and the Department of \nEnergy to make that assessment broad and legitimate.\n    Mr. Lamborn. For either of you other two, General or \nInspector General?\n    General Finan. I agree with what General Alston stated. And \nwhen I took a look, I took a look just at the Federal \norganization and the Federal assessment model contained within \nNNSA, and there were structural flaws in both the organization \nand the assessment model, which is why I recommended a complete \nchange in the organizational model and a new assessment model \nto reach out beyond Y-12 to all the other organizations because \nit does, in effect, affect all eight NNSA sites.\n    Mr. Friedman. Again, I agree with my colleagues at the \ntable, I would say that one of our, I think more important \nrecommendations which actually sounds very subtle and may sound \nactually unimportant is that the lessons learned from Y-12, and \nit was a tremendous wakeup call because Mr. Cooper described \nthe three intruders, they could have been three people who were \narmed in a different way and had malicious intent, and could \nhave been a real tragedy, so we had a tremendous wakeup call. \nOur point--one of the points we made was that it is important \nthat the lessons learned from Y-12 be exported throughout the \nentire Department of Energy complex, so that we are in a mode \nof preventing this sort of thing from happening again, not just \nsimply reacting, should it occur in another location.\n    Mr. Lamborn. Thank you, thank you, Mr. Chairman.\n    Mr. Rogers. The chair now recognizes Mr. Veasey for 5 \nminutes.\n    You know, the point you just made goes back to what I said \nearlier, and that is, we have learned some real lessons at Y-\n12, but apparently, we have been hearing this call for these \nchanges for a long time. The thing I want to assure the folks \nwho are listening to this is this committee is not going to let \nthis go, the DOE and NNSA are going to fix this problem going \nforward in a meaningful way. And until they do, we are going to \nmake them wish they had. So this is not going away. We are--\ndoes the ranking member have any more comments?\n    We are about to be called for votes, I want to thank our \nwitnesses for their time and their energy and attention, and we \nappreciate you and we will go into recess now for our votes and \nbring our second panel back up after votes. Thank you.\n    [Recess.]\n    Mr. Rogers. I would like to call this hearing of the Armed \nServices Subcommittee on Strategic Forces back to order. And \napologize for the delay, but our votes are over for the day. \nAnd I thank our panelists for hanging around and look forward \nto their comments.\n    I do want to thank you for your time and energy in \npreparing for this hearing. I know it takes a lot of time and \neffort, but you know it is important to us that you have done \nit. So thank you for that.\n    What I would like to do, your full statements have been \nsubmitted for the record. Jim and I both read them, the ranking \nmember and I have both read them, but I would like to ask each \none of you to take about a minute and synopsize the content of \nyour opening statement, and then we will just go directly to \nquestions, for time sake.\n    Oh, I am sorry. Didn\'t introduce the witnesses. I thought I \nhad done that earlier. We first have Secretary Daniel Poneman \nand Honorable Neile Miller. She is the Acting Administrator, \nand Principal Deputy Administrator for the NNSA.\n    Secretary Poneman.\n\n   STATEMENT OF HON. DANIEL B. PONEMAN, DEPUTY SECRETARY OF \n ENERGY, U.S. DEPARTMENT OF ENERGY; AND HON. NEILE L. MILLER, \n   ACTING ADMINISTRATOR AND PRINCIPAL DEPUTY ADMINISTRATOR, \n            NATIONAL NUCLEAR SECURITY ADMINISTRATION\n\n              STATEMENT OF HON. DANIEL B. PONEMAN\n\n    Secretary Poneman. Thank you, Mr. Chairman, Ranking Member \nCooper, and members of the subcommittee. We are grateful for \nthe invitation to appear before you today to provide the \nsubcommittee details on the actions the Department has taken or \nwill take to strengthen the security of the nuclear weapons \ncomplex in the wake of the July 2012 Y-12 incident. We \nappreciate the interest and engagement of this committee and \nrecognize the important oversight role that you fulfill.\n    The Secretary and I recognize the severity of the problem \nthat led to this point and we have acted swiftly to identify \nand address the issues it revealed. Since the Y-12 incident, \nseveral major actions have taken place to improve security \nimmediately and for the long term, and I will just mention, in \ndeference to your request, Mr. Chairman, just a few.\n    We restructured the contracts at Y-12 to integrate security \ninto the line of command of the M&O [management and operations] \ncontractor. The protective force contractor was terminated and \na new M&O contractor has been selected to manage the Y-12 site, \nproviding an opportunity for new leadership and to improve Y-12 \nsecurity culture. We held accountable both the senior Federal \nand contractor management personnel at headquarters and at the \nsite, removing them from their positions. The Department\'s \nChief of Health, Safety, and Security [HSS] conducted an \nindependent security inspection of the Y-12 security \noperations, including rigorous force-on-force performance \ntesting, as well as no-notice and short-notice limited scope \nperformance testing activities as directed by the Secretary, \nand they will be conducting a follow-up review in April.\n    The Secretary also directed HSS to conduct immediate extent \nof condition assessments of all Category 1 sites across the DOE \ncomplex to identify any immediate security issues and to follow \nup with full security inspections, including force-on-force \nexercises, to assure effective security measures are being \nimplemented at those sites. NNSA conducted an immediate after-\naction report to identify causes, followed by the report, which \nI know you have heard about this morning, from General Finan. \nThe former Deputy Administrator tasked General Finan with \nreviewing the Federal NNSA security organizational structure \nand security oversight model. And you have heard about her \nrecommendations, which we are implementing, so we can talk \nfurther about that during your questions.\n    Finally, we had an independent group--actually they were \nindividuals, all of whom have distinguished, long careers in \nnational security and in nuclear matters. Each one provided \nthoughtful advice on the DOE\'s nuclear security structure, \nspecifically all Category 1 nuclear facilities, and we are now \nreviewing and discussing their advice on how to improve \nsecurity at Y-12 and across the nuclear enterprise.\n    So in conclusion, the series of personnel and management \nchanges that I have described today have been made to provide \neffective security at the Y-12 site and across the DOE complex. \nWe are working to carry out the structural and cultural changes \nrequired to secure all Category 1 nuclear materials at this and \nall of our facilities. Our management principles hold that our \nmission is vital and urgent. Nowhere is that more true than \nhere.\n    The security of our Nation\'s nuclear material and \ntechnology is a core responsibility of the Department in \nsupport of the President and in defense of the Nation. The \nincident at Y-12 was unacceptable and served as an important \nwakeup call for our entire complex. The Department is taking \naggressive actions to ensure the reliability of our nuclear \nsecurity programs across the entire DOE enterprise, and will \ncontinue to do so.\n    In that effort, the Department looks forward to working \nwith this subcommittee, sir, to ensure the security of the \nNation\'s nuclear materials. And, Acting Administrator Miller \nand I would be very pleased to answer any questions from you \nand members of the committee.\n    [The prepared statement of Secretary Poneman can be found \nin the Appendix on page 101.]\n    Mr. Rogers. Thank you.\n    Ms. Miller, did you have an opening statement?\n    Ms. Miller. No, sir. Mr. Poneman is giving the statement.\n    Mr. Rogers. Great. Well, thank you. And, I will start off \nwith the questionings for Secretary Poneman.\n    As Deputy Secretary for the Department of Energy, you \ntalked about this being unacceptable, and you just made some \nreference to some corrective actions, and you talked about how \nyou have now completed an integration in the line of chain of \ncommand with a new contractor. What is different in this line \nof chain of command?\n    Secretary Poneman. Okay. At the time of the incident, Mr. \nChairman, there were two separate contracts at the site. One \nwas the overall management operations contract for the site.\n    Mr. Rogers. Okay. You are talking about the line of chain \namong the contractors, not within the Department. Have you \naltered that in any way? That once the contractor notifies the \nDepartment of anything, good or bad, has the chain from that \ncontact person up the stream been modified at all?\n    Secretary Poneman. Yes. But the way the contract is \nstructured affects it. But I will go right to the part you \nasked. One of the things that General Finan found in her report \nwas that there was lack of clarity, that the organization known \nas NA-70 for nuclear security was exercising some authority in \nline management over security activities at the site, as was \nactivities under our infrastructure and operations, the so-\ncalled double zero. That was confusing. We have ended that. We \nhave made it very clear that the line management must go down \nfrom the Administrator through the Infrastructure and \nOperations Office. And that has removed the security \norganization, NA-70, from that.\n    NA-70\'s role has been clarified so that their role is to \ndevelop the plans, it is a staffing function, and then to \nevaluate the performance. That had the additional change in the \nfield, Mr. Chairman, that the evaluation of performance under \nthe contract was no longer done by the field Feds, which was \ncreating, in General Finan\'s review, too close of a situation \nbetween the people on the site, between the contractor and the \nFed.\n    And so I think we have really clarified it, but the other \nfact that actually bears on this as well is there was also \nconfusion that was created by having these two separate \ncontracts at the site, and we have immediately folded the \nProforce [protective force] security boots-on-the-ground \ncontract under the M&O contract, just to clarify.\n    Mr. Rogers. Okay. Under this new structure, if we were to \nhave another incident, who would be the ultimate person \nresponsible for security at that Y-12 site?\n    Secretary Poneman. The line management is always \nresponsible, going straight down from the Secretary down \nthrough the NNSA Administrator.\n    Mr. Rogers. Walk me through it. Secretary----\n    Secretary Poneman. Deputy Secretary, NNSA Administrator, \nthe director of the Federal site for the NNSA, and then it goes \nstraight from that person to the senior contract official.\n    Mr. Rogers. And that was not the case when this incident \noccurred?\n    Secretary Poneman. There was confusion because there were \ndirectives that were coming out of the NA-70 organization that \ncould have been confusing in terms of where the accountability \nwas from the perspective of the people at the site.\n    Mr. Rogers. Aside from the contract with the contractor \nbeing terminated, which it was about to expire anyway, you \nmentioned that responsible people were reassigned. You put \nremoved from their responsibilities, but they weren\'t fired. \nWhy weren\'t they fired?\n    Secretary Poneman. Sir, the first thing we had to do in the \nincident was we, as you have said many times, hold the people \naccountable. So we did that both at the site and at the \nheadquarters. The top three officials at the headquarters \nresponsible for nuclear security were removed from those \npositions. The top two relevant officials on the Federal side \nat the site were removed from their positions.\n    Mr. Rogers. Why weren\'t they fired, though? Why were they \njust removed? This is a nuclear facility.\n    Secretary Poneman. That is true, sir. There are additional \ndisciplinary actions that have been underway. We have due \nprocess and various procedural safeguards that occur in our \nsystem, and those are now being pursued. But the important \nthing in terms of protecting the nuclear material was to get \nthose people out of that line. Most of them are out of the NNSA \nentirely. And in addition, we ensured that people at the \ncontractor level knew they had lost our confidence. And the top \ntwo officials responsible at Y-12 on the contractor side were \nalso removed.\n    Mr. Rogers. Well, you know, you heard me earlier talk about \nSecretary Gates. He fired the Secretary of the Air Force and \nthe Chief of Staff of the Air Force when he had a similar \nincident. I think that is the model. Do you disagree that \nshould be the model in how we respond to serious security \nviolations at important facilities like this?\n    Secretary Poneman. I certainly agree, Mr. Chairman, that \naccountability is absolutely crucial. I am not deeply intimate \nwith the details of the 2007 Air Force incident. I have the \nhighest regard for Secretary Gates. But I think the principles \nthat he described in terms of accountability are very much ones \nthat we share.\n    Mr. Rogers. Well, I would hope so, and I would hope you \nstart reflecting those going forward, because that is the kind \nof action that sends a clear message that these lapses in \nsecurity will not be tolerated, because the other factor here \nis this has been going on for 10 years. We have had study after \nstudy after study. So, frankly, the folks at the top of the \nfood chain really should have known about this before it \nhappened and shouldn\'t have been allowing it to happen.\n    But with that, I will turn to my ranking member, Mr. \nCooper, for any questions he may have.\n    Mr. Cooper. Thank you, Mr. Chairman. I welcome the \nwitnesses. I am sorry we have to be here, because this incident \nnever should have happened.\n    You say that you are for accountability, but wasn\'t the \nmain contractor there, Babcock & Wilcox, still able to receive \n60 percent of its award fee, or $36 million, right after the \nincident happened?\n    Secretary Poneman. Mr. Chairman, the way that----\n    Mr. Cooper. I am not the chairman. I am the ranking member.\n    Secretary Poneman. Oh. Sorry. Mr. Ranking Member. The award \nfee under the terms of the contract--and I think it is a very \nfair question to pursue how we structure these in terms of \ncompensation, I think that is an absolutely fair point--the \nonly amount of fee that was available for security was zeroed \nout. So that was removed from the contract.\n    The way they got to the 40 percent reduction of fee was by \ntaking all of that and then going beyond that. There are other \nthings happening at the site in terms of naval reactor fuel, in \nterms of directed stockpile work, and so forth. And the way \nthat the contract is structured, the fee is bucketed. And we \ntook the fee that was available to take away, away, and that \nwas a series that we have actually followed up in subsequent \nincidents also seeking to claw back fee, because we agree the \nAmerican people should not be paying for underperformance when \nit comes to security.\n    Mr. Cooper. And how much of the fee do you expect to claw \nback?\n    Secretary Poneman. Well, the numbers that you have cited \nthere, there is 40 percent in the episode at Y-12 for the \ncontract.\n    Mr. Cooper. But I thought you said there were further \nefforts going on.\n    Secretary Poneman. There was a $10 million fee that was \nclawed back for another episode elsewhere in the complex.\n    Mr. Cooper. But immediately prior to the incident, your \nagency in its wisdom had given Babcock & Wilcox an excellent \nrating for its safeguards and security work, and they received \ntheir full $51 million incentive fee in fiscal year 2011, even \nthough, as has been testified to, the cameras weren\'t working \non a wholesale basis, took months and months to ever do \nrepairs. Why do they get their entire incentive fee right prior \nto the incident?\n    Secretary Poneman. Congressman, this flags exactly one of \nthe deficiencies in the structure that preceded this incident, \nbecause there was, as again General Finan\'s report I think \nmakes very clear, a tendency to not have the boots-on-the-\nground analysis and review, but to have the evaluation based on \nwhat the contractor said, and then have an on-paper review. \nThat is why separating that role out from the site and putting \nit into the nuclear security organization at headquarters would \nhopefully correct that.\n    We did not see the things in advance the way we should \nhave. Obviously, had we seen those things in advance, we would \nhave replaced all 62 cameras ahead of time. I am hoping, and I \nbelieve that both the organizational and the cultural changes \nthat we are going to institute pursuant to the Finan report \nwill prevent this kind of thing from happening in the future.\n    Mr. Cooper. With all due respect, it doesn\'t sound to me \nlike you are taking responsibility, because aren\'t you the \nDeputy Secretary and haven\'t you been the Deputy Secretary for \nsome time?\n    Secretary Poneman. Yes, sir. And from the moment I heard \nabout this incident, I have been doing everything I can in \nevery dimension to make sure that nothing like this ever \nhappens again. I do feel deeply responsible.\n    Mr. Cooper. You have been doing everything you can, and the \nquestions to my colleague, Ms. Sanchez, were submitted 5 months \nafter the hearing testimony? The copy we got, you needlessly \nduplicated one question twice. Doesn\'t look like much effort \nwas put into this. And I know this is just an exchange of \npaper, but----\n    Secretary Poneman. Congressman----\n    Mr. Cooper. Do you feel like you are taking responsibility?\n    Secretary Poneman. Yes, sir, I do. I take responsibility \nfor everything that happens in the Department and I am----\n    Mr. Cooper. Has your pay been reduced? Are you threatened \nin any way? What sanctions have you faced?\n    Secretary Poneman. Congressman, I am doing everything I can \nto address the problem, and I will do that as long as I am in \nthis position. And I will be very open to working with this \ncommittee and all others to make sure that nothing like this \ncan ever happen again.\n    Mr. Cooper. But meanwhile, as the inspector general told us \nin his testimony, your Department is spending about a billion \ndollars a year securing various facilities, hiring 4,000 guard \npersonnel through various devices, and in some places it is one \nprime contract, in some cases it is split two primes, and in \nsome places it is a subcontract. There seems to be no rhyme or \nreason to this. But if you divide, you know, the salary \ncomponent of that, $700 million by the 4,000 employees, that\'s \n$175,000 per guard. Where is this money going and what results \nare we getting for this? That is a lot of money, and my guess \nis the guards aren\'t actually being paid nearly that much. Who \nis making the difference?\n    Secretary Poneman. Congressman, there are a number--I don\'t \nhave the exact calculation you have before you--there are a \nnumber of both physical assets in terms of huge facilities with \nthick walls, BearCats and various perimeter fences and various \nsecurity systems, all of which requires an investment.\n    But to be clear, the money itself is not going to solve the \nproblem if we don\'t have the clarity in the lines of \nresponsibility and in the authorities that go with it and, \nfrankly, the cultural shift that is required to go with it. It \nis not a problem that will be solved by dollars. And the \ndollars that are invested in it are very important, because we \nneed to get the assets, both the human assets and the physical \nassets, but that\'s only part of the problem.\n    Mr. Cooper. Trust me, I am not suggesting spending more \nmoney. I am asking what value the taxpayer got for this \nextraordinary outlay over many years. And this is, according to \nyour own IG, money spent on employee compensation.\n    Secretary Poneman. Congressman, we have large, large \nquantities of both highly enriched uranium and separated \nplutonium, all of which is extraordinarily sensitive. That \nmaterial is very, very well defended. It is of absolute \nparamount importance.\n    Mr. Cooper. It\'s well defended when an 82-year-old nun got \ninto Y-12? How can you possibly say that?\n    Secretary Poneman. Congressman, the episode that occurred, \nas we have repeatedly testified in this and the prior hearing, \nis absolutely unacceptable. It is a wakeup call. There are \nseveral----\n    Mr. Cooper. Then how can you say it was well defended? It \nwas not well defended. That is why we are having this hearing.\n    Secretary Poneman. Congressman, what I am trying to say is \nthat there are a number of additional layers of security. It is \nunacceptable that they penetrated the perimeter fence. That is \nunacceptable, a wakeup call. We are taking the appropriate \nactions. The concertina wire is around it. There are other \nadditional layers, including, you know, military-style forces, \nincluding various physical impediments. And I can assure you \nthat there are many more layers that are defending that very, \nvery sensitive material.\n    Mr. Cooper. So we really had nothing to worry about. There \nwere many more layers of security left and it was all fine.\n    Secretary Poneman. Congressman, that is not at all what I \nam saying. You have heard us from day one, Secretary Chu and I \nhave been consistent, this was unacceptable. And, it is a \nshocking breach of the security that we thought was in place.\n    That having been said, your specific question went to the \nactual material itself, and I am only saying, not that there is \nany reason for complacency, far from it, quite the opposite, \nbut to say that we do have additional measures of protection \nthat is needed for that material. It is unacceptable what \nhappened, and we have to make sure that that part gets fixed as \nwell.\n    Mr. Cooper. Mr. Chairman, in all due respect to the \nwitness, it still does not sound like he is really taking \nresponsibility for this.\n    Secretary Poneman. I want to be very clear, Congressman. I \naccept responsibility for this.