UNDERSTANDING AND MANAGING RISK IN SECURITY SYSTEMS FOR THE DOE NUCLEAR WEAPONS COMPLEX

(Abbreviated Version)

Committee on Risk-Based Approaches for Securing the DOE Nuclear Weapons Complex

Nuclear and Radiation Studies Board

Division on Earth and Life Studies

NATIONAL RESEARCH COUNCIL
OF THE NATIONAL ACADEMIES

THE NATIONAL ACADEMIES PRESS

Washington, D.C.
www.nap.edu



The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement



Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.
Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.

OCR for page R1
UNDERSTANDING AND MANAGING RISK IN SECURITY SYSTEMS FOR THE DOE NUCLEAR WEAPONS COMPLEX (Abbreviated Version) Committee on Risk-Based Approaches for Securing the DOE Nuclear Weapons Complex Nuclear and Radiation Studies Board Division on Earth and Life Studies

OCR for page R1
THE NATIONAL ACADEMIES PRESS 500 Fifth Street, N.W. Washington, DC 20001 NOTICE: The project that is the subject of this report was approved by the Governing Board of the National Research Council, whose members are drawn from the councils of the National Academy of Sciences, the National Academy of Engineering, and the Institute of Medicine. The members of the committee responsible for the report were chosen for their special competences and with regard for appropriate balance. This study was supported by Award No. DE-DT0000109, TO#27 between the National Academy of Sciences and the U.S. Department of Energy, National Nuclear Security Administration, Office of the Associate Administrator for Defense Nuclear Security. Any opinions, findings, conclusions, or recommendations expressed in this publication are those of the author(s) and do not necessarily reflect the views of the organizations or agencies that provided support for the project. International Standard Book Number-13: 978-0-309-20884-0 International Standard Book Number-10: 0-309-20884-X Additional copies of this report are available from the National Academies Press, 500 Fifth Street, N.W., Lockbox 285, Washington, DC 20055; (800) 624-6242 or (202) 334-3313 (in the Washington metropolitan area); Internet, http://www.nap.edu Copyright 2011 by the National Academy of Sciences. All rights reserved. Printed in the United States of America ii

OCR for page R1
The National Academy of Sciences is a private, nonprofit, self-perpetuating society of distinguished scholars engaged in scientific and engineering research, dedicated to the furtherance of science and technology and to their use for the general welfare. Upon the authority of the charter granted to it by the Congress in 1863, the Academy has a mandate that requires it to advise the federal government on scientific and technical matters. Dr. Ralph J. Cicerone is president of the National Academy of Sciences. The National Academy of Engineering was established in 1964, under the charter of the National Academy of Sciences, as a parallel organization of outstanding engineers. It is autonomous in its administration and in the selection of its members, sharing with the National Academy of Sciences the responsibility for advising the federal government. The National Academy of Engineering also sponsors engineering programs aimed at meeting national needs, encourages education and research, and recognizes the superior achievements of engineers. Dr. Charles M. Vest is president of the National Academy of Engineering. The Institute of Medicine was established in 1970 by the National Academy of Sciences to secure the services of eminent members of appropriate professions in the examination of policy matters pertaining to the health of the public. The Institute acts under the responsibility given to the National Academy of Sciences by its congressional charter to be an adviser to the federal government and, upon its own initiative, to identify issues of medical care, research, and education. Dr. Harvey V. Fineberg is president of the Institute of Medicine. The National Research Council was organized by the National Academy of Sciences in 1916 to associate the broad community of science and technology with the Academy’s purposes of furthering knowledge and advising the federal government. Functioning in accordance with general policies determined by the Academy, the Council has become the principal operating agency of both the National Academy of Sciences and the National Academy of Engineering in providing services to the government, the public, and the scientific and engineering communities. The Council is administered jointly by both Academies and the Institute of Medicine. Dr. Ralph J. Cicerone and Dr. Charles M. Vest are chair and vice chair, respectively, of the National Research Council. www.national-academies.org iii

