What GAO Found
The Department of Energy’s (DOE) and the National Nuclear Security Administration’s (NNSA) annual reports for 2014 and 2015 on the security of nuclear facilities holding special nuclear material did not fully meet the definition of quality information under the federal internal control standards. These standards define quality information as appropriate, current, complete, accurate, accessible, and provided on a timely basis. GAO found that, in general, while the reports were based on current information and were accessible to Congress, they did not fully meet quality information standards because the reports:
- did not always contain complete information on the assessments used to support the agencies’ certifications that sites are secure and
- were not provided to Congress in a timely manner.
For example, DOE’s 2015 annual security report did not mention whether an important assessment was conducted at two of its four sites or include information regarding the date or outcome of the assessment at three of its four sites. NNSA’s 2015 annual security report noted its sites conducted these assessments; however, it did not provide information regarding the date or outcome at one site. Without complete information on the assessments used to determine each site’s overall security assessment, it was not always possible to determine the basis for the site security certification solely using the information contained in the reports. In addition, GAO found that DOE’s and NNSA’s annual 2014 and 2015 security reports were issued several months late. DOE officials told GAO the delay was partly due to the lengthy internal review process. DOE and NNSA stated that they would promptly report any serious security issues to Congress using means other than the annual security reports. When the reports are issued late, however, Congress may not routinely receive timely notice of issues so that it can take actions to improve sites’ security.
GAO’s review of the annual security status reports and interviews with agency officials indicated that DOE and NNSA share significant challenges that could affect their ability to maintain physical security at sites and certify them as secure. For example, security infrastructure, such as fences, alarms, and sensors, at many DOE and NNSA facilities is outdated and requires extensive maintenance to ensure proper functioning. NNSA is developing a physical security infrastructure plan to be issued in spring 2017, but DOE has not fully developed plans or estimated costs to address its needs. Additionally, DOE has not fully implemented a June 2011 order, which could result in some nuclear materials requiring additional security. GAO found that even though the order called for implementation plans within 6 months of its issuance, one DOE site, with the approval of the Deputy Secretary of Energy, will not have an implementation plan until 2018. Based on GAO’s review and the comments of agency officials, neither the 2014 and 2015 security reports provided comprehensive risk and potential vulnerability information to Congress nor had these issues been communicated through other means.
Why GAO Did This Study
DOE and NNSA operate sites with facilities holding special nuclear material that can be used to make nuclear weapons. The National Defense Authorization Act of 2014 requires the Secretary of Energy to submit to congressional committees a report detailing the status of security at sites holding key quantities of special nuclear material, along with a certification that the sites meet DOE’s security standards and requirements by December 1 of each year. The law requires DOE’s reports to include a similar report from NNSA. A report accompanying the legislation included a provision for GAO to evaluate these efforts. This report examines (1) the extent to which these DOE and NNSA reports meet the definition of quality information under federal internal control standards, and (2) any significant physical security challenges at sites that the reports or agency officials identified and the extent to which the agencies have addressed them. GAO reviewed the 2014 and 2015 reports and interviewed agency officials.
What GAO Recommends
GAO recommends that DOE include more complete information in the reports, better align the review process and mandated deadlines, plan for infrastructure needs, and inform Congress of the reason for delays in implementing its June 2011 order and any identified vulnerabilities. DOE raised concerns with the first recommendation, generally agreed with the second and the third, and stated it had already implemented the fourth. In response, GAO modified the first recommendation and will assess DOE’s implementation of the fourth.
For more information, contact Shelby S. Oakley at (202) 512-3841 or firstname.lastname@example.org.