\n    Mr. Cooper. Well, what punishment have you suffered for it?\n    Secretary Poneman. I am working----\n    Mr. Cooper. Other than attending this hearing?\n    Secretary Poneman. I am working on this problem, sir, as \nhard as I can.\n    Mr. Cooper. Thank you, Mr. Chairman.\n    Mr. Rogers. I thank the gentleman. The chair now recognizes \nthe former chairman of this subcommittee, Mr. Turner of Ohio, \nfor 5 minutes.\n    Mr. Turner. Thank you, Mr. Chairman.\n    Secretary Poneman, I want to thank you for your efforts to \ntry to address this. I happen to know that you are a very \nhands-on Secretary, you and I having worked together on an \nissue with respect to the Mound facility. I was very impressed \nby the fact that you do rise to a very hands-on level. So \nthat\'s why I think this whole problem leaves most of us \nscratching our head, wondering: where are we and why do we have \nthis circumstance?\n    So I am going to ask you a couple questions that I think \nframe the topic in the level of oversight where we have \nconcerns. So I am going to ask you a broad, basic question. Is \nthere ever a situation where a security failure at one of the \nfacilities protecting our nuclear infrastructure would result \nin the termination of an employee of DOE or NNSA due to their \nperformance?\n    Secretary Poneman. It could, sir. What we can do----\n    Mr. Turner. I am sorry. So the answer then is yes?\n    Secretary Poneman. The----\n    Mr. Turner. Because it\'s a pretty direct question. I am not \nasking you is it in the realm of possibilities. I am asking \nyou, is there ever a situation where a security failure at one \nof our--the protection of one of our nuclear facilities would \nresult in the termination of an employee of DOE or NNSA due to \nperformance? It\'s a yes-or-no question.\n    Secretary Poneman. Congressman, if--it depends----\n    Mr. Turner. There is no ``depend.\'\' It is like a----\n    Secretary Poneman. No.\n    Mr. Turner. Because it already says ``ever\'\', so ``ever\'\' \nencompasses the whole scope----\n    Secretary Poneman. Yes.\n    Mr. Turner [continuing]. Of possibilities. Is there ever a \nsituation?\n    Secretary Poneman. It could, yes.\n    Mr. Turner. Yes. Okay.\n    Now, in taking that broad statement where you have \nacknowledged that there is a situation where a failure could \nresult in termination due to performance, I am then going to \nask you the next step of that, because I am not just asking \nyour opinion, because you are actually--you know, you are in \nthe chain of--line of command here of understanding the \nexecution of this.\n    So would one of those situations be where all of the \nsafeguards were down, where someone could get all the way into \none of our buildings, and nobody does? What I am asking you in \nthis, and I am going to be clear, we had a breach where people \nactually got all the way into this building. Right? All the way \nto the building.\n    Secretary Poneman. To the building, sir.\n    Mr. Turner. That is what I am saying, to the building. Is \nthere ever a situation where someone would lose their job for \nperformance where no one penetrated, there was no breach, but \nthe safeguards were down that would have permitted it? Because \nthat is certainly what I would consider to the level of a \nfailure of performance.\n    Secretary Poneman. Congressman, what I can\'t do is answer a \nhypothetical. It depends on----\n    Mr. Turner. It is not hypothetical. It really is very, very \nclear. You have a job that has no margin of an error: protect \nthese facilities. Right? And we only can protect these \nsituations through the application of technology operated by \npeople. And the people were, you know, we\'re subject to their \nperformance as to whether or not it works.\n    So if someone isn\'t performing and the system is down, even \nif there is no breach, but it is their responsibility and their \nfault that the system is down and someone could get all the \nway----\n    Secretary Poneman. Right.\n    Mr. Turner [continuing]. When I say ``into,\'\' I mean touch \nthe building, not inside the building, is that enough for \nsomeone to be terminated due to performance?\n    Secretary Poneman. Sir----\n    Mr. Turner. Because I think, this committee thinks that if \nwe have an agency that is governmental that has the \nresponsibility for protecting these facilities and we have a \nsystem where those in charge think that you don\'t even have to \ndo your job to keep your job, then we don\'t have something that \nis working. So it is a simple question. If the system goes down \nwhere someone could go in and touch the side of the building \nand no one does, it is not a real breach but the system has \ncome down due to their performance, is that the type of lack of \nperformance that should result in termination?\n    Secretary Poneman. I can tell you that can and has resulted \nin removal from position.\n    Mr. Turner. So the answer is yes?\n    Secretary Poneman. I said removal from position. That is \nwhat we did.\n    Mr. Turner. Well, that is not termination.\n    Secretary Poneman. And that gets into a level of law and \ndue process----\n    Mr. Turner. So you are testifying before this committee \ntoday that if the entire security system of our nuclear \ninfrastructure facilities went down on the perimeter of a \nbuilding that allowed someone to go in and it was a result of \ntheir performance, it is not a terminable offense----\n    Secretary Poneman. I did not say that----\n    Mr. Turner [continuing]. Under your agency?\n    Secretary Poneman. I did not say that, sir. I said we can \nremove them----\n    Mr. Turner. Then please tell me the opposite----\n    Secretary Poneman. I am telling you----\n    Mr. Turner [continuing]. Because that has to be true. It \nhas to be that it would result in someone losing their job. If \nnot, we need to pass a law here. We need to, like, stop doing \noversight and actually do legislation, because if you don\'t \nhave performance to be able to protect the facility, then we \ndon\'t really have protection, we don\'t have security. Is it a \nterminable offense--terminate-able offense?\n    Secretary Poneman. You and I are both lawyers. You are \nasking a technical legal question. I want to make sure I am \nabsolutely accurate----\n    Mr. Turner. If you don\'t have clarity on this, then I think \nthat this committee needs to put something in our next piece of \nlegislation that absolutely makes it clear that if, due to the \nperformance of individuals, that the security system fails, \nthat it would be an offense resulting in termination, because \nthat clarity, I think, certainly is with the American public.\n    Secretary Poneman. Congressman, as I told Chairman Rogers \nand as I told you when you were chairman of this committee, we \nare always ready to work with you and with this committee to \nmake sure we have the right kind of laws in place. I am not \ntrying to be evasive. We moved the people out of the positions. \nThere are due process protections. And if we can come back to \nit in more detail, there may be a very simple yes/no answer, \nbut I am not acting as a lawyer today, and I don\'t want to give \nyou an inaccurate----\n    Mr. Turner. I wasn\'t asking you a lawyer question, I was \nasking you a scope of responsibility and authority question. I \nmean----\n    Secretary Poneman. And in that, I am very confident----\n    Mr. Turner. It shouldn\'t require lawyers to understand \nwhether or not, if there is a failure of performance to that \nlevel, that that would be an offense for which there would be \ntermination.\n    Mr. Chairman, I yield back.\n    Mr. Rogers. I thank the gentleman.\n    I am going to clarify with the Secretary. Is the due \nprocess you are talking about, is that the union contract?\n    Secretary Poneman. No. I am talking about the procedural \ndue process that any Federal employee is entitled to when he is \nfacing some----\n    Mr. Rogers. Well, they can have that due process in \nresponse to their termination, can\'t they? I mean, you \nterminate them, and then they have got the due process to \nappeal it----\n    Secretary Poneman. We have to----\n    Mr. Rogers [continuing]. And try to fight that termination. \nBut it just seems to me like you are claiming that they have \ngot a right to go through all this before you can terminate \nthem.\n    Secretary Poneman. Well, what we can do and what we did do, \nMr. Chairman, was remove these people from the responsibility \nfor anything having to do with security immediately, pending \nfinding out what further disciplinary action was available, and \nthat disciplinary action is subject to due process.\n    Mr. Rogers. Well, I am a recovering attorney, too. I think \nthat due process would not impede firing people who would let \nan 82-year-old woman get into a nuclear facility.\n    But having said that, the chairman recognizes the gentleman \nfrom South Carolina, Mr. Wilson.\n    Mr. Wilson. Thank you, Mr. Chairman. And I share the \nchagrin of the former chairman and the current chairman. It \nseems to me that with the breaches that occurred, that there \nshould have been terminations. Just shifting persons around \ndoesn\'t really achieve the level of accountability of something \nas extraordinarily important. And I have the perception of \nhaving actually worked at the Savannah River Site, and so by \nworking there, I actually had a good feeling about the \nperimeter security, the persons who were monitoring and indeed \nacting, and I felt secure. And I know that the people who \nworked there, lived there, raised their families there, retire \nthere feel secure.\n    But I am concerned that I have also seen studies that there \nis a culture with DOE, with NNSA that has not stressed \nsecurity. And so how can we reassure people who live in these \ncommunities that indeed a culture of lack of appreciation of \nsecurity is being addressed?\n    Secretary Poneman. It is a great question, Congressman. You \ncan reassure them by saying that the top three security \nofficials at the headquarters responsible for Y-12 at that time \nwere removed from their positions, that the two top Federal \nofficials at the site were removed from their positions, that \nthe contractor that actually had the boots-on-the ground \nprofessional force was terminated full out, that the top two \nofficials at the management and operations facility, they were \nalso retired and taken out of the picture. Everybody in that \nchain of command, from the individual responders and to the \nsenior officials responsible for security specifically at that \nsite, were removed.\n    At the same time, that would not be enough. We have \nundertaken the organizational and structural changes, we have \nreplaced all the cameras, we have put concertina wire around \nthe whole facility, all the Perimeter Intrusion Detection and \nAssessment System (PIDAS) improvements, the central alarm \nstation has been upgraded. All of the things we should have \nknown about but found out about through this unfortunate and \nterrible incident, we have taken those steps. So I do think \nthat the American people can take assurance from that.\n    Mr. Wilson. Administrator Miller.\n    Ms. Miller. I just support what the Deputy Secretary has \nsaid. First and foremost, culture is going to be affected by \nthe leadership and management and their attitudes toward \nsecurity, safety, and everything else that we do. And we are \nlooking very hard and have been making serious changes within \nthe NNSA to directly address leadership and management issues \nas they affect security, safety, and everything else we do.\n    Mr. Wilson. And I am equally concerned that there seems to \nbe a lot of reliance on self-assessment by contractors, that \nthe overseers are depending on the contractors. Is that being \nchanged?\n    Secretary Poneman. That is being addressed, sir. And I \nthink that did contribute to the problems that we faced before. \nGeneral Finan\'s recommendation is, we believe, a sound one, \nwhich is to start with the basis of the contractor\'s \nassessment, but then instead of having that assessed in the \nfield where there is a possibility of the Feds being too close \nto the contractors, that function is being clearly vested in \nthe headquarters organization, the NA-70 organization, and then \nthat is going to be further subject to further overview by the \nHealth, Safety, and Security Office.\n    Mr. Wilson. And, Ms. Miller.\n    Ms. Miller. Yeah. I would like to also emphasize, we have \nthe sites now reporting directly to the Administrator, and in \nthis way, we expect security, as well as other things, but \nsecurity to be a clear line of accountability from the \nAdministrator through to the site manager, the sites, as the \nimplementers of the policy that the security policy \norganization, that the Deputy Secretary was just referring to, \nthose policies and orders that they issue are then--which is \ntheir responsibility, and it is also their responsibility to \nassess the performance of the sites in implementing those \norders--is just as clear that the line of accountability for \nimplementing it at the site goes directly from the site to the \nAdministrator.\n    Mr. Wilson. And related to that is, there was the \nrecommendation that headquarters staff visit sites and rotate \nbetween the sites. And is that being done?\n    Ms. Miller. Headquarters staff is now both in the \nimplementing side, as well as in the policy and assessment \nside, regularly scheduled and going to sites. And as well as \nthe rotations are, we have put this in throughout the NNSA. We \nare very conscious of the fact that people staying in one place \nfor too long may lead to people becoming complacent.\n    Mr. Wilson. And thank you both. And I do know that when the \nheadquarters staff visits, it creates an extraordinary level of \nattention. Thank you.\n    Mr. Rogers. Thank the gentleman.\n    The chair now recognizes my friend and colleague from \nArizona, Mr. Franks, for 5 minutes.\n    Mr. Franks. Well, thank you, Mr. Chairman.\n    Secretary Poneman, I want to try to get three questions in \nhere, if I can quickly. First, I have had the opportunity to \nsee hearings on this before, some in a private setting, and so \nI have probably already expressed the commensurate level of \nbewilderment. And, you know, I don\'t seek to patronize anyone \nto remind us all that the materials that are kept in these \nfacilities are, you know, are highly technically challenging to \ncreate, and yet to weaponize them is a much lesser difficulty \ntechnologically to do. So, I mean, the implications here are \npretty profound, and I think everyone knows that.\n    I guess quickly one question I wanted to ask. It seems like \nthe contractors that had reported these lapses in safety \nprecautions were treated very differently than those they \nreported to, who in some cases ignored their warnings. Is that \nyour perspective?\n    Secretary Poneman. I am not sure, Congressman, I am \ntracking which contractors you are referring----\n    Mr. Franks. Well, the contractors, on-the-ground \ncontractors that were there that were watching the cameras. I \nam told that there was a significant reporting on their behalf \nprior to these incidents, saying, you know, that we had some \ntechnical challenges and that we really weren\'t up to----\n    Secretary Poneman. Yes, sir. Some of those deficiencies had \nbeen earlier noted in earlier reports. That is true.\n    Mr. Franks. And yet they were, you know, handled pretty \nroughly, it sounds like, and the folks that they reported to \nweren\'t. And I will leave that there, sir, because I want to \nget to another.\n    The previous panel emphasized sort of the line of \nresponsibility. And I think that that is something that is \nalmost ubiquitous throughout the entire human dynamic. You \nknow, somebody has got to have responsibility. Everybody\'s \nresponsibility is nobody\'s responsibility. But it appears to me \nthat DOE and the NNSA have not really addressed that \neffectively within NNSA, because DOE continues to have an \noversight office under HSS, and NNSA now has a split security \nbetween an office responsible for policy and oversight and \nanother office that is responsible for program execution.\n    And I am just wondering, how do all these DOE offices \nensure that there is accountability for making sure that the \nsecurity program is properly executed at these DOE sites?\n    Secretary Poneman. Okay. So I now understand the first \npart, and I will just say very quickly, both contractors \ninvolved had their leadership removed. So they both paid the \nappropriate accountability price, just on that first part of \nyour question. And I know you wanted to get to the second one.\n    On the second one, it is a very good question, and as you \njust heard the Acting Administrator say, we believed that part \nof the problem here, as General Finan pointed out, was that \nthere was this confusion. The clarity of the line management \ndown through this infrastructure and operations, that\'s the \nline management. They are responsible for execution. They had \nto take away the interference with that line management was \ncoming out of the NA-70 nuclear security organization. So they \njust make the plans and evaluate it, but that is all inside \nNNSA. And so to have a further check, because these materials \nare so sensitive and do need to be secure, is to have a check \non the check by having HSS perform an outside independent \noversight role outside of the National Nuclear Security \nAdministration.\n    Mr. Franks. But just a yes or no quickly. Is it your \ntestimony before this committee that the line of \nresponsibility, that any ambiguities there have been dealt \nwith?\n    Secretary Poneman. We are in the process of implementing \nGeneral Finan\'s recommendations. I would like to come back to \nthis committee when I can tell you that we feel like----\n    Mr. Franks. To me, Mr. Chairman, that seems seminal to this \nwhole discussion.\n    Secretary Poneman. We agree.\n    Mr. Franks. Let me shift gears quickly, and I will ask both \nof you, because I will run out of time here and you both can \nanswer the question still. When you think about these potential \nbreaches of security in the future, you know, there are all \nkinds of issues out there, and I am just wondering one specific \nquestion, and I would welcome you to mention any others that \nare on your mind. But, you know, there is a significant \nincrease in technology across the world with intentional \nelectromagnetic interference, or these EMP [electromagnetic \npulse] device capability, which seems to me that it could \nreally put these facilities at risk, and even further, you \nknow, the potential of a major EMP event, either geomagnetic \ndisturbance or a high-altitude nuclear burst.\n    Can you tell me, are we protecting our critical defense \napparatus like the Y-12 facility against these three prongs of \nEMP: the E1, E2, and E3?\n    Secretary Poneman. Congressman Franks, I am well aware of \nyour thought leadership on this challenge. I have talked to \nformer Secretary Jim Schlesinger and Mr. Ikle, may he rest in \npeace, and what I am here to tell you is that we are very \nfocused on addressing all of those kinds of threats, which \ndon\'t, as you well know, affect only Y-12, but frankly \neverything, far, far beyond that. We would love to work more \nclosely with you on this subject. The executive orders and the \nPresidential Directive 21 that the President just issued \naddressed exactly this kind of problem. It is something that is \na huge problem. It is going to take a lot of work to get into a \nsafe place, but we are very focused on it, sir.\n    Mr. Franks. All right. Thank you, Mr. Chairman.\n    Mr. Rogers. I thank the gentleman.\n    Before I go to Mr. Garamendi, I want to clarify. You stated \na minute ago that you are in the process of implementing \nGeneral Finan\'s findings. That is just at NNSA, that is not at \nDOE. What are you doing at DOE to deal with the problem that \nMr. Franks just addressed?\n    Secretary Poneman. The problem that Mr. Franks just \naddressed actually goes well beyond NNSA and will require \nvarious parts of our organization, including our Chief \nInformation Officer, which has technical capacity to deal with \nthe EMP issues.\n    Mr. Rogers. No, no. I am talking about his earlier issue \ndealing with the chain of command on reports by the \ncontractor----\n    Secretary Poneman. Okay.\n    Mr. Rogers [continuing]. Of deficiencies that are not being \nremedied.\n    Secretary Poneman. Mr. Chairman, those issues are among \nthose that have been addressed by what we call the three wise \nmen, of whom you had one here testifying this morning. We are \nhaving internal discussions precisely on this question of how \nto make sure that the larger DOE organization works effectively \nin ensuring the same kind of oversight that we are talking \nabout inside of NNSA, because as you know, Mr. Chairman, there \nis some Category 1 material that is outside of the NNSA and we \nhave to make sure it is all well protected.\n    One thing that has been done is there was some confusion as \nbetween overall directives that are departmental-wide and those \ndirectives that are specific to NNSA. General Finan\'s \nrecommendation, which we are following, says we need to be \nclear that the DOE directives are those that are binding is the \nbaseline. Anything beyond that, because of the special needs \nand requirements of NNSA, should be done as only a way to \naugment or strengthen and should not be any way to confuse or \ndistract from the overall directive that governs the whole \nDepartment.\n    Mr. Rogers. The gentleman, Mr. Garamendi, is recognized for \n5 minutes.\n    Mr. Garamendi. Thank you, Mr. Chairman.\n    I appreciate the testimony both of you have given, and I \nwas reading your testimony also. While you have explained \nverbally and in some writing the organizational structure, it \nis not clear to me exactly how that chain of command and \norganizational structure is actually in place; therefore, I \nwould appreciate it if you could deliver to our committee staff \na detailed organizational chart----\n    Secretary Poneman. Absolutely.\n    Mr. Garamendi [continuing]. With the accompanying job \ndescriptions.\n    Secretary Poneman. Happy do it, sir.\n    Mr. Garamendi. I think that would be helpful, at least for \nme, to understand the words that you have said and how it works \nout. From the previous questions asked, it is not just within \nthe NNSA, it is also within the Department and the \norganizational structure therein. So if you would do that, I \nwould appreciate it.