OCR for page R1
iv

OCR for page R1
COMMITTEE ON RISK-BASED APPROACHES FOR SECURING THE DOE NUCLEAR WEAPONS COMPLEX CHRIS G. WHIPPLE (Chair), ENVIRON International Corporation, Emeryville, California GEORGE APOSTOLAKIS, Massachusetts Institute of Technology, Cambridge, Massachusetts1 W. EARL BOEBERT, Sandia National Laboratories (retired), Albuquerque, New Mexico D. JEFFREY BOSTOCK, Lockheed Martin Energy Systems (retired), Seabrook Island, South Carolina ROBIN L. DILLON-MERRILL, Georgetown University, Washington, D.C. ROGER L. HAGENGRUBER, University of New Mexico, Albuquerque JOSEPH KROFCHECK, Independent Consultant, Warrenton, Virginia WILLIAM L. MCGILL, The Pennsylvania State University, University Park THOMAS MOSER, Applied Research Associates, Inc., Wilmington, North Carolina DAVID J. OSIAS, Centra Technologies, Inc., Arlington, Virginia DANIEL M. SCHUTZER, Financial Services Technology Consortium, Boca Raton, Florida BRIAN SNOW, National Security Agency (retired), Clarksville, Maryland FRANCIS TAYLOR, General Electric Company, Fairfield, Connecticut MARY D ZALESNY, Pacific Northwest National Laboratory, Seattle, Washington Staff SARAH C. CASE, Study Director KEVIN D. CROWLEY, Director, Nuclear and Radiation Studies Board MICAH D. LOWENTHAL, Director, Nuclear Security and Nuclear Facility Safety Program TONI GREENLEAF, Administrative and Financial Associate ERIN WINGO, Senior Program Assistant JAMES YATES, JR., Office Assistant 1 Resigned March 26, 2010. v

OCR for page R1
NUCLEAR AND RADIATION STUDIES BOARD RICHARD A. MESERVE (Chair), Carnegie Institution, Washington, D.C. BARBARA J. MCNEIL (Vice-Chair), Harvard Medical School, Boston, Massachusetts JOONHONG AHN, University of California, Berkeley JOHN S. APPLEGATE, Indiana University School of Law, Bloomington MICHAEL L. CORRADINI, University of Wisconsin, Madison PATRICIA J. CULLIGAN, Columbia University, New York, New York SARAH C. DARBY, Clinical Trial Service Unit, Oxford, United Kingdom JAY C. DAVIS, Hertz Foundation, Livermore, California ROBERT C. DYNES, University of California, San Diego JOE GRAY, Lawrence Berkeley National Laboratory, Berkeley, California DAVID G. HOEL, Medical University of South Carolina, Charleston HEDVIG HRICAK, Memorial Sloan-Kettering Cancer Center, New York, New York THOMAS H. ISAACS, Stanford University, Palo Alto, California ANNIE B. KERSTING, Glen T. Seaborg Institute, Lawrence Livermore National Laboratory, Livermore, California FRED A. METTLER, JR., New Mexico VA Health Care System, Albuquerque BORIS F. MYASOEDOV, Russian Academy of Sciences, Moscow RICHARD J. VETTER, Mayo Clinic (retired), Rochester, Minnesota RAYMOND G. WYMER, Oak Ridge National Laboratory (retired), Oak Ridge, Tennessee Staff KEVIN D. CROWLEY, Director MICAH D. LOWENTHAL, Director, Nuclear Security and Nuclear Facility Safety Program SARAH C. CASE, Program Officer TONI GREENLEAF, Administrative and Financial Associate LAURA D. LLANOS, Administrative and Financial Associate SHAUNTEÉ WHETSTONE, Senior Program Assistant ERIN WINGO, Senior Program Assistant JAMES YATES, JR., Office Assistant vi

OCR for page R1
Preface to the Abbreviated Version This is an abbreviated version of the National Academies’ report on augmenting DOE’s security systems at sites in the nuclear weapons complex, and particularly on the applicability of risk assessment concepts for this augmentation. The full report is entitled Understanding and Managing Risk in the DOE Nuclear Weapons Complex. The full version of that report, which is exempt from public release under the Freedom of Information Act (FOIA), 5 U.S.C. § 552(b)(2), was issued in November 2010. Chris Whipple, Chair vii

