Nuclear Security
NNSA Needs to Better Manage Its Safeguards and Security Program Gao ID: GAO-03-471 May 30, 2003The attacks of September 11, 2001, intensified long-standing concerns about the adequacy of safeguards and security at four nuclear weapons production sites and three national laboratories that design nuclear weapons--most of these facilities store plutonium and uranium in a variety of forms. These facilities can become targets for such actions as sabotage or theft. The Department of Energy (DOE) and the National Nuclear Security Administration (NNSA)--a separately organized agency within DOE--are responsible for these facilities. NNSA plays a crucial role in managing the contractors operating many of these facilities to ensure that security activities are effective and in line with departmental policy. GAO reviewed how effectively NNSA manages its safeguards and security program, including how it oversees contractor security operations.
NNSA has not been fully effective in managing its safeguards and security program in four key areas. As a result, NNSA cannot be assured that its contractors are working to maximum advantage to protect critical facilities and material from individuals seeking to inflict damage. Defining clear roles and responsibilities: NNSA still has not fully defined clear roles and responsibilities for its headquarters and site operations. Assessing sites' security activities: Without a stable and effective management structure and with ongoing confusion about roles and responsibilities, inconsistencies have emerged among NNSA sites on how they assess contractors' security activities. Consequently, NNSA cannot be assured that all facilities are subject to the comprehensive annual assessments that DOE policy requires. Overseeing contractors' corrective actions: To compound the problems in conducting security assessments, NNSA contractors do not consistently conduct required analyses in preparing corrective action plans. As a result, potential opportunities to improve physical security at the sites are not maximized because corrective actions are developed without fully considering the problems' root causes, risks posed, or cost versus the benefit of taking corrective action. Allocating staff: NNSA has shortfalls at its site offices in the total number of staff and in expertise, which could make it more difficult for site offices to effectively oversee security activities.
RecommendationsOur recommendations from this work are listed below with a Contact for more information. Status will change from "In process" to "Open," "Closed - implemented," or "Closed - not implemented" based on our follow up work.
Director: Team: Phone:GAO-03-471, Nuclear Security: NNSA Needs to Better Manage Its Safeguards and Security Program
This is the accessible text file for GAO report number GAO-03-471
entitled 'Nuclear Security: NNSA Needs to Better Manage Its Safeguards
and Security Program' which was released on June 24, 2003.
This text file was formatted by the U.S. General Accounting Office
(GAO) to be accessible to users with visual impairments, as part of a
longer term project to improve GAO products' accessibility. Every
attempt has been made to maintain the structural and data integrity of
the original printed product. Accessibility features, such as text
descriptions of tables, consecutively numbered footnotes placed at the
end of the file, and the text of agency comment letters, are provided
but may not exactly duplicate the presentation or format of the printed
version. The portable document format (PDF) file is an exact electronic
replica of the printed version. We welcome your feedback. Please E-mail
your comments regarding the contents or accessibility features of this
document to Webmaster@gao.gov.
This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed
in its entirety without further permission from GAO. Because this work
may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this
material separately.
Report to the Chairman, Subcommittee on National Security, Emerging
Threats, and International Relations, Committee on Government Reform,
House of Representatives:
United States General Accounting Office:
GAO:
May 2003:
Nuclear Security:
NNSA Needs to Better Manage Its Safeguards and Security Program:
GAO-03-471:
GAO Highlights:
Highlights of GAO-03-471, a report to the Chairman, Subcommittee on
National Security, Emerging Threats, and International Relations,
Committee on Government Reform, House of Representatives
Why GAO Did This Study:
The attacks of September 11, 2001, intensified long-standing concerns
about the adequacy of safeguards and security at four nuclear weapons
production sites and three national laboratories that design nuclear
weapons”most of these facilities store plutonium and uranium in a
variety of forms. These facilities can become targets for such actions
as sabotage or theft. The Department of Energy (DOE) and the National
Nuclear Security Administration (NNSA)”a separately organized agency
within DOE”are responsible for these facilities. NNSA plays a crucial
role in managing the contractors operating many of these facilities to
ensure that security activities are effective and in line with
departmental policy. GAO reviewed how effectively NNSA manages its
safeguards and security program, including how it oversees contractor
security operations.
What GAO Found:
NNSA has not been fully effective in managing its safeguards and
security program in four key areas. As a result, NNSA cannot be
assured that its contractors are working to maximum advantage to
protect critical facilities and material from individuals seeking to
inflict damage. The four areas are as follows:
* Defining clear roles and responsibilities. NNSA still has not fully
defined clear roles and responsibilities for its headquarters and site
operations.