\n    Secretary Poneman. We would be very happy to provide this.\n    [The information referred to can be found in the Appendix \non page 117.]\n    Mr. Garamendi. That would at least allow me the opportunity \nto understand more completely your testimony. And I thank you.\n    I yield back, Mr. Chairman.\n    Mr. Rogers. I thank the gentleman.\n    I want to follow up. We heard in the earlier panel of all \nthe studies over the years. Why do you think it is that these \nlongstanding, well-documented deficiencies in security at this \nparticular facility were allowed to go on so long?\n    Secretary Poneman. Well, the things that we have found \nsince the episode, Mr. Chairman, were that, even though some of \nthese things were noticed, that our internal reporting chain \nwas broken, was the phrase that I think was used in some of the \nreviews. And so you can rest assured that if we had known what \nwas actually the situation on the ground----\n    Mr. Rogers. So you weren\'t aware of any of those studies \nfrom 2002, 2005----\n    Secretary Poneman. Well, I thought you were asking \nspecifically about the----\n    Mr. Rogers. No. I am talking about the 10 years, the 4 \nstudies over 10 years, with General Finan\'s been the most \nrecent. The three prior to that, were you aware of those \nstudies and their findings?\n    Secretary Poneman. After the----\n    Mr. Rogers. Admiral Mies, yeah.\n    Secretary Poneman. After the Y-12 episode, I became aware. \nI actually----\n    Mr. Rogers. So before that, you weren\'t aware of them?\n    Secretary Poneman. Well, the one study I was aware of, and \nI don\'t know if this is one of the ones that you are referring \nto, I helped former Senator Baker and Mr. Hamilton look at the \nepisode of the lost hard drive at Los Alamos, and I was aware \nof that one. And the thing that we found there was, in fact, \nthe same kind of problem of division of the security mission \nfrom the line organization was a source of challenge. What I \ndid not realize was that that particular problem was still \npersisting to the degree that it obviously was.\n    Mr. Rogers. Why? Why were you not aware?\n    Secretary Poneman. I was not aware that the cultural and \nsort of the situation at Y-12, which we found out post hoc, was \noccurring at the time, because it had not come to my attention. \nI can assure you if it had, I would have acted.\n    Mr. Rogers. Who do you think should have reported that to \nyou? These were general officers who were doing these studies, \nvery high ranking, important, thoughtful people who were making \nthese reports. Were they just to be put on the shelf or were \nthey to be given to policymakers who could implement changes?\n    Secretary Poneman. I would have to know, sir, which studies \nyou are referring to and if they were done during----\n    Mr. Rogers. Admiral Mies in 2005, for example.\n    Secretary Poneman. Yeah. Sir----\n    Mr. Rogers. Who should have told you about that?\n    Secretary Poneman. I don\'t know who would have told me \nabout a 2005 report.\n    Mr. Rogers. Should Ms. Miller have told you about it?\n    Secretary Poneman. Sir, it was a 2005 report, and I just \ndon\'t know what happens in terms of the shelf life of these \nreports and when they get repeatedly briefed. We are responding \nto the responsibilities we have got. Anything that we have done \nto look at the problem, we obviously have to be fully \naccountable for. It is always, always a good thing to go back \nand see what has been done through time. That is why when this \nepisode happened, we did look at those reports and we found a \nnumber of things that need to be addressed.\n    Mr. Rogers. Let me ask this. Ms. Miller, who do you report \nto on security matters? Who is your immediate superior?\n    Ms. Miller. My immediate superior is the Deputy Secretary.\n    Mr. Rogers. Okay. Were you aware of Admiral Mies\' study?\n    Ms. Miller. I became aware of Admiral Mies\' study. I joined \nthe NNSA in 2010.\n    Mr. Rogers. 2010.\n    Ms. Miller. Uh-huh.\n    Mr. Rogers. And when you arrived in 2010, how long was it \nbefore you became aware of Admiral Mies\' study?\n    Ms. Miller. I knew of Admiral Mies\' study a little bit \nbefore then. I did not become aware of the contents of it for \nprobably the first year that I was there.\n    Mr. Rogers. And so you knew about it by 2011, midyear.\n    Ms. Miller. Uh-huh.\n    Mr. Rogers. Did you take any action to inform Secretary \nPoneman that you have a cultural problem that has got to be \naddressed?\n    Ms. Miller. I did not take any actions to inform Secretary \nPoneman. I did begin to take actions within the NNSA to address \ncultural problems that, again, affect----\n    Mr. Rogers. What actions specifically? Did you fire \nanybody?\n    Ms. Miller. No. No.\n    Mr. Rogers. Let me ask this.\n    Ms. Miller. There were no firing offenses.\n    Mr. Rogers. The chief of security for DOE has been there \nfor 20 years. Clearly, given these studies that I have referred \nto--and what were they? The Commission on Science and Security \ndid one in 2002, Admiral Mies in 2005. And, yeah, there was a \ncouple others we went through in our earlier panel. But my \npoint is, so your chief of security clearly should have been \nhanded a copy of those studies, wouldn\'t you think, Secretary \nPoneman?\n    Secretary Poneman. Presumably when they came out, that \nwould have happened.\n    Mr. Rogers. That would have been on his watch to know we \nhave got an installation under my domain of responsibility and \nwe now have a study that says there is problems. Would that \nmake sense, that he would get a copy of it?\n    Secretary Poneman. I would presume that all of those \nstudies you referred to were reported to the Department \ncontemporaneously.\n    Mr. Rogers. Yeah. Would you turn your microphone on, \nplease?\n    Secretary Poneman. Sorry. I would assume, sir, that those \nreports when they came out would have been reported to the \nDepartment contemporaneously.\n    Mr. Rogers. Right. And the person, the relevant person \nwould have been the chief of security, wouldn\'t it be?\n    Secretary Poneman. It certainly would have been relevant. \nOf course, the organization was different at that time, and I--\n--\n    Mr. Rogers. Well, it doesn\'t matter. Chief of security is \nover security over all your installations. Isn\'t that correct? \nThe DOE chief of security.\n    Secretary Poneman. What I am saying is I don\'t know who was \nthe chief of security in 2002, 2005, et cetera. I don\'t----\n    Mr. Rogers. I am telling you the same guy has been there \nfor 20 years. The guy who is the chief of security now has been \nthe chief of security at the Department of Energy for 20 years. \nAll of these installations fall under his responsibility. My \nthinking is that if a report comes out and says, we have a \nflawed culture of security problems at Y-12 comes out, that \nshould have been presented to the chief of security. Now, no \nremedies were taken to the equipment and the other deficiencies \nin that system. He wasn\'t fired. Who does the chief of security \nat DOE report to?\n    Secretary Poneman. The chief of security reports to the \nSecretary and to the Deputy Secretary.\n    Mr. Rogers. Okay.\n    Secretary Poneman. But that person, just to be clear, Mr. \nChairman, does not have line authority over the sites. I am \nnot----\n    Mr. Rogers. Why not?\n    Secretary Poneman. Because that`s the nature of the \nproblem. In other words, we need to make sure that the line of \nauthority runs straight down through the----\n    Mr. Rogers. Who is responsible for establishing line \nauthority within the Department of Energy?\n    Secretary Poneman. The Secretary.\n    Mr. Rogers. Was he fired?\n    Secretary Poneman. No, sir.\n    Mr. Rogers. I recognize the gentleman from Tennessee, Mr. \nCooper, for any additional questions he may have.\n    Mr. Cooper. Thank you, Mr. Chairman.\n    I think we are talking about HSS.\n    Secretary Poneman. Yes.\n    Mr. Cooper. The Office of Health, Safety, and Security. I \nthink we are talking about Glenn Podonsky, who has been there \nsome 29 years. I was interested in Mr. Podonsky, as you point, \nbecause of a news article dated February 22, 2013, just a few \ndays ago, in which he said--at least he is quoted in the \narticle as saying--he believes that the nuclear arms complex \noperated better while directly under the Energy Department\'s \ndefense programs prior to the nuclear agency\'s formation in \n2000. And I think by the nuclear agency, he means NNSA. And I \nam not faulting Ms. Miller, because she is acting and new, but \nthis is a pretty amazing charge from somebody that you praise \nand trust. And he might not have line authority, but has been \nthere a long time, knows a lot of stuff, you all rely on his \nviewpoint a lot, and he is wondering whether NNSA should even \nhave jurisdiction here.\n    Secretary Poneman. That obviously----\n    Mr. Cooper. And we have taken a step backwards since 2000.\n    Secretary Poneman. Yeah. Obviously, Congressman, that does \nnot reflect the view of the Department of Energy. We clearly \nbelieve that the structure of having NNSA as the semiautonomous \npart of the Department is the right structure. We are fully on \nboard with that, and there is no question about that. I also \nwas not present, I saw the news reports, obviously, but that is \nnot obviously reflecting the view of the Department.\n    Mr. Cooper. Well, let\'s forget politics for a second and \nthe view of the Department, because right now the Department \ndoesn\'t have a lot of credibility on the security issue. Here \nis a guy who has been a loyal public servant for 29 years who \nis trying to express a viewpoint, and it might be politically \ncorrect, it might not be officially, you know, supported by the \ntop brass, but this is, you know, part of your organization \nthat you respect and trust, this is a respected individual who \nis questioning even the function of NNSA. And, of course, a \ncommission will be established to look into lots of NNSA issues \nanyway. This is a problem.\n    Secretary Poneman. Well, Congressman, we have, all of us, \nthought long and hard exactly about what the best way to do \nsecurity is going forward out of this episode. We will continue \nto do that. We are going to take advantage of the great wisdom \nof the three experts. And we always encourage a continued \nquestioning attitude and not to be complacent about where we \nare. We have no grounds for complacency. So we are going to \nkeep at working as hard as we can to get this problem fixed.\n    Mr. Cooper. Why do you deserve the chance to keep working \nat the problem?\n    Secretary Poneman. I don\'t think, sir, in terms of anything \nI deserve. I am just trying to address a problem, and I feel \nthat that is my responsibility and I am going to keep working \nat that as hard as I can. I don\'t think of it in terms of what \nI deserve or don\'t deserve.\n    Mr. Cooper. But in response to Mr. Turner\'s question \nearlier, it seemed like you had a hard time thinking of \ncircumstances that might even lead to, say, Air Force levels of \ntaking responsibility.\n    Secretary Poneman. I don\'t mean to imply that. I strongly \nbelieve in accountability. We took every step that we could to \nmake sure that the problem could not recur by changing the \nstructure, by changing the culture and taking those steps, and \nby holding the individuals accountable. And, again, sir, we \nwill continue to do everything we can to earn the confidence of \nthis committee and the American people in that measure.\n    Mr. Cooper. Maybe you could answer for the record what the \naverage guard or protective force member makes when you divide \nout, you know, there is $175,000 going to each position under \nDOE leadership, how much take-home pay, how many benefits are \nthese folks actually getting out of this amazing sum of money. \nThey are paid like Federal judges, they are paid like \nCongressmen, yet these poor folks are not getting that sort of \nbenefit.\n    Secretary Poneman. Congressman, I have not seen the math. \nMy hunch is that that number folds in a lot of physical plant \nand so forth. But it is absolutely a fair question to ask, and \nwe will get you--and I assure you it won\'t be 5 months, I don\'t \nknow how that happened--we will get that promptly to you, sir.\n    [The information referred to can be found in the Appendix \non page 117.]\n    Mr. Cooper. Thank you.\n    Mr. Rogers. I thank the gentleman.\n    Mr. Wilson, you don\'t have any more questions?\n    The last thing I wanted to point out was last week the DOE \nchief security officer told a reporter that the nuclear \nenterprise, quote, ``wasn\'t working badly in the 1990s before \nNNSA was formed,\'\' and that we should just abolish NNSA and go \nback to having everything DOE. But then we look back, and in \n1999 a report by President Clinton\'s Foreign Intelligence \nAdvisory Board said that DOE, quote, ``embodied science at its \nbest and security at its worst.\'\' Highlighting a string of \nrecurring security problems that DOE had failed to correct in \nthe 1990s, the Board described DOE as a ``dysfunctional \nbureaucracy that has proven it is incapable of reforming \nitself.\'\'\n    The thing that I hope you take away from this, Mr. \nSecretary, is you have got to be capable of reforming yourself. \nI want you to recognize we are as serious as a heart attack \nabout what has just happened here and staying after it, and we \nexpect it to be remedied. That doesn\'t just mean the NNSA. That \nalso means the Department of Energy. And we want to know \nspecifically that you are willing to terminate people that \naren\'t doing their job. It sounds to me like this chief \nsecurity officer might be one of the folks that ought to be on \nyour list to look at.\n    But we are looking for serious reforms and line \nresponsibilities so that if--and I hope we never do have \nanother incidence like this, but if we do, you can show us or \nwe can see exactly who was responsible and if they were dealt \nwith in a prompt and appropriate manner.\n    Secretary Poneman. Mr. Chairman, first of all, as I said in \nmy opening statement, we not only accept, but we welcome \nworking with you and this committee on these problems in \nexactly that dimension.\n    Number two, we very much agree--obviously there are \ncontinuing concerns we need to address--we completely agree \nthat accountability is a critical part of fixing the problem. \nHowever, we don\'t just have a people problem. We also have a \nstructural problem. We need to fix that. We have a cultural \nproblem. We need to fix that. Not to say we shouldn\'t fix all \nof them. We do. We are as serious as a heart attack as well. I \nam just saying that we need to work on all parts of the \nproblem: accountability, culture, clarity of lines of \nresponsibility, authorities that go with that. And, again, with \nyour help, hopefully we will get to the place where we never do \nexperience this kind of episode again, because it is something \nthat is absolutely, as we have said from day one, unacceptable.\n    Mr. Rogers. Thank you.\n    Several members went back after the last series of votes. \nIf there are any members who have additional questions they \nwould provide in writing, we will keep the record open for 10 \ndays. I would ask you if any members do submit questions to you \nin writing, that you respond to those in writing in a timely \nmanner.\n    Thank you for your time and attention. This hearing is \nadjourned.\n    Secretary Poneman. Thank you.\n    [Whereupon, at 12:46 p.m., the subcommittee was adjourned.]\n?\n\n      \n=======================================================================\n\n\n\n\n                            A P P E N D I X\n\n                           February 28, 2013\n\n=======================================================================\n\n      \n?\n\n      \n=======================================================================\n\n\n              PREPARED STATEMENTS SUBMITTED FOR THE RECORD\n\n                           February 28, 2013\n\n=======================================================================\n\n      \n      \n    [GRAPHIC] [TIFF OMITTED] T9996.001\n    \n    [GRAPHIC] [TIFF OMITTED] T9996.002\n    \n    [GRAPHIC] [TIFF OMITTED] T9996.003\n    \n    [GRAPHIC] [TIFF OMITTED] T9996.004\n    \n    [GRAPHIC] [TIFF OMITTED] T9996.005\n    \n    [GRAPHIC] [TIFF OMITTED] T9996.006\n    \n    [GRAPHIC] [TIFF OMITTED] T9996.007\n    \n    [GRAPHIC] [TIFF OMITTED] T9996.008\n    \n    [GRAPHIC] [TIFF OMITTED] T9996.009\n    \n    [GRAPHIC] [TIFF OMITTED] T9996.010\n    \n    [GRAPHIC] [TIFF OMITTED] T9996.011\n    \n    [GRAPHIC] [TIFF OMITTED] T9996.012\n    \n    [GRAPHIC] [TIFF OMITTED] T9996.013\n    \n    [GRAPHIC] [TIFF OMITTED] T9996.014\n    \n    [GRAPHIC] [TIFF OMITTED] T9996.015\n    \n    [GRAPHIC] [TIFF OMITTED] T9996.016\n    \n    [GRAPHIC] [TIFF OMITTED] T9996.017\n    \n    [GRAPHIC] [TIFF OMITTED] T9996.018\n    \n    [GRAPHIC] [TIFF OMITTED] T9996.019\n    \n    [GRAPHIC] [TIFF OMITTED] T9996.020\n    \n    [GRAPHIC] [TIFF OMITTED] T9996.021\n    \n    [GRAPHIC] [TIFF OMITTED] T9996.022\n    \n    [GRAPHIC] [TIFF OMITTED] T9996.023\n    \n    [GRAPHIC] [TIFF OMITTED] T9996.024\n    \n    [GRAPHIC] [TIFF OMITTED] T9996.025\n    \n    [GRAPHIC] [TIFF OMITTED] T9996.026\n    \n    [GRAPHIC] [TIFF OMITTED] T9996.027\n    \n    [GRAPHIC] [TIFF OMITTED] T9996.028\n    \n    [GRAPHIC] [TIFF OMITTED] T9996.029\n    \n    [GRAPHIC] [TIFF OMITTED] T9996.030\n    \n    [GRAPHIC] [TIFF OMITTED] T9996.031\n    \n    [GRAPHIC] [TIFF OMITTED] T9996.032\n    \n    [GRAPHIC] [TIFF OMITTED] T9996.033\n    \n    [GRAPHIC] [TIFF OMITTED] T9996.034\n    \n    [GRAPHIC] [TIFF OMITTED] T9996.035\n    \n    [GRAPHIC] [TIFF OMITTED] T9996.036\n    \n    [GRAPHIC] [TIFF OMITTED] T9996.037\n    \n    [GRAPHIC] [TIFF OMITTED] T9996.038\n    \n    [GRAPHIC] [TIFF OMITTED] T9996.039\n    \n    [GRAPHIC] [TIFF OMITTED] T9996.040\n    \n    [GRAPHIC] [TIFF OMITTED] T9996.041\n    \n    [GRAPHIC] [TIFF OMITTED] T9996.042\n    \n    [GRAPHIC] [TIFF OMITTED] T9996.043\n    \n    [GRAPHIC] [TIFF OMITTED] T9996.044\n    \n    [GRAPHIC] [TIFF OMITTED] T9996.045\n    \n    [GRAPHIC] [TIFF OMITTED] T9996.046\n    \n    [GRAPHIC] [TIFF OMITTED] T9996.047\n    \n    [GRAPHIC] [TIFF OMITTED] T9996.048\n    \n    [GRAPHIC] [TIFF OMITTED] T9996.049\n    \n    [GRAPHIC] [TIFF OMITTED] T9996.050\n    \n    [GRAPHIC] [TIFF OMITTED] T9996.051\n    \n    [GRAPHIC] [TIFF OMITTED] T9996.052\n    \n    [GRAPHIC] [TIFF OMITTED] T9996.053\n    \n    [GRAPHIC] [TIFF OMITTED] T9996.054\n    \n    [GRAPHIC] [TIFF OMITTED] T9996.055\n    \n    [GRAPHIC] [TIFF OMITTED] T9996.056\n    \n    [GRAPHIC] [TIFF OMITTED] T9996.057\n    \n    [GRAPHIC] [TIFF OMITTED] T9996.058\n    \n    [GRAPHIC] [TIFF OMITTED] T9996.059\n    \n    [GRAPHIC] [TIFF OMITTED] T9996.060\n    \n    [GRAPHIC] [TIFF OMITTED] T9996.061\n    \n    [GRAPHIC] [TIFF OMITTED] T9996.062\n    \n    [GRAPHIC] [TIFF OMITTED] T9996.063\n    \n    [GRAPHIC] [TIFF OMITTED] T9996.064\n    \n    [GRAPHIC] [TIFF OMITTED] T9996.065\n    \n    [GRAPHIC] [TIFF OMITTED] T9996.066\n    \n    [GRAPHIC] [TIFF OMITTED] T9996.067\n    \n    [GRAPHIC] [TIFF OMITTED] T9996.068\n    \n    [GRAPHIC] [TIFF OMITTED] T9996.069\n    \n    [GRAPHIC] [TIFF OMITTED] T9996.070\n    \n    [GRAPHIC] [TIFF OMITTED] T9996.071\n    \n    [GRAPHIC] [TIFF OMITTED] T9996.072\n    \n?\n\n      \n=======================================================================\n\n\n                   DOCUMENTS SUBMITTED FOR THE RECORD\n\n                           February 28, 2013\n\n=======================================================================\n\n      \n      \n    [GRAPHIC] [TIFF OMITTED] T9996.073\n    \n    [GRAPHIC] [TIFF OMITTED] T9996.074\n    \n    [GRAPHIC] [TIFF OMITTED] T9996.075\n    \n    [GRAPHIC] [TIFF OMITTED] T9996.076\n    \n?\n\n      \n=======================================================================\n\n\n              WITNESS RESPONSES TO QUESTIONS ASKED DURING\n\n                              THE HEARING\n\n                           February 28, 2013\n\n=======================================================================\n\n      \n              RESPONSE TO QUESTION SUBMITTED BY MR. COOPER\n\n    Mr. Poneman. The average gross wages and fringe benefits for a \nguard or Protective Force member at Y-12 is $88,000. Actual take home \npay will vary by individual based upon payroll deductions and hours \nworked. [See page 30.]\n                                 ______\n                                 \n            RESPONSE TO QUESTION SUBMITTED BY MR. GARAMENDI\n    Mr. Poneman. Please find attached an organization chart of both \norganizations. We\'ve also included the names of the key NNSA leadership \nteam. [See page 26.]\n    [The information referred to can be found in the Appendix beginning \non pages 111-114.]\n?\n\n      \n=======================================================================\n\n\n              QUESTIONS SUBMITTED BY MEMBERS POST HEARING\n\n                           February 28, 2013\n\n=======================================================================\n\n      \n                   QUESTIONS SUBMITTED BY MR. ROGERS\n\n    Mr. Rogers. General Alston, you recognized human capital \nlimitations as a contributing factor to the event. What can Congress \ndo, if anything, to enhance human capital at NNSA as it pertains to \nsecurity?\n    General Alston. Recognizing that the July 2012 Y-12 security \nfailure had more to do with ineffective oversight and a culture that \nreadily accepted security deficiencies rather than human capital \nweaknesses, it\'s my view that NNSA and DOE did not assign sufficient \nvalue to security expertise when it made staffing decisions. As a \nresult, there is no ready pipeline of leaders with appropriate security \nexpertise. This condition is exacerbated by personnel practices that \ndid not circulate security leaders between the HQ and the sites.