OCR for page R1
viii

OCR for page R1
Preface This study was requested by the Senate Appropriations Committee in response to what that committee saw as unsustainable rates of increase in the cost of security at the U.S. Department of Energy (DOE). In current-year dollars, security costs have increased from $550 million in 2002 to around $930 million in 2010. For decades, DOE has been setting its security requirements based on a design basis threat (DBT). Under such an approach, DOE headquarters specifies characteristics of an attacking force, and, using field exercises and combat simulation software, its facilities determine the defensive resources needed to successfully repel the threat. Over the past decade, this approach has led to the significant cost increases noted above. The DBT is now being replaced with an approach called the Graded Security Protection Policy. The specific question that the authoring committee of this report (the study committee) was asked to address is whether risk-based approaches, including probabilistic risk assessment, could be used to improve DOE’s methods for determining its security posture and requirements. As described in this report, the study committee judges that the conceptual approaches used in risk assessments for contexts other than security can provide a helpful framework for DOE security. However, the committee could not identify how to assess the types of attacks that might occur and their associated probabilities, something necessary for a fully quantitative approach. DOE has been working over the past decade to effectively reduce risk. However, the committee has several suggestions that could improve the way that DOE considers risk. In particular, one aspect of DOE’s approach over the past decade has been to consolidate special nuclear material (SNM) into fewer facilities that are more easily defended than current facilities. Significant progress has been made in “shrinking the footprint,” as this approach is described. DOE has succeeded in removing all remaining weapons-usable material from the Hanford site and has announced a plan to do the same at Lawrence Livermore National Laboratory within a few years. In addition, the National Nuclear Security Administration (NNSA) in DOE added robust physical barriers to protect sensitive materials by constructing a new facility at the Y-12 National Security Complex and by upgrading the security features of the K-Reactor facility at the Savannah River Site. Security of materials being transported also remains a concern. The committee was charged with addressing how risk-based approaches to security management could augment security and help managers to find an appropriate balance between physical security and cyber security. Our focus regarding cyber security was with interactions between computer systems and physical security. We did not address the potential for loss of sensitive information or documents through compromised computer systems. It is the committee’s view that the various security elements need to be addressed in an integrated way. The committee judges that the current approach underinvests in some areas and that better integration is needed to plan for some types of attacks on nuclear weapons or SNM. Chris G. Whipple, Chair ix

OCR for page R1
x

OCR for page R1
Acknowledgments Over the course of this study, the committee added a great deal to its knowledge about the physical, cyber, and personnel security systems that DOE and other agencies have in place to protect nuclear weapons and material. The committee received many briefings and was permitted to view the security systems in place at a number of facilities. Its questions were nearly always answered with clarity and candor. This report could not have been written without the support of the people listed below who made presentations to the committee and/or met with small groups of committee members. The information and cooperation that the committee received from these organizations and individuals were critical to the success of this study. The committee would particularly like to acknowledge the excellent support it received from the project sponsor, the U.S. Department of Energy, National Nuclear Security Administration. The committee is especially grateful for the support it received from Bradley Peterson, Douglas Fremont, Kevin Leifheit, and Michael Collier. The committee gratefully acknowledges the following people who made presentations at its information-gathering sessions:  Gregory Baum, Betty Biringer, Derek Farr, Brady Pompei, Brian Rigdon, J. R. Russell, Joe Sandoval, Mike Skroch, Frederick Sexton, Andrew Walter, and Gregory Wyss, Sandia National Laboratories;  Devin Biniaz and Col. Patrick Vetter, Office of the Deputy Assistant to the Secretary of Defense (Nuclear Matters), U.S. Department of Defense;  Penney Harwell Caramia, Jonathan Gill, and Bob Repasky, U.S. Government Accountability Office;  Edith Chalk and Thomas Callander, U.S. Department of Energy (DOE), Office of Classification;  E. Bruce Held, Sandia Senior Counterintelligence Officer (formerly);  David Higgins, DOE Office of Intelligence and Counterintelligence;  Mark Jackson, Rob Aaron, and Jim Blankenship, DOE Office of Secure Transportation;  Ever Morales, U.S. Defense Intelligence Agency;  Glenn Podonsky and Sam Callahan, DOE Office of Health, Safety and Security;  Bradley Peterson and Kevin Leifheit, U.S. Department of Energy, National Nuclear Security Administration, Defense Nuclear Security;  Special Agent David Raymond, Federal Bureau of Investigation, Albuquerque Field Office;  Paul Sowa, B&W Technical Services;  Mike Stockdale, Nick Pera, and Robert Appleton, Strategic Systems Program, U.S. Department of the Navy;  Peter Stockton, Project on Government Oversight;  Roberta Warren and Barry Westreich, U.S. Nuclear Regulatory Commission; and  Linda Wilbanks and Wayne Jones, U.S. Department of Energy, National Nuclear Security Administration Office of the Chief Information Officer. The committee visited a number of sites during this study to obtain first-hand information about the security measures in place at facilities that secure nuclear weapons and materials. We gratefully acknowledge the following organizations and individuals for supporting these visits and providing briefings about the security measures in place: xi