* Assessing sites‘ security activities. Without a stable and effective
management structure and with ongoing confusion about roles and
responsibilities, inconsistencies have emerged among NNSA sites on how
they assess contractors‘ security activities. Consequently, NNSA
cannot be assured that all facilities are subject to the comprehensive
annual assessments that DOE policy requires.
* Overseeing contractors‘ corrective actions. To compound the problems
in conducting security assessments, NNSA contractors do not
consistently conduct required analyses in preparing corrective action
plans. As a result, potential opportunities to improve physical
security at the sites are not maximized because corrective actions are
developed without fully considering the problems‘ root causes, risks
posed, or cost versus the benefit of taking corrective action.
Allocating staff. NNSA has shortfalls at its site offices in the total
number of staff and in expertise, which could make it more difficult
for site offices to effectively oversee security activities.
What GAO Recommends:
GAO is making four recommendations to the Secretary of Energy and the
Administrator of NNSA to focus more on certain key management and
oversight issues. Commenting on the draft report, NNSA disagreed with
GAO‘s conclusion that NNSA was not ensuring the comprehensive, annual
assessments of contractors‘ performance that DOE policy requires. GAO
continues to believe that NNSA‘s current efforts do not ensure
conformance to DOE policy.
www.gao.gov/cgi-bin/getrpt?GAO-03-471.
To view the full report, including the scope and methodology, click on
the link above. For more information, contact Robin M. Nazzaro at
(202) 512-3841 or nazarror@gao.gov.
[End of section]
Contents:
Letter:
Results in Brief:
Background:
NNSA's Lack of Safeguards and Security Direction in Key Areas Results
in Inconsistent Management of Contractors:
Conclusions:
Recommendations for Executive Action:
Agency Comments and Our Evaluation:
Appendix I: Comments from the National Nuclear Security Administration:
Appendix II: GAO Contact and Staff Acknowledgments:
Abbreviations:
DOE: Department of Energy:
FRAM: Functions, Responsibilities, and Authorities Manual:
NNSA: National Nuclear Security Administration:
United States General Accounting Office:
Washington, DC 20548:
May 30, 2003:
The Honorable Christopher Shays
Chairman,
Subcommittee on National Security, Emerging Threats, and International
Relations
Committee on Government Reform
House of Representatives:
Dear Mr. Chairman:
Over the past decade, we and others have raised concerns about the
adequacy of security at nuclear weapons facilities within the
Department of Energy (DOE) and the National Nuclear Security
Administration (NNSA)--a separately organized agency within DOE. For
example, we reported in 2002 that DOE had not addressed problems in
implementing security initiatives,[Footnote 1] while an independent
study by the Commission on Science and Security,[Footnote 2] conducted
at the request of DOE, found deficiencies in cyber security. Concerns
over security within the nuclear weapons complex were brought into
sharper focus by the September 11, 2001, terrorist attacks. These
attacks highlighted the importance of effective physical
security[Footnote 3] in response to a potentially large and well-
organized threat.
NNSA relies upon its safeguards and security program to ensure the
physical security of the nation's nuclear weapons complex. Currently,
the complex has four production sites: the Pantex Plant, Amarillo,
Texas; the Y-12 Plant, Oak Ridge, Tennessee; the Kansas City Plant,
Kansas City, Missouri; and the Savannah River Site, Aiken, South
Carolina. In addition to the production sites, the complex includes the
Nevada Test Site and three national laboratories that design nuclear
weapons: Lawrence Livermore National Laboratory, Livermore,
California; Los Alamos National Laboratory, Los Alamos, New Mexico; and
the Sandia National Laboratories, Albuquerque, New Mexico, and
Livermore, California. To implement its safeguards and security
program, NNSA relies on site contractors that are responsible for
conducting day-to-day security activities and adhering to DOE policies
as they operate the complex's laboratory and production facilities. The
contractors' activities are subject to DOE-NNSA oversight. NNSA has
offices--site offices--co-located with each site. Many of these sites
possess Category I special nuclear material. Category I material
includes plutonium and uranium in the following forms: (1) assembled
nuclear weapons and test devices; (2) products containing higher
concentrations of plutonium or uranium, such as major nuclear
components, and recastable metal; and (3) high-grade materials, such as
carbides, oxides, solutions, and nitrates. The risks this radioactive
material poses vary, but include the potential for sabotage, or theft
for illegal use in a nuclear weapon. Because these materials pose such
risks, NNSA's management of the safeguards and security program, which
includes overseeing contractor activities, is essential to preventing
an unacceptable, adverse impact on national security.