\n    The quality of experience and expertise across our national nuclear \nenterprise has been an area of increasing concern, perhaps since the \nend of the Cold War. The Congress in the 1997 and 1998 National Defense \nAuthorization Acts established a Commission on ``Maintaining United \nStates Nuclear Weapons Expertise,\'\' led by ADM (ret) Hank Chiles. ADM \nChiles led a similar Defense Science Board effort in 2008. Neither of \nthese efforts highlighted nuclear physical security expertise as a \nfocus area, but they emphasize the overall importance of expertise \nthroughout the nuclear enterprise. All other things being equal, I \npersonally would be inclined to hire someone who has secured nuclear \nmaterials before I would hire one without that background. The size of \nour nuclear enterprise continues to expose a keen personnel \nvulnerability across all disciplines that should be driving focused \nhuman capital development plans. The benefits include good daily \noperations, strong crisis management competencies at upper levels and a \nself-sustaining community of experts.\n    Mr. Rogers. General Alston, do you, Mr. Augustine, and Dr. Meserve \nbelieve the confused lines of responsibility and authority for security \nare just within NNSA, or do they extend to security and leadership \norganizations within DOE as well?\n    a. You are your fellow reviewers have suggested that security \noperations with DOE and NNSA need to be reorganized in order to re-\nalign authority and responsibility. What guidelines should be followed \nin aligning and assigning authority and responsibility? Is it your \nsense that these guidelines are being followed?\n    General Alston. The confused lines of responsibility and authority \nfor security at the time of our project were within the contractor \nrelationships at the sites, NNSA and DOE.\n    a. Match authority and responsibility at the right level.\n    --For example, at Y-12, the site Maintenance and Operations \ncontractor was responsible for security infrastructure, such as \nsecurity camera maintenance, while the security contractor was \nresponsible for providing ready protective forces. This split \nresponsibility for security tools and security pros contributed to the \natmosphere that tolerated enduring infrastructure deficiencies.\n    --Additionally, empower the NNSA rep overseeing site security with \nsufficient authority to hold him/her accountable appropriately for \nlocal performance failures, as necessary.\n    --Finally, establish who is accountable at the headquarters level \nfor day-to-day security operations. Who is accountable to track and \neliminate security deficiencies? Who is accountable for security system \ndevelopmental and operational testing? To name just a few critical \nelements we had trouble resolving during our study.\n    Scrub department governance and eliminate inadequate, conflicting \nand redundant sources of security policy.--For example, securing \nCategory 1 material at SRS should require the same measures as securing \nCategory 1 material at Y-12.\n    Establish clear organizational lines from the field through the \nsenior levels at the headquarters that not only enable the two points \nabove, but also focus on ensuring effective 2-way communication \nthroughout the organization.\n    I do not have a sense whether or not these guidelines are part of \nDOE/NNSA security initiatives.\n    Mr. Rogers. General Alston, your letter to Secretary Chu says \n``there is a perception that corporate security policy is being written \nfrom inspection results.\'\' Mr. Augustine noted that inspections and \nassessments inappropriately focus on compliance with standards, and not \non security effectiveness or performance. He concluded that ``what is \nneeded is not more inspections but better inspections.\'\' Do you agree \nwith Mr. Augustine on this point?\n    a. To what extent do you believe that oversight activities should \nalso be standardized and/or centrally directed?\n    b. Would you please compare and contrast how the Department of \nDefense conducts inspections and writes security policy with how DOE \nand NNSA do?\n    c. How should oversight of security operations be conducted? How \nwould you modify the DOE/NNSA inspection and oversight approach to make \nit better?\n    General Alston. I absolutely agree with Mr. Augustine. Well-focused \ninspections, at smart intervals, consistently and appropriately \nevaluating compliance and performance against clearly established \nstandards provide both local leadership and NNSA and DOE ``snapshot\'\' \nindicators of site competency. As a part of a comprehensive set of \nindicators that include daily performance metrics, resourcing levels, \nand several more elements to complete the readiness picture, a sound \ninspection process is vital.\n    a. Independent oversight of activities involving nuclear materials \nis essential due to the extraordinary safety, security and geopolitical \nnature of nuclear weapons and related components. High standards are \nestablished and their compliance must be verified. The most senior \naccountable overseer must have the means to assure subordinate elements \nare in compliance with standards and can perform critical aspects of \nthe mission. Therefore, the Secretary of Energy requires an independent \ninspection apparatus. The NNSA Administrator also needs to ensure \ncompliance with these same high standards. Whether or not the \nAdministrator of this semi-autonomous agency requires his/her own \nindependent inspection apparatus should be evaluated.\n    Common standards must be applied in a common way in the field and \nmust be inspected in a common way by the inspection team. This has the \nbenefit of enabling senior leaders to calibrate compliance, \npreparedness and overall competency through inspection results they can \nhave confidence in. Additionally, consistent inspections should serve \nthe purpose of reinforcing universal expectations by field elements \nthat clear standards will be evaluated in consistent ways. Without \nconsistency in evaluation, trust can break down between the HQ and the \nfield and sites will fear the next inspection will be less about \nstandards and more about inspection team whim. Unjustified policy \nrevisions can also creep into the process as a result of poorly \norganized and executed inspections.\n    b. The DoD depends both on the Services and the Defense Threat \nReduction Agency to conduct inspections. The vast majority of nuclear \nexpertise is created at the operating unit level and from this initial \ndevelopment, the substantial oversight demand signal is generated by \nInspector General teams at every nuclear Major Command in the AF (that \nwould be 5 AF IG teams, plus the AF Inspection Agency), plus, the \nServices feed nuclear expertise to DTRA and Combatant Commander \ninspection organizations (small though they may be). I lack personal \nexperience to discuss Navy processes, so I\'ll stick to the AF. Nuclear-\nrelated policy is written at the Office of the Secretary of Defense \nlevel by functional experts and that policy is applied to the AF at the \nAir Staff level by the AF functional experts: personnelists, manpower, \nintelligence, operations, logistics, supply, security, medical, etc. \nFunctional experts at both the Air Staff and the Major Command level \nestablish what should be inspected and go so far as to write the \nchecklists that are issued to the inspection teams. The AF performs a \nvariety of inspections that affect nuclear-equipped units, but the most \nrelevant nuclear-related inspections include the Nuclear Surety \nInspection and the Operational Readiness Inspection. Both types have \ncompliance and performance-based elements. Additionally, subordinate \nunits have self-inspection processes, local exercises, written and oral \ntests. Strategic Command also conducts major large scale exercises.\n    Our relatively short duration study of security across DOE did not \nafford us the opportunity to examine DOE and NNSA policy formulation or \ninspections in great detail. We did have difficulty understanding how \nthese processes worked in practice. We noticed security policy being \nwritten both inside and outside NNSA, suggesting a need to validate the \nappropriateness of multiple security governance tracks, especially \nwhere the result potentially drove different security applications in \nthe field at different locations. \n    The record shows the DOE had inspected Y-12 just prior to the July \n2012 incident and despite extensive documented evidence of an imminent \ntrain wreck, Y-12 got good grades. Clearly DOE was not looking at the \nright things, or lacked sufficient security competency to recognize the \nexisting failure conditions. Beyond IG-type inspections, system \nreadiness/acceptance testing is also relevant to this question. As Mr. \nAugustine said when discussing operational testing of security systems, \n``. . . tests have too often addressed the question, `Does the hardware \nor practice meet the design criteria rather than is it operationally \neffective?\' Standards are often procedural rather than performance-\noriented, and stress testing has been lacking.\'\'\n    c. Scrub governance to validate Department and Agency requirements \nand eliminate conflicting or inadequate guidance. Then, ensure \nproductive alignment of authority and responsibility to produce policy \nand ultimately oversee effective current operations and prepare for \ntomorrow\'s effective operations. These two steps will help set the \nconditions for a value-added inspection process that can produce \ndependable results for local and headquarters awareness and action, as \nappropriate.\n    Mr. Rogers. General Alston, in your letter to Secretary Chu, you \nnote that metrics are an important complement to inspections as part of \na comprehensive oversight program (Dr. Meserve made the same point). \nReviews of the Y-12 incident have found that very few performance \nmetrics were tracked by contractors and NNSA. What high-level metrics \nshould we be tracking as Members of Congress to ensure that the \nsecurity program is operating effectively?\n    a. What are the most important metrics for senior officials to be \ntracking to assurance robust security performance?\n    b. In addition, how can NNSA leadership ensure that ``quality \nmetrics\'\' are developed and used by Federal staff and contractors to \nconduct oversight?\n    c. How many metrics is too many--at what do the important ones get \nlost in the noise?\n    General Alston. a. All are related to understanding risk and being \nable to competently accept risk up the chain. Metrics could include:\n  Resource limitations driving non-standard activities. (personnel \n        shortages driving overtime; parts availability driving \n        prolonged outages of security equipment and extended \n        implementation of compensatory measures)\n  Safety incidents. Number, quality, trends.\n  Security incidents. Number, quality, trends.\n  Progress on security system modifications or upgrades.\n  Inspection results.\n  Inspection deficiency follow-up/resolution.\n    b. I think the metrics are chosen by identifying those governance \nrequirements that spell `mission failure\' if ever breached. \nAdditionally, metrics should be collaboratively identified throughout \nthe chain of command. Authentic desire for site input goes a long way \ntowards achieving corporate buy in to these important measurements.\n    c. Good question. I think some metrics are very relevant to the \nNNSA Administrator, and at the same time, more detailed subordinate \nmetrics might be more appropriate at the local level. It\'s important to \nget the right information to the person accountable to fix the problem. \nIn addition to just pushing data up the chain, it is perhaps more \nimportant for this content to drive interaction up and down the chain \nto reinforce constant leadership commitment to security, and for site \nparticipants to take that leadership commitment evidence to all the \npersonnel on site.\n    Mr. Rogers. General Alston, your letter indicates serious problems \nwith the security culture at NNSA and DOE, and that many of these \nproblems have existed for decades.\n    a. Can we change the security culture without some sort of \nfundamental changes? Is it possible to shift the culture using only \nincremental changes?\n    b. Culture changes are extremely difficult and often take a long \ntime--what immediate-term actions should we be taking to begin this \nneeded culture shift?\n    c. You recommend federalizing the security forces. Do you think \nthat would a large enough change to shift the culture?\n    General Alston. a. In my experience, when culture change is needed, \nincremental adjustments will either fail to achieve the required change \nor will not drive change at the necessary speed.\n    b. If the need for culture change is legitimized, dramatic action \nis often a catalyst for changing culture. A change in leadership, a \nclear articulation of the vision and the need for the change, sometimes \na major re-organization are all relevant considerations. Key to setting \nconditions for change is to reinforce the value of security in NNSA and \nDOE and that is achieved in large part with accountability. \nOvercommunicate the standards and expected performance levels and \nconsistently enforce them. Mr. Augustine identifies 7 ingredients to \nsuccessful culture change on page 4 of his 6 December 2012 letter to \nDr. Chu.\n    c. No, federalizing the NNSA protective forces alone will not \nachieve the necessary culture change. Without the proper alignment of \nauthority and responsibility up and down the chain between the sites \nand the HQ and without an effective means to ensure all members of NNSA \nand DOE understand their individual roles in security, all the \nnecessary pieces will not be in place and the conditions will not have \nbeen set. However, federalizing the protective forces not only makes \noperational sense, but it would be a clear expression of intent and \ninstitutional commitment that, in my view, would be worth the cost in \nthe long run.\n    Mr. Rogers. General Alston, you and Mr. Augustine and Dr. Meserve \nseem to have read the many reports and independent reviews of DOE \nsecurity that have been conducted previously. Your letter to Secretary \nChu calls it ``the considerable body of work that has been done on this \nsubject over the past decade.\'\' In particular, you mention the review \ndone by Admiral Mies in April 2005. In my opening statement, I \nmentioned a few others--but there are many, many more.\n    How do your findings and recommendations compare with those \ncontained in all of these previous reports? Do you feel the findings \nand recommendations in the previous reports have been acted upon and \naddressed?\n    General Alston. It is my view that many of the past reports contain \nobservations and recommendations that also seemed relevant during the \ntime of my study. In my opinion, the broadest security examination was \nled by ADM (ret) Mies and for that reason I encouraged the Secretary of \nEnergy to critically re-evaluate DOE/NNSA documented resolution of that \nreport\'s set of recommendations. Though I did not audit all the \nrelevant reports in response to this QFR, I did review the Mies report \nagain. I have included below some of the Mies recommendations that \nechoed with what I was observing at the time of my study. I suspect \nDOE/NNSA has taken relevant action in response, but given what I \nobserved, continued vigilance is required.\n    Some still-resonating Mies recommendations:\n    <bullet>  ``Continue to promote greater collaboration and team \nbuilding within NNSA with the goal of an enterprise approach to \nsecurity. Support the Chiles panel recommendations on improved career \ndevelopment, assignment rotation training, professional qualification \nand certification, etc.\n    <bullet>  Make an unequivocal commitment to upgrade the quality, \nrelevance, and ownership of security training programs and professional \ncertification.\n    <bullet>  Emphasize a balance of compliance and performance \nobjectives designed to incentivize and embed security improvement \nthroughout NNSA, as part of an enterprise approach to security.\n    <bullet>  Create a stronger climate of trust in the security \nprogram. Differentiate honest human security errors from malicious, \ngrossly negligent ones.\n    <bullet>  Adopt a more proactive approach to security through \nstronger accountability.\n    <bullet>  Conduct an independent staffing assessment of NNSA \nrelative to DOE. Rebalance staffing and expertise commensurate with the \nsignificance of the national security assets NNSA manages.\n    <bullet>  Give greater autonomy and authority to the NNSA \nAdministrator to oversee the elements of the security process, from \npolicy formulation to implementation and oversight, which directly \naffect security of the NNSA complex.\n    <bullet>  Implement the recommendations of the Chiles report to \nimprove the federal security workforce, including developing and \nexecuting a comprehensive human capital management program; improving \nthe training, qualifications, and stature of the NNSA security \nworkforce; reengaging in national markets to hire security \nprofessionals; instituting a long-term practice of security staff \nrotation; identifying options for accelerating the security clearance \nprocess; improving security information flow; revising the NNSA \nSafeguards and Security Strategic Plan; and providing specific budget \nsupport for and tracking the progress of these recommendations.\n    <bullet>  Continue to elevate security program visibility and \nimportance through initiatives such as the June 2004 organizational \nrealignment, to ensure security is commensurate with other line \nmanagement responsibilities.\n    <bullet>  Have NNSA headquarters assume greater responsibility for \nday-to-day supervision and oversight of site activities to promote an \nenterprise-wide approach to security, more consistent interpretation of \nsecurity policy, and more standardized and coherent implementation. The \nnew Associate Administrator for Defense Nuclear Security should be \nassigned responsibility for day-to-day security oversight. \nResponsibility for implementation needs to reside at all levels.\n    <bullet>  Establish formal mechanisms to enable DOE/NNSA to \nregularly collaborate with DoD (and other appropriate federal agencies) \non security policy issues, lessons learned, best practices, \ntechnological improvements, tactics, and procedures as recommended by a \nprevious study.\n    <bullet>  Promote greater reliance on continuing security self-\nassessment programs to better inculcate security as every individual\'s \nresponsibility and integral to mission.\n    <bullet>  Consider changing the annual survey and self-assessment \nprogram to a year-round program of in-depth assessments in specific \nareas.\n    <bullet>  Formulate an NNSA-wide strategic security plan, similar \nin level of detail and content to DOE\'s, to create a unifying security \nroadmap for the NNSA enterprise. Use this plan as a cornerstone for the \ncreation of other interdependent enterprise wide plans, such as special \nnuclear material consolidation, infrastructure recapitalization, \ntechnology investment, information systems modernization, and the \nfoundation for individual security discipline plans (physical, cyber, \npersonnel, and material control and accountability).\n    <bullet>  Establish effective, formal forums to: promote greater \nDOE/NNSA-to-DOD, DOE-to-NNSA, headquarters-to-site, and site-to-site \ncollaboration between security policymakers and policy implementers, \npromote more consistent interpretation and application of security \npolicy, foster adoption of best practices, help formulate a more \ncoherent, NNSA-wide security plan, consider making peer review an \ninherent element of security policy formulation and implementation.\n    <bullet>  Review and streamline local site compliance-based quick \nfixes to ensure security oversight is appropriately focused on \nperformance objectives.\n    <bullet>  Provide greater centralized clarification and \ninterpretation of security policy to promote more consistent and \nstandardized implementation. Consider repromulgation of a security \nstandards and criteria manual.\n    <bullet>  Consider conducting random testing of the PF throughout \nthe year in both firearms and physical fitness. This testing will \nencourage officers to maintain weapons skills and physical fitness \nlevels year-round and will give management a more realistic picture of \nthe overall PF\'s capabilities.\n    <bullet>  Direct site offices to regularly check the false or \nnuisance alarm rates from the CAS and compare them with the credit \ntaken in the VAs to ensure the analysis accurately reflects field \nconditions. Establish a method to properly record and document the \nfalse or nuisance alarm rate and ensure proper training for CAS PF \npersonnel.\n    <bullet>  Install modern computer alarm equipment that has an \nautomated alarm tracking system to replace antiquated systems.\n    <bullet>  Establish a more rigorous process within DOE/NNSA \nheadquarters to thoroughly review initial incident reports; monitor the \ninquiry progress; review final reports for adequacy of the inquiry, \ncorrective actions, and analysis of underlying causes; and keep senior \nDOE/NNSA leadership appropriately advised.\n    <bullet>  Establish a more formal and disciplined process at sites \nto track security incident corrective actions to completion. Consider \nrequiring site management to include findings and corrective action \nplans in a site-level corrective action tracking process involving \nsenior line management to ensure corrective actions are adequate and \ncomplete.\n    <bullet>  Ensure reviews are conducted to execute continuous \nimprovement.\n    <bullet>  As also recommended by the Chiles report, establish a \ndedicated and more effective formalized process within NNSA \nheadquarters to disseminate incident lessons learned to the NNSA \ncommunity.\n    <bullet>  Consider publishing a quarterly lessons-learned message \nfor all DOE/NNSA sites, with procedures for ad hoc promulgation of \nurgent lessons learned.\n    <bullet>  Develop more meaningful security metrics that accurately \nmeasure the nature, frequency, and significance of incidents; the \nunderlying root causes; and the timeliness of reporting, investigation, \nand corrective action development. Periodically provide these metrics \nto senior headquarters and site leadership, as well as appropriate \nsecurity officials, to promote greater awareness of security \nperformance and concerns.\n    <bullet>  Consider a reasonable standardization of site security \nsystem architecture, design, and implementation, including the security \nupgrades in progress. NNSA site oversight and headquarters should be \ninvolved in each critical decision stage of security upgrade projects. \nProject rationale and justification should be scrutinized and compared \nwith complex-wide needs and overall direction. This would optimize the \nuse of security up-grade funding and present a clear direction for \nsecurity strategy.