OCR for page R1
 Los Alamos National Laboratory and Site Office: Harold Brocklesby, Mike Lansing, Jack Killeen, Kirk Ellard, Ken Freeman, Tom Harper, Valorie Livesay, Kim Nelson, and David Telles  Sandia National Laboratories and Site Office: Ronald Moya, M. Bradley Parks, Anthony Aragon, and Eileen Johnston  Y-12 National Security Complex and Site Office: Ted Sherry, Darrel Kohlhorst, Dexter Beard, Richard Glass, John Howanitz, J. Travis Howerton, Bill Klemm, and Tom Smith  Pantex Plant and Site Office: Steve Erhart, Jack Killeen, Tyfani Lanier, Clay Messer, Reuben McGilvary, Kristy McWilliams, Jeremy Scott, Larry Spaulding, and Roxanne Steward  Savannah River Site and Site Office: Chris Amos, Robert Edwards, Kevin Hall, Roxanne Jump, Jim Tomack, Bob Weatherby, and Thomas Williams  Kirtland Air Force Base: Lt. Col. Eric Y. Moore, Capt. Nathan M. Murray, and MSgt. Eric S. Smith  Kings Bay Naval Base: Capt. M. (Rusty) Nagle, Lt. Col. Whiteside, and Cdr. Allan Andrews. We also thank Lee McLemore at Lawrence Livermore National Laboratory for his graciousness in arranging for space in which the committee chair and staff were able to meet to discuss the progress of the report and work on drafts. In addition, the regular assistance of several authorized derivative classifiers at DOE—Irwin Binder, Vincent Vecera, and Julia Schucker—was invaluable in producing this study in a timely and secure fashion. The committee is also grateful for the excellent assistance provided by the National Research Council staff in preparing this report. Staff members who contributed to this effort are Sarah Case (study director), Micah Lowenthal (director of the Nuclear Security and Safety Program), Kevin Crowley (director of the Nuclear and Radiation Studies Board), Erin Wingo (senior program assistant), and Toni Greenleaf (financial and program associate). Finally, I thank the committee members for their dedicated work throughout the development of this report, including George Apostolakis, who resigned from the committee when he was appointed to the U.S. Nuclear Regulatory Commission. Chris G. Whipple, Chair xii

OCR for page R1
Reviewers This report has been reviewed in draft form by individuals chosen for their diverse perspectives and technical expertise, in accordance with procedures approved by the Report Review Committee of the National Research Council (NRC). The purpose of this independent review is to provide candid and critical comments that will assist the NRC in making its published report as sound as possible and will ensure that the report meets institutional standards for objectivity, evidence, and responsiveness to the study charge. The review comments and draft manuscript remain confidential to protect the integrity of the deliberative process. We thank the following individuals for their participation in the review of this report:  Dr. Jay Davis, Hertz Foundation;  Dr. Barry Ezell, Old Dominion University;  Dr. Robert A. Frosch, John F. Kennedy School of Government, Harvard University;  Dr. B. John Garrick, Independent Consultant;  Dr. Michael Gelles, Deloitte Consulting;  Gen. John A. Gordon, U.S. Air Force (retired);  Mr. John Keesling, National Reconnaissance Organization;  Mr. Bob McCants, Lockheed Martin Corporation;  Adm. Richard Mies, Independent Consultant;  Mr. Rolf Mowatt-Larssen, John F. Kennedy School of Government, Harvard University;  Dr. Randall Murch, Virginia Polytechnic Institute and State University; and  Mr. John Stenbit, Department of Defense and TRW, Inc. (retired). Although the reviewers listed above provided many constructive comments and suggestions, they were not asked to endorse the conclusions or recommendations, nor did they see the final draft of the report before its release. The review of this report was overseen by John Ahearne, Executive Director Emeritus of Sigma Xi, and Cherry Murray, Dean of the Harvard School of Engineering and Applied Sciences. Appointed by the National Research Council, they were responsible for making certain that an independent examination of the report was carried out in accordance with institutional procedures and that all review comments were considered carefully. Responsibility for the final content of this report rests entirely with the authoring committee and the institution. xiii

OCR for page R1
xiv

OCR for page R1
Contents EXECUTIVE SUMMARY 1 SUMMARY 3 References 6 Biographical Sketches of Committee Members 7 APPENDIXES A: Statement of Task 12 B: Acronyms 13 xv

OCR for page R1