Jul 7, 2008

Internal Controls Over SCI Access for LANL and Sandia


Department of Energy
Washington, DC 20585
July 1 , 2008

MEMORANDUM FOR THE DIRECTOR, OFFICE OF INTELLIGENCE AND COUNTERINTELLIGENCE

FROM: Gregory H. Friedman, Inspector General

SUBJECT: INFORMATION: Inspection Report on "Internal Controls Over Sensitive Compartmented Information Access for Selected Field Intelligence Elements''

BACKGROUND
As a member of the U.S. Government's Intelligence Community, the Department of Energy (DOE) serves as the premier technical intelligence resource in the areas of nuclear weapons, nonproliferation, energy, science, technology, and emerging threats. DOE accomplishes its intelligence mission by drawing from technical expertise located throughout the Department complex. This necessitates Department-affiliated personnel having access to sensitive compartmented information (SCI), which is a designation given to classified information derived from intelligence sources, methods, or analytical processes that are required to be handled through designated access control systems.

DOE's Office of Intelligence and Counterintelligence is responsible for granting SCI access authorization to DOE-affiliated personnel who need access to intelligence information. Individuals must have an active Top Secret or "Q'' clearance to be granted and maintain SCI access authorization. The Office of Intelligence and Counterintelligence maintains "Lockbox", a database that it uses to track SCI access authorizations.

To complement a recent Office of Inspector General inspection of internal controls associated with individuals on a DOE Headquarters SCI access roster, we initiated a review of local Field Intelligence Elements that the Office of Intelligence and Counterintelligence maintains at several DOE sites in support of its intelligence mandate. These field sites have local SCI personnel databases, as well as local databases to control physical access systems, e.g., badge readers, for local SCI facilities. The objective of the inspection was to determine the adequacy of internal controls over access to intelligence information at two of these Field Intelligence Elements, Los Alamos National Laboratory (Los Alamos) and Sandia National Laboratories (Sandia).

RESULTS OF INSPECTION
We concluded that the Office of Intelligence and Counterintelligence and the subordinate Field Intelligence Elements at Los Alamos and Sandia did not have adequate administrative internal controls over their databases used to track SCI access authorizations. Based on our comparison of Lockbox and four local databases containing the names, authorizations, and facility accesses of Los Alamos and Sandia SCI access holders, we found that:
  • The SCI personnel databases used by the Office of Intelligence and Counterintelligence, Los Alamos, and Sandia contained numerous errors, including incorrect database entries and failures to update information relevant to SCI access, which could lead to potentially serious security incidents;
  • An individual physically accessed a Los Alamos SCI facility without escort after her SCI access authorization was terminated. Further, Los Alamos Field Intelligence Element officials did not report the security incident to appropriate Office of Intelligence and Counterintelligence officials. This incident illustrates the importance of maintaining correct, updated SCI databases; and,
  • The Los Alamos Field Intelligence Element had not terminated the SCI access authorizations of 13 individuals whose personnel security clearances had been terminated up to 10 months previously.
We made several recommendations aimed at improving the Department's internal controls over SCI access authorizations.

MANAGEMENT REACTION
In responding to a draft of this report, management concurred with our recommendations and identified corrective actions taken, initiated, or planned. Management's verbatim comments are provided in Appendix C of the report.

Attachment

cc: Chief of Staff
Chief Health, Safety and Security Officer
Director, Office of Internal Review (CF-1 .2)

[Download a copy of the IG's report here.]

4 comments:

  1. Will this affect Mikey's bonus?

    ReplyDelete
  2. How did this person get into
    a classified area after retirement?
    Didn't they take her badge?

    ReplyDelete
  3. From reading the report, it would seem that this is more a criticism of the DOE's Office of Intelligence and Counterintelligence than of LANL or Sandia. Regardless, it is virtualy assured that some loud-mouth idiot liberal congressmen will take this opportunity to pontificate and we will have more training.

    ReplyDelete
  4. Anonymous said...

    This black belt was based on getting workers with clearances to check out properly and not just walk out the door with their badge. This blog did a hype by posting a misleading title. I guess they think their CNN. Come on "Rest of the Story" we don't need any additional anxiety right now.
    10/27/07 6:38 AM


    Does anyone know if the above comment from A Black Belt in What!?! is related to this security issue? Was Tonya Grace's Lean Six Sigma project implemented? Did it fail?

    ReplyDelete

Note: Only a member of this blog may post a comment.