\n    <bullet>  Develop, with urgency, a more robust, integrated DOE/\nNNSA-wide process to provide accountability and follow-up on security \nfindings and recommendations.\'\'\n    Mr. Rogers. If previous studies have repeatedly noted the same \nproblems--for instance, confused lines of authority, responsibility, \nand accountability--why have they not been addressed? Why have prior \nattempts to implement change at NNSA failed? What should Congress do to \nensure these issues are addressed once and for all?\n    General Alston. Some in DOE and NNSA have pointed to the transitory \nnature and frequency of leadership change and a lack of continuity of \npriorities during these transitions as causal. It is my view that in \nthe current DOE culture, ``safety,\'\' ``security,\'\' ``science (labs),\'\' \nand ``mission (production sites)\'\' share a common, finite tradespace \nand compete with each other for emphasis and resources. If there is \ninsufficient individual security expertise at the senior levels of NNSA \nand DOE, and no common appreciation for the value of security across \nsenior leadership--except in crisis--security concerns will find \ninconsistent support and ultimately weak follow through.\n    Mr. Rogers. General Finan, your report indicates serious problems \nwith the security culture at NNSA, and that many of these problems have \nexisted for decades.\n    a. Can we change the security culture without some sort of \nfundamental changes? Is it possible to shift the culture using only \nincremental changes?\n    b. Culture changes are extremely difficult and often take a long \ntime--what immediate-term actions should we be taking to begin this \nneeded culture shift?\n    General Finan. a. NNSA leadership must take bold and enduring \nactions. Fundamental change is required within the NNSA organizational \nstructure and in its assessment model. This, in and of itself, will not \nnecessarily drive a change in culture. In conjunction with implementing \nthe new structure and model, a deliberate campaign should be initiated \nto emphasize the importance of the security mission in strategic plans, \nmission statements, policy documents, and other expressions of \nmanagement intent. Security must be clearly integrated with other \nmission elements and appropriately recognized as essential to overall \nNNSA mission success.\n    It is possible to shift culture with incremental changes. However, \nthose incremental changes would have to be a part of a well-planned, \nlarger campaign designed specifically to re-shape the organization and \nits culture. A shift in culture is not likely if change is implemented \nat the margins of the issues and it does not address core faults such \nas the confusing and ill-defined roles and responsibilities within the \nNNSA federal organizational structure.\n    b. A deliberate campaign should be initiated to emphasize the \nimportance of the security mission in strategic plans, mission \nstatements, policy documents, and other expressions of management \nintent. Security must be clearly integrated with other mission elements \nand appropriately recognized as essential to overall NNSA mission \nsuccess. Additionally, NNSA needs to build and execute a Security Road \nMap that consolidates recommendations from previous reports, \narticulates a clear vision of where the security program is going, and \ncharts a path forward. Document the path in a roadmap that is signed by \nthe NNSA Administrator and follow up with action plans that have clear \nownership, and status updates.\n    Mr. Rogers. General Finan, you have argued that security \nrequirements need to be better specified (for example, your report \nrecommends that NNSA ``develop and issue specific standards against \nwhich security operations are to perform and the criteria by which they \nwill be evaluated.\'\').\n    What standards, criteria, and metrics do you suggest? What metrics \nshould senior leaders pay special attention to in order to ensure \nrobust security effectiveness? How many metrics is too many--at what do \nthe important ones get lost in the noise?\n    General Finan. DOE had detailed standards and criteria for security \noperations. The last iteration of that document is a good baseline to \nstart from. It was issued under the title ``Guide for Implementation of \nSafeguards and Security Directives (Short Title: Safeguards and \nSecurity Standards and Criteria)\'\' on 26 November 1993. An example of a \nstandard and associated criterion is listed below:\n\nStandard\n    Alarm Systems Testing and Maintenance: The facility conducts \noperability tests of the basic alarm components at least once every \nseven days, and performs required and necessary maintenance on the \nsystems.\n\nCriteria\n    1. Personnel testing, maintaining, or servicing alarms have access \nauthorizations consistent with the highest classification levels being \nprotected, unless such testing and maintenance is performed as bench \nservices away from the protected location or is performed under the \nsupervision of an appropriately cleared and knowledgeable custodian of \nthe alarm-protected location.\n    2. Alarms bench tested or maintained by uncleared personnel away \nfrom the protected location are inspected and tested prior to \ninstallation.\n    3. At least once a week, the basic alarm component is tested by \nsimulated intrusion of the alarmed area or of the protected space of an \nalarmed object. (Opening an alarmed portal in a manner that would cause \nan alarm is an adequate weekly test.) Alarms caused by the opening and \nclosing of areas by operating personnel in the normal performance of \ntheir activities are acceptable tests when documented as tests.\n    4. False and nuisance alarm rate records are maintained and results \nare analyzed to determine alarm system performance.\n    5. Corrective maintenance is initiated within 72 hours of \nindication of failure. Compensatory measures are initiated immediately \nto provide equivalent detection capability when any part of the \ndetection system is out of service and are continued until maintenance \nis complete.\n    For Metrics, NA-70 has is working some detailed metrics in their \nnew Mission Essential Task List that will be useful in managing the \nprotective force and should roll up to higher level metrics that can be \nused by senior leaders. A basic metric framework could include the \nmajor categories of System Performance, Operational Performance, \nModernization, Support Services, and Predictive Indicators. System \nperformance could include metrics such as False and Nuisance alarm \nrates, camera status, sensor status, etc. Operational Performance could \nfocus on protective force training status, evaluation results, exercise \nperformance and depth, etc. Modernization could measure the status of \nthe security systems by monitoring the age of the significant sub-\nsystems. Support Services could measure contract status, \nstandardization of procedures and documentation across the NNSA \ncomplex, etc. The Predictive Indicators metric could focus on early \nalerting of leadership to potential issues. For example, funding status \nfor training could indicate future proficiency; leadership security \nexperience levels could indicate the quality of future performance and \ndecisions, etc. These indicators would be made up of increasing levels \nof detail that are used by each level of management to manage security. \nEstablishing the right level and number of metrics is difficult. A \nsmall number of high level metrics with the ability to drill down to an \nappropriate level to see causes and contributing factors is essential. \nThe key is a structured process with defined business rules that are \nadhered to by all participants.\n    Mr. Rogers. To what extent do you believe that oversight activities \nshould also be standardized and/or centrally directed? Will more \ninspections necessarily equate to more effective oversight? How should \noversight of security operations be conducted?\n    General Finan. There is a role for standardized, centrally directed \noversight as well as for individualized, tailored evaluation. At the \ntactical level, oversight activities should be tailored and flexible \nbased on needs and specific performance. As the level of overseeing \norganization rises, the level of standardization and centralization \nshould rise correspondingly. For example, at the tactical level, a \nsecurity supervisor would want to see and evaluate the specific actions \nof the team members that work for him/her. Based on the supervisors \nknowledge of threats, skill levels, training, and site specifics, \nevaluation must be tailored for the specific situation. At an \noperational level, evaluators must see standardization of procedures \nand accomplishment of objectives. These evaluations would be more \nstandardized and controlled by a central authority. At the strategic \nlevel oversight should focus on the larger context of fulfilling \nmission requirements. Again, this type of evaluation should be \ncentrally directed as it is looking for performance across the \nenterprise.\n    More inspections will not equate to better performance and will not \nnecessarily equate to effective oversight. While inspections can drive \nperformance, they do not ensure performance. A comprehensive system of \noversight is needed.\n    Our report proposed strengthening the role of Federal security \nassessment within NNSA without diminishing the legitimate need for \ncontractors to maintain their own self-assessment capabilities or HSS \nto provide Independent Oversight. We called for a three-tiered \nassessment process.\n    Contractor self-assessment is the first tier in the overall \nassessment process. The primary audience for the contractor self-\nassessments should be the contractor security managers themselves, but \nthe self-assessments should follow a consistent, program-wide format, \nand be made available for review at all higher levels of management. \nContractors should be required to identify, report, and resolve \nsecurity issues--sanctions should come when a higher level assessment \nuncovers problems that the contractor self-assessments fail to identify \nor properly address. Even when an issue is readily resolved and \ncorrective actions are immediate, a finding should be issued and the \ncorrective action recorded. Failure to do so inevitably hides potential \nnegative trends. Contractor self-assessments should involve active \nperformance testing rather than simply relying on work observation and \ndocument review--effective security performance can only be evaluated \nthrough testing. On site Federal security personnel should actively \nparticipate in this process as quality assurance for the federal \ngovernment.\n    The fundamental purpose of Federal security performance assessment \nis to ensure that requirements are properly implemented. Therefore, the \nprimary Federal assessment organization should ultimately report to the \nChief of Defense Nuclear Security, who is responsible for requirements. \nThis provides independence not only from the contractors, but also from \nthe tactical-level Federal field staff whose necessary day-to-day \ninteraction with contractor managers and staff risks loss of \nobjectivity. This enables the Chief of Defense Nuclear Security to \nbetter ensure effective implementation of NNSA security programs. \nAdditionally, it provides feedback on performance to the operational \nand tactical levels.\n    These Federal security assessments should include performance \ntesting of all critical elements. The assessors should issue clear \nfindings which are to be tracked and closed in a program-wide \ncorrective action management system. Federal assessors should also look \nclosely at the contractor self-assessment process; ``failures to \nidentify\'\' by the contractor self-assessment element should \nautomatically rise to the level of significant findings.\n    The final tier of the assessment model should explicitly rely upon \nthe services of an independent security oversight function, currently \nprovided by HSS. NNSA should arrange for a regular process of \ncomprehensive inspections. The oversight function should be encouraged \nto issue strong findings for matters of potential concern to the NNSA \nAdministrator and the Secretary of Energy, and should routinely \nevaluate the performance of contractor self-assessments and the Federal \nassessment program.\n    Mr. Rogers. How do we ensure robust security oversight that is not \noverly burdensome?\n    General Finan. Much of the ``burden\'\' of oversight is caused by \nexcessive paperwork associated with evaluating compliance. The current \nsecurity assessment process in NNSA is paper-based and is heavily \ndependent on field office and contractor reporting. It does not include \nindependent observation or validation of site security implementation \nfrom NNSA. As a result, NNSA is unable to validate the implementation \nof security policies or contractor performance of assigned missions. \nLarge volumes of paperwork are generated each quarter in which it is \nnearly impossible to discern trends or significant deficiencies.\n    In the area of security, oversight must be about performance. \nTherefore, oversight should see actual performance in the form of real \nworld activity or exercises. Some paperwork should be reviewed, such as \ntraining records, but that paper work should already exist and not be \ngenerated solely for the purpose of outside oversight. Specific \nstandards against which security operations are to perform and the \ncriteria by which they will be evaluated must be codified. This will \nensure security professionals know what is expected and how they will \nbe evaluated. By eliminating paperwork generated solely for the purpose \nof oversight and adhering to a known set of standards and criteria, \nsecurity oversight should not be burdensome.\n    We should also resist the notion that strong performance-based \nstandards and criteria and an equally strong insistence on stringent \nperformance assessment and oversight inherently constitutes an \nexcessive burden on contractors and the field. Part of the cultural \nchallenge lies in overcoming the tendency on the part of contractors \nand their field level federal counterparts to assert that their local \npriorities and perspectives must take precedence over comprehensive and \ncoherent, centrally-driven security program direction. A good system \nmust take into account special local circumstances. However, NNSA\'s \nlongstanding tradition has been the assertion that ``the field always \nknows best,\'\' and that Headquarters should simply stay out of their \nbusiness. Upon close examination, many complaints about ``excessively \nburdensome HQ security oversight\'\' are revealed as exercises in ``turf \nprotection\'\'.\n    Mr. Rogers. General Finan, your report is clearly indicating \nfrustration when it says ``the most striking result of this review \nfalls in the area of culture sustainment. It quickly became evident \nthat the Task Force findings closely resemble those presented in \nnumerous prior reports such as the 2005 Mies Report and the 2004 Chiles \nReport.\'\' Why haven\'t DOE and NNSA been able to address these long-\nstanding, well-documented problems?\n    a. What do you recommend that we in Congress do to ensure they are \nactually addressed this time?\n    General Finan. DOE and NNSA have not been able to attack core \nissues. As a result, they make marginal change around the periphery of \nthe issue, check the box showing they have taken action, and move on to \nother things. Security human capital development is a good example. \nSecurity professionals in NNSA do not have a defined career path. They \ndo not have a program for their development, and they largely see their \ncareers with the federal government as dead ends. This issue has been \nrepeatedly identified. As a result NNSA has taken action. They \nimplemented a rudimentary requirement for security professionals to get \nsome minimal training and the started a program where they brought in \nyoung leaders as a part of the leadership development program. With \nthis in place, it was assumed that they had taken care of the Human \nCapital issues identified in the 2004/2005 time frame. Unfortunately, \nthis action did not create a career path; it did not develop security \nprofessionals; it did bring in people with little or no security \nexpertise or necessarily even an interest in security; and it did not \nchange the belief that there was not anywhere to progress to in \nsecurity. It nibbled at the margins of a core issue . . . the fact that \nthere was no identifiable, repeatable, or executable career path for \nfederal security professionals.\n    a. Ensure that NNSA builds and executes a Security Road Map that \nconsolidates recommendations, articulates a clear vision of where the \nsecurity program is going, and charts a path forward. Document the path \nin a roadmap that is signed by the NNSA Administrator and follow up \nwith action plans that have clear ownership, including regular status \nupdates. Solutions must be enduring and will require leadership \ndedication.\n    Mr. Rogers. General Finan, you recognized human capital limitations \nas a contributing factor to the event, including weak staff \ncapabilities to assess contractor performance. What can Congress do, if \nanything, to enhance human capital at NNSA as it pertains to security?\n    General Finan. NNSA must develop a comprehensive plan for \nrecruiting, developing, and retaining qualified security experts. NNSA \nneeds the right federal security professionals in the right places. \nIndividual leaders, and collectively the entire staff, must possess an \nappropriate skill and experience base to provide effective security \nprogram execution. Congress can specifically help by ensuring that NNSA \nhas the ability to hire the appropriate federal security staff, both in \nterms of numbers and pay scale. Currently, NNSA relies heavily on \nsupport service contractors. This is partly due to limitations \n(perceived or real) on funding and hiring federal personnel.\n    Mr. Rogers. General Finan, your task force was directed to study \norganizational issues within NNSA. Your tasking did not include \nassessing organizational issues within the broader DOE system. In the \ncourse of your investigation, did you become aware of any \norganizational problems related to security in the broader DOE \norganization, or are these problems located solely within NNSA?\n    a. Do you believe the security policy-making and oversight roles \nand responsibilities between DOE\'s Office of Health, Safety, and \nSecurity and NNSA are clearly defined and understood?\n    General Finan. We did find evidence of similar confusion related to \nambiguous lines of authority and lack of standardization in executing \nthe security mission. As in NNSA, we found wide variations in how the \nfederal staffs executed their oversight roles at the various sites.\n    a. I do not. The Task Force identified that there is no clearly \narticulated or consistently implemented NNSA security policy process. A \nmajor concern is the supplanting of DOE Security Orders with generic \nand less restrictive NNSA policies (NAPs). Additionally, the Task Force \nnoted a desire on the part of some NA-70 senior managers to maximize \nseparation from DOE HSS policies and activities. Within NA-70, policy \nand guidance are issued through a variety of formal and informal \nmechanisms with erratic distribution. The Task Force identified that \nsome Federal field organizations are inconsistent in their acceptance \nand application of NA-70 issued policies. Finally, NA-70 policy and \nguidance tend to be vague resulting in widely differing interpretations \nby field personnel. This has resulted in additional confusion in the \nfield as to which policies actually apply to them.\n    Mr. Rogers. General Finan, your report seems to indicate that DOE \nand NNSA were overly focused on paperwork, and missed the warning signs \nthat indicated a problem at Y-12. Why such focus on paperwork? How were \nthey missing the warning signs?\n    a. How would you change the assessment, inspection, and oversight \nprocess to ensure the warning signs are noticed, and security \nperformance is assured?\n    General Finan. Misinterpretation, and/or misapplication of the DOE \nSafety and Security Reform Plan, dated March 16, 2010, resulted in a \nweakened Federal security assessment program. In particular, this \ndocument stated: ``Security Performance: Contractors are provided the \nflexibility to tailor and implement security programs in light of their \nsituation and to develop corresponding risk- and performance-based \nprotection strategies without excessive Federal oversight or overly-\nprescriptive Departmental requirements.\'\' This guidance was further \nexpanded upon and eventually articulated in NAP-21, Transformation \nGovernance and Oversight Initiative. The belief arose that ``eyes on, \nhands off\'\' precluded Federal security staff from conducting \nperformance-based assessments of contractors. As a result, most Federal \nassessment was based on paperwork generated by the contractor. The \npaperwork was voluminous and non-standard. There were no consistent \nbusiness rules on how to report areas of concern. The result was a mass \nof paper that made it nearly impossible to discern issues.\n    This paper-based system of assessment, without sufficient \nperformance verification, is inadequate for effective evaluation of \nsecurity operations. Much of the ``burden\'\' of oversight is caused by \nexcessive paperwork associated with evaluating compliance. Large \nvolumes of paperwork are generated each quarter in which it is nearly \nimpossible to discern trends or significant deficiencies. This, \ncombined with a lack of NNSA independent observation or validation of \nsite security implementation resulted in an inability to validate the \nimplementation of security policies or contractor performance of \nassigned missions.\n    a. The Task Force proposed an assessment model that strengthens the \nrole of Federal security assessment within NNSA without diminishing the \nlegitimate need for contractors to maintain their own self-assessment \ncapabilities.