Nuke Insecurity?

Remember the stories about the incredible security breaches at Los Alamos National Laboratory? Investigators found the place was riddled with security violations, some that allowed an employee to secret out more than 1,000 classified documents.

Now comes a Time Magazine report about the vulnerabilities at Lawrence Livermore National Laboratory. It seems that a Red Team testing the lab's physical defenses found them wanting.

Can you say contract security forces, which is what the lab depends on?

"One night several weeks ago, according to TIME's sources, a commando team posing as terrorists attacked and penetrated the lab, quickly overpowering its defenses to reach its "objective" -- a mock payload of fissile material. The exercise highlighted a number of serious security shortcomings at Livermore, sources say, including the failure of a hydraulic system essential to operating an extremely lethal Gatling gun that protects the facility."

The Project On Government Oversight folks sent out an email drawing attention to the Time piece, in part because they have been beating the drum about the inadequency of nuclear facilities security for years.

"More than anywhere else in the nuclear weapons complex, it is essential to prevent terrorists from accessing the nuclear materials at Livermore. At Livermore, there are houses, schools and playing fields across the street, and 7 million people within a 50 mile radius," said POGO's Executive Director Danielle Brian. "Suicidal terrorists would not need to steal the materials, they simply could detonate them into an Improvised Nuclear Device on the spot."

Here's a new POGO report about the lab and its contractor and operation.

By Robert O'Harrow |  May 14, 2008; 5:57 AM ET security
Previous: Very Special Forces | Next: Top Dogs

Comments

Please email us to report offensive comments.



The Time and POGO stories are misleading. From a newspaper that covers LLNL
*****
By Betsy Mason
Contra Costa Times
5/13/08

"... Four of the areas of the lab's security that were inspected during a routine, seven-week independent audit conducted by the Department of Energy's Office of Health, Safety and Security during April and March were rated as "effective performance," and four needed improvement."

"... A DOE official familiar with the mock attack said that the Time report was exaggerated.

The attacking force did reach their objective, he said, and the defenders did not do as well as they could have in some areas, but the attack was unrealistic.

For one, the simulation started at the fence line of the plutonium facility known as Superblock, already well inside lab property, he said. The attack team was made up of security officers from other DOE sites and before the exercise began was allowed to haul into Superblock equipment, including all-terrain vehicles, torches and mock explosives.

Some members of the attack team were even positioned inside rooms in the Superblock, as if they had already cut fences, blown up walls and avoided guards. The mock attackers were also treated to a walkthrough ahead of the exercise.

"They knew exactly what was there, how to get to certain places and where the defenders would be," said the official who spoke on condition of anonymity. "It just wouldn't happen in real life."

The whole point of the force-on-force test is to really stress the system and hit the pressure points, he said.

"Things don't run perfectly in a force-on-force," he said. "That's not the point. You want to see where the stress points are. That's why you do it."

----
A mock attack team can not be that realistic - they can not attack without notice, because the defenders would be armed with real guns/bullets... they can not blow real holes in fences and walls, because that would compromise actual security and hurt people. Superblock complex is a half mile inside LLNL site, which has is own layered level of security systems (fences, cameras, patrol officers, etc.) - which would have detected and slowed down the large mock attack force long before it got to the Superblock fence line.

Bottomline, a real attack force would not have had the advantages that the DOE mock team had in order to meet real safety and security constraints of the force on force exercise.

Posted by: Dave | May 14, 2008 8:43 AM

If the FOF exercise was not considered to be a realistic test of Livermore security, why was it designed and conducted as it was?

Also, I'm not sure why "Dave" (DOE or LLNL employee?) thinks that advance notice of the exercise gives an advantage to the attackers. Knowing when and where the mock adversaries are coming benefits defense, not offense.

Posted by: Steven Dolley | May 14, 2008 11:26 AM

Wow, does O'Harrow work for POGO? Sure sounds like it. The CC Times story points out that the attackers had the advantage of being pre-positioned inside the facility. . . but O'Harrow doesn't note THAT little item. The thing I can't figure out is why every training exercise score is reported as if it's the end of the world -- but if the defenders scored perfectly every time, would that not indicate that the test was too easy? So which way do you want it, people?

Posted by: Wallace | May 14, 2008 11:54 AM

You're right--POGO's done a splendid job on this subject over the years, and the security still appears unacceptable.

Before going off on those darn security contractors, you should be aware that DOE's big labs and bomb factories are all run by contractors, that is, they're GOCOs--govt-owned, contractor operated facilties. The contractors have been a mix over big universities, like Cal Berkeley, and a few big companies. Federal servants serve in some specialist positions, contractor oversight, and a few other areas.

So, LLB employees are almost entirely contractors. Yeah, they fumble sometimes or at length, just like the ones at Los Alamos. But they developed and helped maintain nuclear weaponry when it mattered. (They don't make policy).

To improve performance of the labs, including their security, more competition and better government planning and oversight are needed Recent attempts to draw more bidders to these gigantic contracts had limited success. And government acquisition people and contract overseers seem to have endless patience with security contractors that can't cut it. These are years-long sagas.

If you want to have the DOE security run by feds, and you are willing to start up like TSA, or hire the existing university/contractor employees, can you hang your hat on federal civil servant security performance, such as its been over the years, at GSA, military installations, and other such places? Do you think Congress will go for it?

Posted by: Michael Lent | May 14, 2008 2:25 PM

Dave posted a similar comment on our blog post. You can read our full response at http://pogoblog.typepad.com/pogo/2008/05/livermore-lab-f.html#comments

Posted by: POGO | May 14, 2008 3:48 PM

Steven Dolley,

A FOF is never a realistic test - it can not be, unless you are willing to take real casualties. Its intended and designed to over stress the system. The new classified Design Basis Treat (DBT) advisory used by DOE is also not realistic either - it is major over kill. The LLNL FOF did point out issues, such as the SRTs not training "together" enough as a team. But the advisory force is nowhere near reflective of the threat that intelligence agencies realistically fear would be deployed against a facility inside the US.

The advance notice is not so much the issue, as the starting points of the mock forces and their inside knowledge of defender positions and tactics. The defenders have to be in their regular assigned positions/stations - otherwise DOE will flunk them for "gaming" the FOF. The attackers know this and the positions. The defenders will know the "window" of the attack - since they have switched to training guns - but they will not know the specifics of the attack. Also a "shadow force" of real armed guards is required to provide real overwatch security for the facility during the FOF.

FOF are not like they appear in Hollywood movies/tv - they are very short and very controlled, which benefitthe attackers.

Posted by: Dave | May 14, 2008 4:08 PM

There is a very simple reason why Livermore and Los Alamos constantly have security problems and why Sandia does not: LLNL and LANL are both managed by the University of California, and Sandia is managed by Lockheed. It seriously is that simple. UC has so mismanaged those nuclear facilities that they may be beyond repair at this point. Lockheed may be a corrupt, teat-sucking contractor, but it at least knows how to protect its loot.

Posted by: Larry Jones | May 16, 2008 12:41 AM

The comments to this entry are closed.

 
 

© 2007 The Washington Post Company