DOE's Office of Security develops and promulgates orders and policies
that guide NNSA's safeguards and security program. NNSA is responsible
for ensuring that its contractors' security activities are effective
and conform to DOE's orders and policy requirements. In conducting this
oversight, NNSA generally uses certain key processes intended to
identify specific weaknesses at contractor-operated sites and ensure
that weaknesses are corrected. These processes include, among other
things, (1) annual, comprehensive surveys conducted by subject matter
experts from across the complex and (2) ongoing reviews of one or more
aspects of contractors' program (surveillance) by NNSA site
officials.[Footnote 4]
DOE's Office of Independent Oversight and Performance Assurance also
assesses contractor security activities. In response to NNSA surveys
and assessments conducted by the Office of Independent Oversight and
Performance Assurance, DOE policy requires contractors to prepare
corrective action plans for identified problems and to ensure that
these actions are based on documented root cause analysis, risk
assessment, and cost-benefit analysis.
You asked us to review physical security at NNSA and DOE facilities
that contain Category I materials. Specifically, as agreed with your
office, this report examines how NNSA manages its safeguards and
security program. This report is the first of two that we will be
issuing to you on various aspects of physical security at NNSA and DOE
facilities. Our followup report will focus on the extent to which
physical security has improved; the effectiveness of the process for
establishing safeguards and security requirements following the
September 11, 2001, attacks; and the remaining vulnerabilities.
To evaluate the overall safeguards and security oversight process, we
reviewed DOE policy and planning documents, including orders,
implementation guidance, and reports. We looked at what the orders and
guides prescribed, particularly DOE Order 470.1, and compared this to
how operations and site offices were following and implementing the
policies to see if there were any deficiencies. To determine how NNSA
organizes and conducts overall safeguards and security oversight, we
met with officials from DOE and NNSA headquarters and NNSA site
offices. The primary offices from which we obtained information were
from DOE's Office of Security, Office of Independent Oversight and
Performance Assurance, and NNSA's Office of Defense Nuclear Security
and Nuclear Safeguards and Security Program.[Footnote 5] We also
evaluated the NNSA reorganization with regard to the potential impact
on oversight roles and responsibilities of NNSA headquarters and site
offices.
We visited 7 site offices from March 2002 to October 2002, to determine
how federal contractor oversight and the safeguards and security
program is managed. Specifically, we visited Los Alamos National
Laboratory and the Office of Los Alamos Site Operations in New Mexico,
Sandia National Laboratory and the Office of Kirtland Site Operations
in New Mexico, Department of Energy's Albuquerque Operations Office in
New Mexico, the Office of Transportation Safeguards in New Mexico, Y-12
Plant, and the Y-12 Site Office in Tennessee, Pantex Plant and the
Office of Amarillo Site Operations in Texas, the Savannah River
Site[Footnote 6] and the Savannah River Site Office in South Carolina,
and Lawrence Livermore National Laboratory and the Livermore Site
Office in California. At each location we met with both federal and
contractor officials and obtained pertinent supporting documentation.
To determine how NNSA sites prepare and document corrective action
plans and related analyses, we examined 43 closed and open corrective
action plans dated from 1999 through 2002 that we selected at random
from each of the 6 NNSA sites (as well as the DOE Savannah River Site,
which is expected to come under NNSA's jurisdiction in the future) that
contain category I special nuclear materials.[Footnote 7] We reviewed
these plans to determine the extent and type of analyses that support
the corrective actions in the plans. These plans generally represent
the contractors' actions to address high priority findings in
contractors' security and safeguards program. To understand how the
corrective action process currently works, we compared the processes in
place at each NNSA site we visited during 2002.
We performed our review from December 2001 through April 2003 in
accordance with generally accepted government auditing standards.
Results in Brief:
NNSA has not been fully effective in managing its safeguards and
security program in four key areas, and therefore, it cannot be assured
that its contractors are working to maximum advantage to protect
critical facilities and material from individuals seeking to inflict
damage. The following four areas are key:
* Defining clear roles and responsibilities. Since its creation in
March 2000, NNSA's management structure has been in a state of flux.
While in December 2002, NNSA issued what it considers final directives
for reorganizing headquarters and site offices, NNSA expects it will
take until at least September 2004 to fully implement its new
management structure. In particular, NNSA is still defining its site
offices' roles and responsibilities for safeguards and security.
Specifically, it is still developing the components of a Functions,
Responsibilities, and Authorities Manual, which will not be completed
for several months because of the highly detailed planning necessary
for determining staff functions at the various sites. This manual,
which NNSA itself recognizes as crucial, is intended to set out roles
and responsibilities clearly. This still-developing management
structure led to confusion about the roles and responsibilities of the
headquarters and site offices.