\n    The contractor self-assessment process is the first tier in the \noverall assessment process. The primary audience for the contractor \nself-assessments should be the contractor security managers themselves, \nbut the self-assessments should follow a consistent, program-wide \nformat, and be made available for review at all higher levels of \nmanagement. Contractors should be required to identify, report, and \nresolve security issues--sanctions should come when a higher level \nassessment uncovers problems that the contractor self-assessments fail \nto identify or properly address. Even when an issue is readily resolved \nand corrective actions are immediate, a finding should be issued and \nthe corrective action recorded. Failure to do so inevitably hides \npotential negative trends. Contractor self-assessments should involve \nactive performance testing rather than simply relying on work \nobservation and document review--effective security performance can \nonly be evaluated through testing.\n    The fundamental purpose of Federal security performance assessment \nis to ensure that requirements are properly implemented. Therefore, the \nprimary Federal assessment organization should ultimately report to the \nChief of Defense Nuclear Security, who is responsible for requirements. \nThis provides independence not only from the contractors, but also from \nthe tactical-level Federal field staff whose necessary day-to-day \ninteraction with contractor managers and staff risks loss of \nobjectivity. This enables the Chief of Defense Nuclear Security to \nbetter ensure effective implementation of NNSA security programs. \nAdditionally, it provides feedback on performance to the operational \nand tactical levels.\n    These Federal security assessments should include performance \ntesting of all critical elements. The assessors should issue clear \nfindings which are to be tracked and closed in a program-wide \ncorrective action management system. Federal assessors should also look \nclosely at the contractor self-assessment process; ``failures to \nidentify\'\' by the contractor self-assessment element should \nautomatically rise to the level of significant findings.\n    The final tier of the assessment model should explicitly rely upon \nthe services of an independent security oversight function, currently \nprovided by HSS. NNSA should arrange for a regular process of \ncomprehensive inspections. The oversight function should be encouraged \nto issue strong findings for matters of potential concern to the NNSA \nAdministrator and the Secretary of Energy, and should routinely \nevaluate the performance of contractor self-assessments and the Federal \nassessment program.\n    This performance assessment model assumes a common requirements \nbase that is employed at all levels and across the NNSA security \nprogram. While some allowance may be made for site-specific issues, the \nfundamental elements of this requirements base should be an \nappropriately integrated system of DOE policies, NNSA implementation \ndirectives, and field operational guidance. The requirements base \nshould be reflected in approved documents such as site Safeguards and \nSecurity Plans. Specific performance requirements should be articulated \nin detailed performance standards and criteria supported by a commonly \nunderstood and utilized performance testing process.\n    Mr. Rogers. Mr. Friedman, your report recommends that NNSA \n``perform periodic in-depth reviews of contractor\'s security \nperformance using a risk-based approach.\'\' Does NNSA not do this now?\n    a. How does NNSA and DOE use risk analysis in its assessments of \nsecurity?\n    b. Do we have a rigorous means of assessing, managing, and \nbalancing security risks, costs, and mission needs?\n    Mr. Friedman. At the time of our review, there were two levels of \nFederal contractor security performance assessments at the Y-12 \nNational Security Complex. These were performed by the Department\'s \nOffice of Health, Safety and Security (HSS) and the NNSA Production \nOffice (NPO).\n    HSS performed limited scope security assessments on a periodic \nbasis. During the review, we did not specifically review HSS\'s \nmethodology for determining what sites/areas to assess or the frequency \nof the assessments. However, HSS has publically acknowledged that its \nreview regime has been limited in recent years. The Department has \nstated that, as a result of the Y-12 matter, a more robust security \nperformance assessment strategy will be implemented.\n    NPO stated that it performed periodic reviews of the contractor\'s \nsecurity performance using a risk-based approach. However, as part of \nour work at Y-12, we interviewed the NPO personnel responsible for the \nreviews and examined NPO\'s periodic assessment reports. In our opinion, \nthe reviews could not be considered ``in-depth\'\' since they consisted \nmainly of reviewing contractor-prepared documentation and/or \n``shadowing\'\' the contractor\'s self-assessments rather than conducting \nindependent security performance testing.\n    a. The results of our review at Y-12, which catalogued what we \ndescribed as multiple-system failures, reflects our view of the quality \nof risk assessment methodologies employed by NNSA/DOE, at least as they \napplied to that facility at that time. Beyond our published analysis, \nwe did not specifically evaluate NNSA/DOE\'s use of risk analysis to \nplan their security assessments. Respectfully, responsible Department \nofficials may be able to provide a complete answer to this question.\n    b. Our review focused on the circumstances directly pertaining to \nthe incident at Y-12, thus we did not evaluate the overall NNSA/DOE \nsecurity posture. To the extent the problems identified at Y-12 as part \nof our review and by other subsequent reviews reflect the status of \nsecurity throughout the complex, there is reason for concern.\n    Mr. Rogers. Secretary Poneman, we\'ve heard differing opinions on \nhow DOE and NNSA\'s protective forces should be structured. Do you \nbelieve federalization of the protective forces is an appropriate path \nforward? What are the benefits, risks, and costs of the various models \nfor the protective forces?\n    Mr. Poneman. Federalization of the protective force was considered \nextensively in security reviews by Mr. Meserve, Mr. Alston and Mr. \nAugustine following the Y-12 security incident as well as many others \nover the years. DOE believes this topic is worthy of continued dialogue \nwithin the Department and with Congress, but is not prepared to offer a \nformal opinion at this time.\n    Some of the issues for further consideration include how a Federal \nforce would integrate with on-site Management and Operating (M&O) \ncontractor leadership, the potential for complex-wide labor disputes or \nstrikes, and the budgetary impact on the Government.\n    Mr. Rogers. Secretary Poneman, in General Alston\'s letter to \nSecretary Chu, he says ``there is a perception that corporate security \npolicy is being written from inspection results.\'\' Mr. Augustine noted \nin his letter that inspections and assessments inappropriately focus on \ncompliance with standards, and not on security effectiveness or \nperformance, concluding that ``what is needed is not more inspections \nbut better inspections.\'\' Do you agree? If so, how will DOE address \nthis concern?\n    a. What is being done to make inspections more effective at \nassuring robust security performance?\n    Mr. Poneman. The Department appreciates receiving these \nobservations from General Alston and Mr. Augustine. Inspections of \nnuclear facilities performed by HSS not only focus on compliance with \nestablished DOE policies, but also on security effectiveness and \nemphasize testing of performance. I agree that the quality of \ninspections is very important in addition to frequency. Since the Y-12 \nsecurity incident we have directed HSS to enhance its inspections to \ninclude more limited-notice and no-notice testing of the protective \nforces and security systems in order to ensure their readiness to \nrespond to security incidents. As you know, we have also directed HSS \nto conduct extent-of-condition reviews at all Category I special \nnuclear facilities and to complete comprehensive inspections at each of \nthese facilities by October 2013.\n    Mr. Rogers. Secretary Poneman, several witnesses from the first \npanel indicated in their reports that the governance reforms initiated \nby Secretary Chu and Administrator D\'Agostino were misinterpreted or \nmisapplied by Federal staff, which was a contributing factor to the Y-\n12 incident. Do you agree? [Question #16, for cross-reference.]\n    Mr. Poneman. NNSA\'s governance reforms were structured to improve \nthe Line Oversight of its contractor operations. Effective Line \nOversight uses several different sources of information to ensure \naccurate and objective understanding of conditions and performance. \nThose sources include federal line management assessments, federal \nindependent assessment and data from the Contractor\'s ``Contractor \nAssurance System (CAS)\'\'. A CAS is a primary tool used by Contractor \nManagement to measure, improve, and demonstrate performance and ensure \nthat mission objectives and contract requirements are achieved. CAS is \nthe same as basic concepts of successful industry quality management \nsystems such as International Standards Organization (ISO) 9000/9001.\n    A robust and effectively functioning CAS provides transparency and \nbuilds trust between NNSA and its contractors and helps to ensure \nalignment across the NNSA Enterprise to accomplish and address mission \nneeds. For example, comparing data developed through the CAS to data \ndeveloped by federal assessments allows NNSA to ensure that the M&O \ncontractor has effective quality management programs in place. With \neffective and transparent contractor assurance systems, NNSA can focus \nthe deployment of our federal oversight workforce on high risk areas, \ne.g. nuclear safety, security, and cyber security.\n    NNSA has recently completed a review of the current policy on \nreviewing CAS and Line Oversight processes in light of the lessons \nlearned from the early reviews and the Y-12 performance failure. The \nreview has identified needed changes to the processes so future reviews \nwill ensure performance requirements are being met and that the \nobjectives and expectations for NNSA governance are effectively \ncommunicated and adhered to across the complex.\n    These changes will be consistent with the revised DOE Order 226.1B, \nImplementation of Department of Energy Oversight Policy, which requires \nthat the Heads of the Field Elements approve the initial contractor \nassurance system description; review and assess the effectiveness of \nthe Contractor Assurance Systems (CAS); and establish performance \nexpectations and communicate same to contractors through formal \ncontract mechanisms. This is a continuation of the requirements \ncontained in the predecessor DOE order 226.1A, dated July 31, 2007. \nThat order also contains contractor requirements for a CAS. \nAdditionally, DOE Order 227.1, Independent Oversight Program, issued \nAugust 30, 2011, requires that the contractor\'s corrective action to \naddress a security weaknesses identified during an Independent \nOversight inspection be approved by the DOE. This is a continuation of \nthe requirement that was contained in the predecessor order, DOE Order \n470.2B, Independent Oversight and Performance Assurance Program, dated \nOctober 31, 2002. A key aspect of our strengthened process is the \nestablishment of a central line organization, the Office of \nInfrastructure and Operations, (NA-00) and a clear focus on oversight \nat three distinct, but mutually supportive, levels within NNSA. As \nbefore, the M&O contractors are responsible and accountable for their \nperformance at the floor level where their employees perform work--this \nis what we call the ``tactical\'\' level of oversight. The Office of \nInfrastructure and Operation provides the federal line-management or \n``operational\'\' oversight. In this regard, NA-00 leverages the combined \ncapabilities of its offices through the complex to ensure that \noversight is performed by both the federal staff closest to, and most \nknowledgeable of, a specific site\'s operations but also federal \npersonnel responsible for similar activities at other locations who can \nprovide additional objectivity because they have relevant experience \nbut a different perspective. NNSA also provides oversight by subject \nmatter experts who are independent of the NN-00 line organization. \nOffices such as security (NA-70) and safety (NA-SH) provide strategic \noversight and performance data to the most senior NNSA leaders from a \nperspective outside the pressures and influences that can affect the \nline organization.\n    Based on these refinements and improved clarity, as well as the \nadded reliability of the structured levels of oversight, NNSA will work \nto ensure that our oversight and performance expectations are clear, \nwell executed, and not misinterpreted.\n    Mr. Rogers. Secretary Poneman, DOE\'s 2010 Safety and Security \nReform Plan advocated for a performance-focus and the removal of \n``excessive\'\' Federal oversight. Do you still stand behind the plan\'s \ncore tenets?\n    a. As Deputy Secretary, how will you ensure that NNSA and DOE \nconduct rigorous and effective--but not burdensome--oversight of \nsecurity at NNSA\'s facilities?\n    Mr. Poneman. Over the past two years the Department undertook an \neffort to assess the effectiveness of all safety and security \ndirectives with the goal of reducing redundancy, duplication and \ninconsistencies. The result is a set of directives that is more \nstreamlined, allows DOE program offices and contractors greater \nflexibility in implementing Departmental requirements, without \nsacrificing the level of protection of worker health, safety and \nsecurity. The directives reform effort was not a contributing factor to \nthe security failure at Y-12. None of the studies conducted so far \n(either by General Alston, Mr. Meserve, Mr. Augustine, General Finan, \nor the Inspector General) have pointed to the Department\'s revised \ndirectives. For instance, the revised DOE Order 226.1B, Implementation \nof Department of Energy Oversight Policy, requires that the Heads of \nthe Field Elements approve the initial contractor assurance system \ndescription; review and assess the effectiveness of the Contractor \nAssurance Systems (CAS); and establish performance expectations and \ncommunicate same to contractors through formal contract mechanisms. The \norder also contains contractor requirements for a CAS. This is a \ncontinuation of the requirements contained in the predecessor DOE order \n226.1A, dated July 31, 2007.\n    a. We will continue to ensure that NNSA and DOE perform rigorous \nand effective oversight of security and strive to improve that \noversight, in ways that minimize the impact to mission execution.\n    Mr. Rogers. Secretary Poneman, nearly every external review in the \npast decade has indicated serious problems with the security culture at \nNNSA and DOE. Culture changes are extremely difficult and often take a \nlong time. What immediate-term actions should we be taking to begin \nthis needed culture shift? What is your long-term plan to instill a new \nsecurity culture? [Question #18, for cross-reference.]\n    Mr. Poneman. a. We recognize the need for a positive culture \nchange. Immediate-term actions within the NNSA included the hiring of \nfour senior Federal personnel to transform our approach to security. A \nhighly-experienced individual with over 30 years of Nuclear Security \nexperience in the Department of Defense was appointed to serve as the \nnew Chief of Defense Nuclear Security; two new Senior Advisors \nexperienced in security matters will serve under the Chief to develop \noverall policy and ensure the adequacy of its implementation through \nassessments. In addition, a highly experienced individual was brought \ninto NA-00, the Office of Infrastructure and Operations, to provide \nhigh level operational experience to facilitate more consistent and \nhigh quality oversight of the operational security program. These \nindividuals are charged with changing the culture of the security \ncommunity.\n    Recognizing a need to continue improvement in the NNSA Safety \nCulture, the NNSA Administrator established the NNSA\'s Safety Culture \nWorking Group (SCWG) on December 3, 2012, to identify and direct \nspecific actions to improve the safety culture in NNSA. The SCWG \nquickly determined that it was appropriate, and more descriptive, to \naddress the overall NNSA performance culture, which includes security \nperformance. Everyone within the NNSA directly impacts our performance \nculture, regardless of role or function; therefore, everyone has a role \nin improving our overall performance culture.\n    The SCWG is conducting a comprehensive assessment of the NNSA \nculture, will analyze the data collected through extensive reviews of \nNNSA personnel and recommend corrective actions. The SCWG has authority \nto direct actions necessary to monitor and improve culture throughout \nNNSA.\n    As indicated in Geral Finan\'s review, after HSS security \ninspections revealed security flaws dating back to the early 200s, \nthese flaws are now getting HSS follow-up attention. We recognize that \ntrue lasting cultural change is the hardest type of change to \nimplement. NNSA senior leadership is united and engaged not only in \nacknowledging the need for change but in actively supporting that \nchange. The lessons learned the hard way from our experience at Y-12 \nhave served as an undeniable wake up call for us to set clear \nexpectations for performance, adherence to standards and attention to \ndetail across the NNSA enterprise.\n    b. First and foremost, we acknowledge the need to improve and to \nface facts about performance and culture head on. Our near-term actions \nset the stage for success in the long term. By bringing in several high \nquality experts with significant experience in nuclear weapons security \nwe have begun to set the example of supreme professionalism in our \nleadership. We have implemented all recommendations of the Finan Report \nwhich, over time, will drive clarity not only into the chain of command \nbut into the overall process by which we establish expectations across \nthe enterprise.\n    The new assessment model implemented by NA-70, our Chief of Defense \nNuclear Security organization, will drive consistency of implementation \nin requirements and ensure adherence to high standards across the NNSA \nenterprise through frequent and detailed formal assessments at our \nsites by independent internal NNSA security professionals.\n    These actions, supported by strong central leadership and \nunflinching focus will serve to increase the professionalism of the \nNNSA Headquarters security professionals, make more information \navailable to the Administrator and hit the culture of complacency that \nled to our Y-12 failure directly.\n    Mr. Rogers. Secretary Poneman, the first witness panel pointed out \nthat most of their findings and recommendations are not new--that they \nare strikingly similar to those made by many external reviews over the \npast decades. We have stacks and stacks of reports going back 15 or 20 \nyears--since before NNSA was created--describing the same exact \nproblems. [Question #19, for cross-reference.]\n    a. Please list the various external reports and reviews of security \nand general management/oversight problems at DOE and NNSA that you have \nused (and will use) to understand the problems and history behind them.\n    b. Why are these long-standing, well-documented problems not \ngetting fixed?\n    c. What assurances can you provide that they are now getting fixed? \nHow will we know they are effective?\n    d. Will the Obama Administration come forward with a package of \nreforms that will finally address the root causes of these problems in \nboth security and general management at DOE?\n    Mr. Poneman. In addition to the external security reviews by Mr. \nMeserve, Mr. Alston and Mr. Augustine and General Finan review of NNSA \nsecurity following the Y-12 incident, a number of external reports and \nreviews of DOE/NNSA security and general management/oversight since \nNNSA\'s creation. They included:\n    1) Federal Advisory Committee for the Nuclear Command and Control \nSystem Comprehensive Review (Admiral Mies Report), December 3, 2009\n    2) Strengthening NNSA Security Expertise, an Independent Analysis \n(Chiles Report), March 2004\n    3) Science and Security in the Twenty First Centure: A Report for \nthe Secretary of Energy on the Department of Energy Laboratories (Hamre \nReport), February 2002\n    4) Science and Security in the Service of the Nation: A Review of \nthe Security (Baker/Hamilton Report), September 2000\n    The Department takes the recommendations of internal and external \nsecurity experts seriously, and implements their findings and \nrecommendations as appropriate to address systemic problems. A top \npriority for the Department is improving the management and oversight \nof the Department\'s nuclear security mission.\n    As evidenced by the Y-12 security breach, there are existing \nchallenges in the nuclear security complex that needed to be addressed, \nsome that demonstrated the need for a deep cultural change. Many of the \nexternal reports commented about the organization and management \nweaknesses, such as a lack of clear accountability, roles and \nresponsibility, and authority. NNSA has taken on the challenge stemming \nfrom the proper line management security by implementing a key \nrecommendation in General Finan\'s review, making the security of the \nentire nuclear complex more secure and streamlined.\n    Prior to the Y-12 incursion, the Headquarters NNSA security \norganization, the Office of Defense Nuclear Security (NA-70), served as \na ``Functional Manager\'\' for the security mission, while the line \nauthority flowed from the Secretary to other NNSA Administrators and \nother organizations. General Finan recommended for strategic-level \npolicy guidance, requirements determination, and performance assessment \nto be under the jurisdiction of the Chief, Defense Nuclear Security \n(NA-70).\n    A separate office, NNSA\' s Office of the Associate Administrator \nfor Infrastructure and Operations (NA-00) would then provide the \noperational accountability for NNSA\'s security organization. \nOperational implementation and standardization of operations across the \nsecurity program occurs at the NA-00 level.