Corrected - 11.30 pm Pacific, 30 April 2007
Original story: 2 April 2007
Less than three months after the Department of Energy fired Linton Brooks, then head of the National Nuclear Security Administration (NNSA), because of security lapses, the agency Department of Energy is once again in the "oops we lost it" spotlight. This time the loss is 20 desktop computers containing information on nuclear weapons; at least 14 contained classified information. From the original news report:

[T]he office involved in this breach has a special responsibility, tracking and countering efforts to steal bomb information. Its computers would have material on what the department knew about foreign operatives and efforts to steal sensitive information.

The original article cited the NNSA with stewardship of the computers, but the report (pdf), which was brought to our attention by the NNSA Special Advisor for Public Affairs, places that responsibility on the shoulders of the DOE Counterintelligence Directorate (CN), which is part of the Office of Intelligence and Counterintelligence. Got that?

I challenge you to find the CN on this organizational chart.

On the web site section "National Security," Intelligence and Counterterrorism has no home link.

Report details
Note that the acting administrator of the NNSA is on the "cc" list from the DOE Inspector General. The report is addressed to the Secretary of the Department of Energy. However, the Office of Intelligence encompasses nuclear activities:

The Department of Energy’s Office of Intelligence (IN) is the Intelligence Community's premier technical intelligence resource in four core areas: nuclear weapons and nonproliferation; energy security; science and technology; and nuclear energy, safety, and waste.

A glance at this introductory paragraph from a 2006 CRS report (pdf) shows why a normal person can be forgiven for being confused about "who's on first" at the Department of Energy:

Concerned by reported security and counterintelligence (CI) lapses at the Department of Energy (DOE), Congress in 1999 established a semi-autonomous agency — the National Nuclear Security Administration (NNSA) — to oversee DOE’s national security-related programs. Within NNSA, Congress established the Office of Defense Nuclear Counterintelligence to implement NNSA’s counterintelligence program. Although DOE’s existingOfficeofCounterintelligence develops CI policy for both agencies, it implements policy only at non-NNSA facilities. Some studies have questioned the effectiveness of a dual office structure in combating foreign espionage and have urged the adoption of an alternative structure...

One approach, which DOE has initiated, merges under the control of a new DOE Office of Intelligence and Counterintelligence DOE’s Office of Intelligence, which assesses foreign nuclear weapons programs, and DOE’s CI office. Under an anticipated second phase, which would require congressional approval, the new office would absorb NNSA’s CIprogram.

NNSA
Brooks was dismissed in January for similar security lapses:

In October, classified nuclear-related documents were discovered at the home of a former Los Alamos lab employee during a drug raid. In June, Bodman reprimanded Brooks for failing to report an incident at an Energy Department office in Albuquerque, where Social Security numbers and computerized personnel records of 1,500 staffers were stolen.

In The US Government We Do Not Trust
This is the 13th time in slightly more than four years that NNSA has lost computers containing secret information. But cybersecurity issues are not limited to the Energy Department.

In 2004, U.S. cybersecurity chief Amit Yoran gave the White House one day's notice, reportedly because of the low priority being placed on computer security by Homeland Security. Last April, we learned of stolen computer drives in Afghanistan.

When the Counterintelligence Directorate audit began, 141 desktop computers were unaccounted for. In some cases, paperwork showed that they had been taken out of service. However, at least one computer was in service that was supposedly out of service.

As with most bad news, the assessment from the Energy Department inspector general was released Friday, according to news reports. However, there is nothing about it in the news sections of the web sites of the NNSA or the Department of Energy.

Established by Congress in 2000, the NNSA is a semi-autonomous agency within the U.S. Department of Energy; it is responsible for enhancing national security through the military application of nuclear energy. It was established in large part because of security scandals.

Security problems at the 30-year-old Department of Energy are legend. A 1999 report from the Federation of American Scientists details a timeline of issues with the agency.

Contractors Are Us
Report after report (1997, 2001, 2005) from the House Committee on Appropriations contains a sentence like this one from 2005:

The Committee continues to believe there is too much reliance on support service contractors and other non-Federal employees throughout the Department of Energy.

It seems obvious to me -- like the House Appropriations Committee -- that an agency charged with managing secret information would be better served by permanent employees than contractors. [I was once a contractor at Boeing, but in the commercial group, not defense.]

That, however, is in conflict with an Administration -- and an Agency -- that values outsourcing.

Technorati Profile