\n    The existence of a single point through which the field reports and \nis held accountable is the way the NNSA will assure the consistent and \neffective implementation of security policy. This is a change from the \napproach the NNSA has taken-where each field office had greater \nlatitude in implementing policies and requirements for its site.\n    Mr. Rogers. Secretary Poneman, in his letter to Secretary Chu, Dr. \nMeserve notes that he and his fellow reviewers ``had some difficulty in \nobtaining a clear organization chart that defines the structure for \nsecurity oversight within DOE.\'\' He noted that issues within this \nproblem within NNSA were going to be addressed by General Finan\'s \neffort, but that ``a broader examination of DOE\'s internal management \nof security should be undertaken in order to streamline and simplify \nthe structure.\'\' Are you going to undertake this effort to streamline \nand simplify DOE\'s management structure for security? What steps will \nyou take and when? What can Congress do to support these efforts?\n    a. Are the recommendations made by General Finan on simplifying \nstructure within NNSA being implemented?\n    b. How is creation of a new office that will have security \nresponsibilities (NA-00), while maintaining or increasing the size of \nother offices with security responsibilities, ``simplifying\'\' the \nstructure?\n    c. Will you clarify and document the roles and authorities of NA-\n70, NA-00, DOE\'s Office of Health, Safety, and Security, site offices, \nsenior officials, and other parties? When will this happen? How will it \nbe documented and communicated to all stakeholders?\n    d. What steps are you taking to minimize conflicting policies and \ndirections provided by NNSA headquarters, DOE\'s Office of Health, \nSafety, and Security, and other Federal officials to field staff and \ncontractors?\n    Mr. Poneman. a. NNSA is implementing recommendations made by \nGeneral Finan following her thorough review of the federal NNSA \nsecurity organizational structure and security oversight model.\n    b. General Finan offered recommendations to established and ensure \na clear and strong path of line management authority, responsibility, \nand accountability for security operations within the NNSA. NNSA\'s \nOffice of the Associate Administrator for Infrastructure and Operations \n(NA-00) would provide the operational accountability for NNSA\'s \nsecurity organization, while the Chief, Defense Nuclear Security (NA-\n70) provides strategic-level policy guidance, requirements \ndetermination, and performance assessment.\n    c. The Department\'s Office of Health, Safety and Security (HSS), in \nconsultation with line management, is responsible for the development \nof DOE nuclear safety and security policy, Federal Rules, Orders, and \nthe associated standards and guidance, as well as for reviewing safety \nand security issues complex-wide. HSS also conducts independent \noversight and regulatory enforcement that is independent from line \nmanagement. HSS oversight has expanded the scope and variety of \nperformance testing methods utilized to assess the readiness of DOE and \nNNSA site protection systems against a defined spectrum of threats and \nadversary capabilities Performance testing methodologies include no-\nnotice and limited notice inspections to obtain a more realistic \nassessment of site response capabilities and readiness performance.\n    d. To directly address problems with the assessment model, NNSA has \nset about implementing a three-tiered approach to assessing security \nthroughout the NNSA. This approach includes: 1) an initial assessment \nperformed by the contractor at the site, 2) an assessment of the \ncontractor\'s performance carried out by the Chief of Defense Nuclear \nSecurity at DOE Headquarters (NA-70), and 3) independent oversight by \nthe Office of Health, Safety and Security. And, of course, apart from \nthis three-tiered assessment and inspection regimen, we expect Federal \nsite personnel to perform quality assurance activities on a routine \nbasis as an integral part of their line management responsibilities.\n    Mr. Rogers. Secretary Poneman, in the 1990s we had a string of \nmajor security problems at DOE Defense Programs, which then ran the \nnuclear weapons complex. In 1999, the President\'s Foreign Intelligence \nAdvisory Board called DOE ``security at its worst\'\' and a \n``dysfunctional bureaucracy that has proven it is incapable of \nreforming itself.\'\' Congress created NNSA in an effort to address these \nexact concerns. But on February 22 the DOE Chief Security Officer, \nGlenn Podonsky, was quoted telling a reporter that the nuclear \nenterprise ``wasn\'t working badly\'\' in the 1990s before NNSA was \nformed, and that we should just abolish NNSA and go back to having \neverything in DOE.\n    a. Do you agree with Mr. Podonsky that the nuclear enterprise \n``wasn\'t working badly\'\' in the 1990s?\n    b. Do you agree with Mr. Podonsky that NNSA should be dissolved and \nfolded back into DOE? Are Mr. Podonsky\'s views the position of the \nDepartment of Energy?\n    Mr. Poneman. I discussed Mr. Podonsky\'s remarks with him. His \ncomments were not accurately reflected in the news article you are \nreferencing, and he made clear at the time that the remarks were not \nmade on behalf of DOE. He merely remarked on the restructuring options \nthat an external review panel may consider and the feasibility of those \noptions. As you know, the Administration has made no proposal to \ndissolve the NNSA or to return to any previous organizational model.\n    Mr. Rogers. Secretary Poneman, are you aware that DOE\'s Office of \nHealth, Safety, and Security conducted an independent oversight \ninspection of Y-12\'s physical security systems in May 2012--just two \nmonths before the security breach?\n    a. When did you become aware of this inspection and its results?\n    b. Do you believe this inspection of Y-12\'s physical security \nsystems should have found the many problems--such as inoperative \ncameras, unacceptably high false alarm rates, inappropriate delegation \nof cognizant security authority, etc.--that were subsequently found to \nhave contributed to the breach?\n    c. How effective are these independent inspections if they can\'t \ncatch and correct these glaring problems?\n    Mr. Poneman. The report from May 2012 was not a full security \ninspection, nor was this report approved through the formal HSS review \nprocess. Official HSS reports go through an exhaustive peer-review \nprocess led by a Quality Review Board and are approved by all levels of \nHSS senior management including approval by the Chief Health, Safety \nand Security Officer. The May 2012 report was never considered by a \nQuality Review Board panel and was not reviewed or approved by HSS \nsenior management. The individual who wrote it and submitted it to the \nsite, (without a signature nor on DOE letterhead) has received a formal \nreprimand for his misrepresentation and was removed from any leadership \nrole for failing to follow important protocols and misrepresenting the \nnature of the product.\n    A security inspection by HSS would have revealed many of the \nproblems at Y-12--as did the most recent full inspection in 2008-2009. \nThis unsanctioned report was the product of an assistance visit \nrequested by the site to focus on some very narrow issues. This \nunapproved memo in no way could be interpreted as a validation that \neverything was OK with security at Y-12. Neither HSS senior management \nnor I were aware of the document until it was identified during a \nsearch for Y-12 related documents requested by Congress.\n    Mr. Rogers. Secretary Poneman, how long has DOE\'s Chief Security \nOfficer, Mr. Glenn Podonsky, been employed by the Department of Energy? \nHow long has he held senior positions in the Department that have to do \nwith security oversight and/or security policy?\n    a. Given his previous positions and tenure, do you believe Mr. \nPodonsky should have been aware of external reviews of DOE security \nfrom the 2000s (Such as the Commission on Science and Security in 2002 \nand the Mies Task Force in 2005)?\n    b. As the Chief Security Officer for the Department, do you believe \nit is Mr. Podonsky\'s responsibility to ensure that problems identified \nby previous external reviews of security are corrected?\n    c. Do you believe the problems identified by previous reviews, such \nas ``lack of clear accountability, excessive bureaucracy, \norganizational stovepipes, lack of collaboration, and unwieldy, \ncumbersome processes, \'\' as identified by Admiral Rich Mies in 2005 and \nmany others before him, have been addressed?\n    Mr. Poneman. Mr. Podonsky has served in DOE for approximately 29 \nyears, in a number of senior positions involving security evaluations, \nindependent oversight, and performance assurance. He has been relied \nupon by DOE leaders and Congressional oversight committees through \nthose years due to his experience and expertise in DOE nuclear security \nmatters. It is important to understand the security role of the Office \nof Health, Safety and Security (HSS) which is headed by Mr. Podonsky. \nHSS is a staff office reporting directly to me and the Secretary. HSS \nleads the development of Departmental security policies, and provides \nus with unvarnished assessments of DOE program and facility security \nperformance. Those assessments are performed independently of the line \nmanagement which holds responsibility for managing security at our \nsites and facilities. However because HSS is independent of line \nmanagement within the programs, it does not have authority to direct \nthe Federal or contractor security officials at each site; it is up to \nthese parties to take actions in response to HSS findings. HSS ideally \nplays a role in helping the programs implement security \nrecommendations, and follow-up to ensure that those recommendations are \nadequately addressed. Over his career Mr. Podonsky has been well aware \nof the various internal and external studies that have been done on DOE \nsecurity, and he has been involved at a senior level alongside previous \nSecretaries and Deputy Secretaries and the DOE program office line \nmanagement, in determining the most appropriate response to each study.\n    Mr. Rogers. Secretary Poneman, do you still have confidence in Mr. \nPodonsky as the Department\'s Chief Security Officer? Do you intend to \nhold him or his office accountable for failing to identify the myriad \nsecurity problems at Y-12 just two months prior to the incident, or for \nfailing to correct the long-standing security problems at DOE?\n    Mr. Poneman. We see HSS as an important source of the solution. All \nof us in the DOE security community--from the Secretary and me to \nprogram office and site management in both headquarters and the field, \nincluding HSS, have an obligation to improve security performance and \nwe are taking bold steps to ensure that the special nuclear materials \nof the DOE are adequately protected. For all of us who have not been \nremoved from the line management of security following the incident, it \nis our sole duty to ensure that we have learned from the incident and \nquickly and effectively implemented corrective actions. HSS has been a \nkey contributor to that effort. Since the Y-12 incident, HSS has led a \nsuccessful extent-of-condition review of all DOE facilities which hold \nCategory I special nuclear materials, and is now in the process of \nexecuting exhaustive inspections at each of these sites, to include \nenhanced force-on- force testing of our protective forces, as directed \nby the Secretary.\n    Mr. Rogers. Administrator Miller, all of the studies the committee \nis aware have been conducted after the Y-12 incident have been \nfinalized except the ``Special Review Team\'\' report conducted by NA-70. \nInitially, the committee was told that this assessment was expected to \n``contribute to the wider effort to identify root causes, develop \nconclusions, and outline recommendations\'\' for security improvements at \nY-12 and in other agency facilities. However, although the team\'s work \napparently concluded in September, it\'s been five months and the report \nhas not yet been finalized. What is the reason for this delay?\n    a. Have NNSA and DOE decided to discount the review because it was \nconducted by an organization whose oversight practices contributed to \nthe incident? If that\'s the case, then why was the HSS review not \nsimilarly discounted, given that HSS gave the physical security system \nat Y-12 a clean bill of health just two months prior to the incident? \nOr is it that senior NNSA or DOE officials disagree with the \nrecommendations and conclusions that the SRT report draws?\n    Ms. Miller. As soon as the Special Review Team (SRT) returned from \nTennessee, they shared their insights and findings with the Chief, \nDefense Nuclear Security (CONS) who took immediate action to resolve \nthe issues cited. One of his actions was the immediate sharing of \nlessons learned with field offices as well as the five page summary of \nthe issues found at Y-12 for use in assessing and improving their \nprocesses. That summary was also provided to the House Armed Services \nCommittee. Additionally, in January 2013, a draft version of the Y-12 \nSpecial Review Team report was provided to the House Armed Services \nCommittee; however, the ``Assessment of NNSA Federal Organization and \nOversight of Security Operations\'\' study was well underway and was \nyielding important recommendations. That report has since been \ncompleted and published, and was provided to the House Armed Services \nCommittee staffers in December 2012.\n    a. We value the information provided in the SRT report, and many of \ntheir observations focused on the larger National Nuclear Security \nAdministration security program, and are applicable to all of our \noperations. It is also important to note that the May 2012 HSS Site \nAssistance Visit report that you cite as giving the physical security \nsystem at Y-12 ``a clean bill of health,\'\' did not represent a full \nsecurity inspection of Y-12, but only examined a few site specific \nissues HSS was asked to help assess.\n    Mr. Rogers. Administrator Miller, how is NNSA handling the \nconflicting recommendations generated from the various post-Y-12 \nincident studies? For instance, the DOE-HSS and Finan reports recommend \nconducting more hands-on oversight of security, while Mr. Augustine and \ntwo external members of the SRT panel caution specifically against \nthis. [Question #22, for cross-reference.]\n    a. As the Acting Administrator, how will you ensure that NNSA and \nDOE conduct rigorous and effective--but not burdensome--oversight of \nsecurity at NNSA\'s facilities?\n    Ms. Miller. NNSA leadership implemented several processes and \nprocedures to improve security throughout the enterprise and ensure a \nconsistent standard for security operations. The Office of Defense \nNuclear Security (NA-70) has been realigned to focus on policy \ndevelopment, strategic planning, and independent performance \nassessments of security activities. The Office of Infrastructure and \nOperations (NA-00), comprised of the NNSA Field Offices will develop an \ninternal performance review culture that will supplement the local \nfield offices. These performance reviews will be staffed by field \noffice employees from other sites and be specifically integrated with \nother audit and surveillance plans to minimize operational impacts. To \nelaborate, I have revised our processes so that NNSA will rely on a \nthree-tiered assessment model that will focus on performance and \noutcomes (not just process) at the tactical, operational, and strategic \nlevels. The contractor self-assessment process continues as a \n``tactical level\'\' first tier in the overall assessment process. The \nOffice of Infrastructure and Operations, drawing on NNSA federal \nresources from across the complex, will provide ``operational level\'\' \noversight to ensure consistent and effective performance from a line \nmanagement perspective. Finally, the ``strategic\'\' oversight is \nconducted by NA-70/CDNS. An internal independent Federal assessment \norganization, which reports directly to the Chief of Defense Nuclear \nSecurity, and will ensure requirements are properly implemented by \ngoing to the field, with minimal notice, and assessing security \nreadiness, operations, and implementation. A final tier of the \nassessment model completely separate from NNSA is currently provided by \nthe Office of Health, Safety and Security.\n    a. As described in the response to Q22 [above], NNSA will employ a \nsystem of tactical, operational, and strategic oversight.\n    Mr. Rogers. Administrator Miller, we\'ve heard differing opinions on \nhow DOE and NNSA\'s protective forces should be structured. Do you \nbelieve federalization of the protective forces is an appropriate path \nforward? What are the benefits, risks, and costs of the various models \nfor the protective forces?\n    Ms. Miller. I defer to the Deputy Secretary of Energy\'s response. \n[See page 131.]\n    Mr. Rogers. Acting Administrator Miller, do you believe NNSA has a \nrigorous means of assessing, managing, and balancing security risks, \ncosts, and mission needs? If so, please describe this process.\n    Ms. Miller. Yes I do. NNSA leadership has implemented several \nprocesses and procedures to improve security throughout the enterprise \nand ensure a consistent standard for security operations.\n    We realigned security resource execution to the Office of \nInfrastructure and Operations (NA-00) in alignment with its operational \nauthority across all NNSA sites.\n    <bullet>  NA-00 is assuming operational control over security \nimplementation across the Nuclear Security Enterprise.\n    <bullet>  Specifically, NA-00 will ensure:\n        <bullet>  standardization of security procedures across the \n        field locations;\n        <bullet>  provide operational assistance; and\n        <bullet>  serve as a conduit for operational concerns to the \n        DNS staff.\n    Additionally, the Defense Nuclear Security (DNS) mission was \nreinvigorated to focus on policy development, strategic planning, and \nperformance assessments of field-led activities.\n    For example, as NNSA Acting Administrator, I recently dispatched \nthe new Acting Chief of DNS, travelling with a team of security \nprofessionals, to visit every NNSA site during his first 50 days in \noffice, executing limited and no-notice assessments of their security \nreadiness, operations, and program implementation. These site visits \nare the first step in what will become an enduring mission focus. NNSA \nis committed to change our culture of how we assess security so that we \nare less reliant on reports written by others and more focused on our \nown real time assessments with a ``boots on-the-ground\'\' approach.\n    Mr. Rogers. Acting Administrator Miller, how much has the response \nand aftermath to the Y-12 incident cost? How is NNSA paying for these \ncosts? Do you expect security costs to increase dramatically at Y-12 \nand/or across the enterprise in Fiscal Year 2014 and beyond?\n    Ms. Miller. The costs incurred for immediate corrective actions in \nFY 2012 were approximately $13,680K. Approximately $2,984K of this \namount were indirect costs funded from organizational overhead pools. \nApproximately $10,696K were paid for directly from the Field Security \n(FS-20) account, but managed within the funding already allocated to \nthe site prior to the event. Total costs will depend on NNSA approval \nof the specific baseline increases and non- recurring project/\nprocurements proposed by the site. For FY13 and beyond, these are still \nbeing carefully vetted by subject matter experts and senior decision \nmakers and will be subject to the results of a new vulnerability \nanalysis. DNS expects there may be some minor increases in the \nrecurring level of effort, but most corrective actions have been and \nwill be largely one-time costs.\n    Mr. Rogers. Administrator Miller, several witnesses from the first \npanel indicated in their reports that the governance reforms initiated \nby Secretary Chu and Administrator D\'Agostino were misinterpreted or \nmisapplied by Federal staff, which was a contributing factor to the Y-\n12 incident. Do you agree?\n    Ms. Miller. Please see the answer the Deputy Secretary gave in \nresponse to question #16. [See page 131.]\n    Mr. Rogers. Administrator Miller, NNSA has created the ``NA-00\'\' \norganization to manage the site offices. It will also have a role in \noverseeing security at NNSA facilities. How will this new organization \nfit into the many other organizations with security responsibilities, \nincluding NA-70, DOE-HSS, and the site offices? Are you confident that \nthis extra office will resolve these long-standing problems with \nsecurity organization, policy, and oversight? Are you at all concerned \nthat this additional office will simply complicate an already too-\ncomplicated structure?\n    Ms. Miller. First and foremost, it is important to clarify that NA-\n00 is not actually an additional layer or office. It is the combination \nof all NNSA Site Offices into a single operational entity. So, rather \nthan have eight independent operational level entities, each \nestablishing standards and procedures and setting expectations locally, \nthe NA-00 organization will fulfill those functions on an enterprise \nbasis. The Office of Infrastructure and Operations (NA-00), with \nenterprise operational responsibilities will drive consistent \nimplementation of requirements across the Nuclear Security Enterprise.\n    Specifically, NA-00 will:\n    <bullet>  ensure consistent implementation of security policies \nwhile allowing for purposeful differences;\n    <bullet>  deliver high quality engaged and active oversight of \nsecurity operations;\n    <bullet>  provide operational assistance between field offices; and\n    <bullet>  serve as a conduit for operational concerns to the \nDefense Nuclear Security staff.\n    Establishment of NA-00 will allow the Office of Defense Nuclear \nSecurity (NA-70) to focus on policy development, strategic planning, \nand perform independent assessments of security activities. Yes, I am \nconfident that this new organization structure will resolve the long-\nstanding problems with security organization, policy, and oversight\n    No, I do not believe this new organizational structure will cause \nany confusion. These organizational changes will result in clearer \nroles, responsibilities, and authorities.\n    Mr. Rogers. Acting Administrator Miller, nearly every external \nreview in the past decade has indicated serious problems with the \nsecurity culture at NNSA and DOE. Culture changes are extremely \ndifficult and often take a long time-what immediate-term actions should \nwe be taking to begin this needed culture shift? What is your long-term \nplan to instill a new security culture? What is your plan to attract \nthe kinds of experts and knowledge-base that are needed to perform \neffective oversight?\n    Ms. Miller. Please see the Deputy Secretary\'s answer to question \n#18. [See page 133.]\n                                 ______\n                                 \n                   QUESTIONS SUBMITTED BY MR. COOPER\n    Mr. Cooper. General Alston, do NNSA contractors have too little \nindependent oversight, or too much?\n    General Alston. There was poor quality oversight of the contractor \nproviding security at Y-12. The ``eyes on, hands off\'\' signal from the \nHQ, together with insufficient and inadequate performance-based \nassessments contributed to poor oversight conditions. Other sites\' \nsecurity operations, however, performed satisfactorily, in spite of \n`hands off\' atmospherics. The quality of the oversight is one several \nkey ingredients to effective performance.\n    Mr. Cooper. Do you believe that the incident is the result of \noverly burdensome security requirements, as some have claimed?\n    General Alston. I saw no evidence to substantiate overly burdensome \nsecurity requirements as causal or even contributing to the incident. \nThe NNSA ``eyes on, hands off\'\' signal contributed to a lack of \nsufficient oversight that empowered too much local discretion at Y12 \nthat resulted in additional and unjustifiable mission risk.\n    Mr. Cooper. What should be done at the contract level to increase \naccountability and liability for failures? Should the government be \nable to seek damages for non-performance? Should criminal liability be \nan option?\n    General Alston. I don\'t feel qualified to comment on or suggest \nspecific contracting options to ensure proper security performance \nbecause the duration of the project was short and the direction from \nthe Secretary of Energy did not lead me in that direction. I personally \nwouldn\'t prefer to secure nuclear materials with contractors. But if \nDOE and NNSA continue to purchase protective services, governance \nrequirements and accountability needs to be squared away with the \ngovernment overseers first.\n    Mr. Cooper. General Finan, do you think that NNSA has gone too far \nin delegating responsibility for making security decisions to its \ncontractors?\n    General Finan. Yes, in some cases. There was no clear policy \nguidance on what could be delegated or how the delegations would be \nimplemented. NAP- 70.2, Physical Protection, has allowed for varied \ninterpretations of what can and cannot be delegated. There was no \nstandardized process for the delegation of CSA from the Chief of \nDefense Nuclear Security to the Federal security managers. Further \ndelegation of CSA to the security contractor was inconsistently \nexercised and in some cases inappropriate. As a result, the contractor \nwas sometimes allowed to approve security plans and procedures without \neffective Federal oversight or approval.\n    Mr. Cooper. General Finan, do NNSA contractors have too little \nindependent oversight, or too much?\n    General Finan. NNSA contractors do not have the right kind of \noversight. Much of the ``burden\'\' of oversight is caused by excessive \npaperwork associated with evaluating compliance. The current security \nassessment process in NNSA is paper-based and is heavily dependent on \nfield office and contractor reporting. Large volumes of paperwork are \ngenerated each quarter in which it is nearly impossible to discern \ntrends or significant deficiencies.\n    In the area of security, oversight must be about performance. \nTherefore, oversight should see actual performance in the form of real \nworld activity or exercises. Some paperwork should be reviewed, such as \ntraining records, but that paper work should already exist and not be \ngenerated solely for the purpose of outside oversight. Specific \nstandards against which security operations are to perform and the \ncriteria by which they will be evaluated must be codified. This will \nensure security contractors know what is expected and how they will be \nevaluated. By eliminating paperwork generated solely for the purpose of \noversight and adhering to a known set of standards and criteria, \nsecurity oversight should not be burdensome.\n    Mr. Cooper. Do you believe that the incident is the result of \noverly burdensome security requirements, as some have claimed?\n    General Finan. No. A lack of clearly defined security requirements \ncontributed to the incident. There is no clearly established \nrequirements-driven baseline to govern the implementation of the NNSA \nsecurity program. Rather, the NA-70 approach deliberately departed from \nkey DOE Security Orders and established a less restrictive security \npolicy framework through the NAPs without resolving the different \nperformance measurement expectations between the two policies. The lack \nof clearly defined performance requirements resulted in inconsistent \nand incomplete security program implementation. A performance baseline, \nset forth in detailed standards and criteria, is the keystone of an \neffective security program. Precisely articulated standards and \ncriteria further provide an objective foundation for performance \nassessment. Currently, NNSA does not have the standards or criteria \nnecessary to effectively measure security program performance. The Task \nForce noted that the lack of standards and criteria has been coupled \nwith the widespread notion that contractors must only be told ``what\'\' \nthe mission is, not ``how\'\' the mission is to be accomplished. \nTherefore, security tasks are not necessarily performed in a manner \nconsistent with NNSA security requirements.\n    We should also resist the notion that strong performance-based \nstandards and criteria and an equally strong insistence on stringent \nperformance assessment and oversight inherently constitutes an \nexcessive burden on contractors and the field. Part of the cultural \nchallenge lies in overcoming the tendency on the part of contractors \nand their field level federal counterparts to assert that their local \npriorities and perspectives must take precedence over comprehensive and \ncoherent, centrally-driven security program direction. A good system \nmust take into account special local circumstances. However, NNSA\'s \nlongstanding tradition has been the assertion that ``the field always \nknows best,\'\' and that Headquarters should simply stay out of their \nbusiness. Upon close examination, many complaints about ``excessively \nburdensome HQ security oversight\'\' are revealed as exercises in ``turf \nprotection\'\'.\n    Mr. Cooper. What should be done at the contract level to increase \naccountability and liability for failures? Should the government be \nable to seek damages for non-performance? Should criminal liability be \nan option?\n    General Finan. This is largely an issue for contracting. It is \nimportant that responsibilities and authorities are properly aligned. \nEach organization needs to have clearly defined responsibilities. With \neach of these responsibilities, the appropriate authority must be \naccorded. With responsibility and authority in alignment, individual \nand organizational accountability is established.\n    Mr. Cooper. Mr. Friedman, do you think that NNSA has gone too far \nin delegating responsibility for making security decisions to its \ncontractors?\n    Mr. Friedman. Given the structure of NNSA (specifically, the number \nof contractor versus Federal personnel), extensive responsibility for \nsecurity decisions has been delegated to contractors. This having been \nsaid, we found that Federal oversight of the contractors and their \nsecurity decisions was inadequate. At Y-12 the lack of local Federal \ninvolvement in technical security issues and NNSA\'s ``eyes on, hands \noff\'\' policy were troubling, suggesting to us that the relationship \nbetween contractor responsibility and Federal responsibility for site \nsecurity was out of balance.\n    Mr. Cooper. Mr. Friedman, do NNSA contractors have too little \nindependent oversight, or too much?\n    Mr. Friedman. In my opinion, NNSA contractors have too little \nindependent oversight. Local Federal oversight had employed an ``eyes \non, hands off\'\' approach, with limited independent performance testing/\nassessment. In recent years the number and scope of reviews by HSS has \nalso been reduced.\n    Mr. Cooper. Do you believe that the incident is the result of \noverly burdensome security requirements, as some have claimed?\n    Mr. Friedman. No. Our reviews of security across the complex have \nnot revealed examples of what we considered to be overly burdensome \nsecurity requirements. Rather, we found that the incident at Y-12 \nresulted from multiple system failures on several levels. For example, \nwe identified troubling displays of ineptitude in responding to alarms, \nfailures to maintain critical security equipment, over-reliance on \ncompensatory measures, misunderstanding of security protocols, poor \ncommunications, and weaknesses in contract and resource management. So-\ncalled burdensome security requirements were not part of the sequence \nof events at Y-12.\n    Mr. Cooper. What should be done at the contract level to increase \naccountability and liability for failures? Should the government be \nable to seek damages for non-performance? Should criminal liability be \nan option?\n    Mr. Friedman. To increase accountability and liability for failures \nat the contract level, performance measures should be added to each \ncontractor\'s Performance Evaluation Plan to incorporate security into \neach mission element. Such action would hopefully prevent contractors \nfrom earning full performance fees unless security is: (1) integrated \ninto day-to-day processes and, (2) found to be effective and efficient \nby external reviewers. While the fee structure provides an incentive \nfor excellence in contractor performance in the security arena, the \nNNSA/DOE should not be reluctant to terminate contracts for poor \nperformance. That may be an extreme measure for some, but when national \nsecurity interests are at stake, it is a step which needs to be \navailable to, and exercised by, Federal managers.\n    Mr. Cooper. Secretary Poneman, are lessons from the deficiencies in \nsecurity oversight being applied to safety oversight? How?\n    Mr. Poneman. Yes. Where we see opportunities for improvement \nidentified in our response to the Y-12 security incident which can also \nbe employed to improve our oversight of safety, we will seek to do so. \nA fundamental failure in the Y-12 incident was the inadequate flow of \ninformation about underlying security problems up through the \nmanagement chain. Under the leadership of the Office of Health, Safety \nand Security (HSS), over the past year a number of independent \nassessments have identified deficiencies in safety culture at several \nDOE projects, sites and programs. We know now that we must do a better \njob in creating an environment where employees at all levels feel \nmotivated to identify deficiencies in both safety and security, and \nfeel confident that they can bring those problems forward without \nretaliation and to work with management to develop appropriate \nsolutions. This, too, is a very high priority for our leadership team.\n    Mr. Cooper. Secretary Poneman, what was the cost of overtime to \navoid delays due to Y-12 being shut down?\n    Mr. Poneman. Following the security incident in July 2012, \noperations activities at Y-12 were shut down from July 30 to August 14, \n2012, for a total of 10 days. This shutdown impacted a number of \noperations activities, including Category 1 and 2 Special Nuclear \nMaterials Operations. Restart of these activities were phased back in \non August 15, 2012; overtime costs of about $34,000 were incurred in \norder to get the work back on schedule.\n    Mr. Cooper. Secretary Poneman, B&W got nearly 60% of its award fee \nin FY2012. The security failure at Y-12 only cost them $12 million in \nun-earned fee. [Question #42, for cross-reference.]\n    <bullet>  What should be done at the contract level to increase \naccountability and liability for failures? Should the government be \nable to seek damages for non-performance and be able to impose fines?\n    <bullet>  Should criminal liability be an option to improve the \nincentives for performance and the contractor culture?\n    <bullet>  Other than docking Babcock & Wilcox\'s award fee for \nsecurity, is NNSA attempting to get back part of the more than $150 \nmillion that was spent on security, given non performance?\n    Mr. Poneman. The contract, along with existing Federal and DOE \nAcquisition Regulations, have sufficient terms and conditions to hold \ncontractors accountable and liable for performance failures. \nAdditionally, given the unprecedented nature of this failure, the \nDepartment is reviewing our existing regulatory authorities to \ndetermine if these need to be expanded to cover the security of special \nnuclear materials.\n    The Department possesses statutory and regulatory authority to \nimpose civil penalties. In addition, I believe adequate and sufficient \ncriminal laws are already in place. Federal criminal law involving \nfraud, conflict of interest, bribery or gratuity violations and false \nclaims are currently applicable, as appropriate, to contractors. In \naddition, contractors must ensure that no false, fictitious, or \nfraudulent statements are made to a Federal agency under 18 U.S.C. \nSec. 1001.\n    The Department is in the process of reviewing the matter and will \nenforce its rights under the contract to hold Babcock & Wilcox Y12 \naccountable for its deficient work, including withholding payment of \ncosts if appropriate.\n    Mr. Cooper. Secretary Poneman, nearly every external review in the \npast decade has indicated serious problems with the security culture at \nNNSA and DOE. Culture changes are extremely difficult and often take a \nlong time--what immediate-term actions should we be taking to begin \nthis needed culture shift?\n    <bullet>  What is your long-term plan to instill a new security \nculture?\n    <bullet>  What is your plan to attract the kinds of experts and \nknowledge-base that are needed to perform effective oversight?\n    Mr. Poneman. Please see Deputy Secretary Poneman\'s response to \nquestion 18 for an answer to the first bullet. [See page 133.] The \nanswer to the second bullet is provided by Deputy Secretary Poneman\'s \nresponse to question 19. [See pages 133-134.]\n    Mr. Cooper. Secretary Poneman, how are you ensuring that Federal \noversight performs site vulnerability analyses that look at the \nsystemic impact and the broader implications of individual security \ndecisions? [Question #46, for cross-reference.]\n    Mr. Poneman. The current vulnerability analysis (VA) process is \ndriven at the site level. While this ensures results that are highly \ntailored to individual site-specific parameters, it can also produce \nwidely divergent approaches to security across the NNSA.\n    This issue was recognized in General Finan\'s Report ``Assessment of \nNNSA Federal Organization and Oversight of Security Operations.\'\' The \nreport was the main driver for the establishment of the Office of \nSecurity Operations (NA-00-30) within the larger NA-00 Office of the \nAssociate Administrator for Infrastructure and Operations. Consistent \nwith the recommendations of the Finan Report, NA-00-30 will be the \ncentralized security function for NNSA that ensures line management \nauthority, responsibility, and accountability for the security program \nwithin the NNSA.\n    In its role as the centralized security function, NA-00-30 will \nestablish a new centralized VA process that employs a core team of VA \nexperts teamed with site subject matter experts to produce site-\nspecific analyses while gaining consistency across the Enterprise, \nidentifying systemic issues and broader implications, and ensuring \ngreater transparency and justification for Field Security (FS-20) \nbudget requests.\n    Mr. Cooper. Acting Administrator Miller, are lessons from the \ndeficiencies in security oversight being applied to safety oversight? \nHow?\n    Ms. Miller. Yes. Lessons learned from the Y12 security incident are \nbeing applied to safety oversight. The organizational changes and \nrevised oversight approach for security are also being implemented for \nsafety. In addition, NNSA is working aggressively to evaluate and \nimprove its safety culture across all sites. Although this effort began \nbefore the Y12 event, strengthening NNSA\'s safety conscious work \nenvironment will help ensure contractor and Federal personnel are \nencouraged and motivated to identify and seek resolution of safety \nissues and to raise these issues up through the management chain. One \nof the more significant lessons learned in the Y-12 incident was that \nknown, significant issues with security were not being raised from \nsubject matter experts up through the NNSA management chain.\n    Mr. Cooper. Acting Administrator Miller, what was the cost of \novertime to avoid delays due to Y-12 being shut down?\n    Ms. Miller. Following the security incident in July 2012, \noperations activities at Y-12 were shut down from July 30 to August 14, \n2012, for a total of 10 days. This shutdown impacted a number of \noperations activities, including Category 1 and 2 Special Nuclear \nMaterials Operations. Restart of these activities were phased back in \non August 15, 2012; overtime costs of about $34,000 were incurred in \norder to get the work back on schedule.\n    Mr. Cooper. Acting Administrator Miller, B&W got nearly 60% of its \naward fee in FY2012. The security failure at Y-12 only cost them $12 \nmillion in un-earned fee.\n    <bullet>  What should be done at the contract level to increase \naccountability and liability for failures? Should the government be \nable to seek damages for non-performance and be able to impose fines?\n    <bullet>  Should criminal liability be an option to improve the \nincentives for performance and the contractor culture?\n    <bullet>  Other than docking Babcock & Wilcox\'s award fee for \nsecurity, is NNSA attempting to get back part of the more than $150 \nmillion that was spent on security, given non-performance?\n    Ms. Miller. Please see Deputy Secretary Poneman\'s response to \nquestion 42. [See page 141.]\n    Mr. Cooper. Acting Administrator Miller, nearly every external \nreview in the past decade has indicated serious problems with the \nsecurity culture at NNSA and DOE. Culture changes are extremely \ndifficult and often take a long time--what immediate-term actions \nshould we be taking to begin this needed culture shift?\n    <bullet>  What is your long-term plan to instill a new security \nculture?\n    <bullet>  What is your plan to attract the kinds of experts and \nknowledge-base that are needed to perform effective oversight?\n    Ms. Miller. For response to the first part of the question on \nsecurity culture, please see response to question 18. [See page 133.]\n    In addition to our overall efforts to improve the NNSA performance \nculture, we are taking additional actions to specifically address \nsecurity. We have recruited new leaders for both the Office of Defense \nNuclear Security (NA-70) and the office of security within the Office \nof Infrastructure and Operations (NA-00). Those leaders come to us from \noutside the Department of Energy and bring vast and varied sets of \nskills and experience from their careers in the Department of Defense \nnuclear community.\n    Besides the infusion of new leadership, we are encouraging a \nquestioning attitude from the people that perform the work day-to-day \nat the sites. While it is easy to fall into routines that contribute to \nthe effect of not being able to see the forest for the trees, \nencouraging employees to question the status quo also promotes \nownership and understanding of the security processes.\n    Another thing we plan to incorporate into the NA-00 performance \nassurance process is the use of security professionals from across the \ncomplex to augment our assessments. This provides several advantages; \nit allows security professionals from other sites to participate in the \nevaluation process removing the mystique, takes advantage of and \nrecognizes the professionals at the other sites, and encourages the \nsharing of best practices. All of these contribute to instilling a new \nsecurity culture.\n    Additionally, NA-70 will focus on policy development, strategic \nplanning, and performance assessments of field activities.\n    Using small assessment teams of security experts with minimal \nadvanced notice to the sites, NA-70 will assess security readiness, \noperations and program implementation of both the Federal and \ncontractor security elements. These assessments will be short in \nduration but repetitive throughout the year.\n    This new assessment approach will require additional oversight \npersonnel. NA-70 is working to recruit additional Federal senior \nsecurity specialists. These individuals will augment the current \nFederal senior security specialists to allow for the execution of a \nrigorous assessment program.\n    We are working with our Human Capital community in an effort to \ntarget recruitment of oversight personnel toward communities that are \nrich in the basic skill sets germane to the mission. Specifically, we \nare looking to tap into the pool of resources which have previously \nserved an oversight and/or assessment role in support of the National \nnuclear security mission.\n    Mr. Cooper. Acting Administrator Miller, how are you ensuring that \nFederal oversight performs site vulnerability analyses that look at the \nsystemic impact and the broader implications of individual security \ndecisions?\n    Ms. Miller. Please see Deputy Secretary Poneman\'s response to \nquestion 46. [See page 141.]\n\n                                  <all>\n\x1a\n</pre><script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script></body></html>\n'