* Assessing sites' security activities. Without a functional management
structure and with ongoing confusion about roles and responsibilities,
inconsistencies have emerged among the NNSA sites on how to conduct key
aspects of safeguards-and-security assessment activities. In
particular, three out of the seven NNSA site offices use the
traditional survey approach, as required by DOE policy, to oversee
security activities, while four have discontinued surveys and instead
rely on surveillance activities. The distinction between these two
activities is important: A survey provides a comprehensive annual
review, by a team of experts from throughout NNSA, of contractor
safeguards and security and generally takes about 2 weeks. In contrast,
surveillance relies on a single or small number of NNSA site officials
overseeing one or more aspects of a contractor's safeguards and
security activities throughout the year. However, officials from DOE's
Office of Security--which developed the policy for conducting surveys-
-believe the surveillance model does not comply with the DOE order
because it does not provide a comprehensive overview. Furthermore,
officials from DOE's Office of Independent Oversight and Performance
Assurance and NNSA headquarters expressed concern about the site
offices' ability to conduct surveillance because of shortfalls in
available expertise. The four site offices have been able to operate
using only surveillance activities because, during the reorganization
of the management structure, NNSA has not issued guidance on complying
with DOE policy for conducting surveys.
* Overseeing contractors' corrective actions. NNSA contractors do not
consistently conduct the analyses DOE policy requires in preparing
corrective action plans, compounding the problems in ensuring physical
security. Inconsistency occurs because the NNSA site officials do not
have implementation guidance from headquarters on how to address
corrective actions. Of the 43 corrective action plans we reviewed for
1999 through 2002, less than half showed that the contractor had
performed the required root cause analysis. Furthermore, less than 25
percent demonstrated that the contractor had performed a required risk
assessment or cost-benefit analysis. As a result, potential
opportunities to improve physical security at the sites are not
maximized because corrective actions are developed without fully
considering the problems' root causes, risks posed, or cost versus
benefit of taking corrective action. However, at the 7 sites we visited
in 2002, the site offices and contractors are making some progress to
establish formal processes for root cause and other analyses.
Nevertheless, inconsistencies remain regarding the approaches used to
complete these analyses. For example, some site processes specify that
root cause analyses will be conducted for all corrective action plans,
while other sites consider the completion of these analyses optional.
An NNSA headquarters official stated that the agency expects to issue
additional guidance for implementing DOE security policies in 2003.
* Allocating staff. NNSA has shortfalls at its site offices in the
total number of staff and in areas of expertise, which could make it
more difficult for the site offices to oversee safeguards and security
effectively and to ensure that the agency fully knows security
conditions at its sites. According to officials at 5 of the 7 site
offices we visited, they have, or expect to have, an average of 2 to 6
vacancies per site for overseeing contractors' safeguards and security;
typically, each site expects to have 10 to 14 security-related
positions within the next 2 years. The vacancies occur, in part,
because staff are reluctant to move to locations they view as less
desirable and because NNSA has frozen hiring in response to budget
constraints. Some of these vacancies are for specialists in particular
subject areas, such as Industrial Security Systems--a key specialty
needed for conducting physical security inspections. The lack of
expertise and staff could be further complicated for some sites by
NNSA's realignment plan. Under this plan, NNSA expects to streamline
federal oversight of contractors and reduce headquarters and field
staff by 20 percent by the end of fiscal year 2004. Site officials said
that they will fill some vacancies through a virtual organization in
which experts at other locations will assist with certain components of
the surveillance activities. However, it will take time to work through
some of the difficulties associated with making the transition to this
approach.
We are making recommendations to the Secretary of Energy and the
Administrator of the NNSA that are intended to place additional focus
on key management and oversight dimensions during NNSA's ongoing
reorganization.
In commenting on our draft report, NNSA concurred with two of our four
recommendations, disagreed with one, and did not indicate agreement or
disagreement with the fourth. NNSA concurred with our recommendation to
formally establish roles and responsibilities, and it plans to issue a
formal document in 2003. NNSA also concurred that corrective action
plans must be prepared in accordance with established standards and
policy. NNSA disagreed with the conclusion that it was not ensuring the
comprehensive annual assessments of contractors' performance that DOE
policy requires. NNSA believed that its surveillance activities were
also comprehensive; however, NNSA provided no evidence--such as
implementation guidance to the sites that are conducting surveillances-
-that would ensure that the sites' surveillance activities conform to
DOE's policies. Finally, regarding our recommendation that NNSA develop
and implement a plan for effectively allocating staff for safeguards
and security oversight, NNSA commented that managers have staffing
plans and that its virtual organization and additional hiring will
address sites' need for certain types of skilled personnel. In our
view, while reliance on the virtual approach may be effective in the
short term, the continuing vacancies at some sites indicate that NNSA
may have difficulty attracting and retaining necessary expertise at
specific, understaffed locations over the long term.
Background:
Since its creation in 1977, DOE has been responsible for developing,
producing, and maintaining nuclear weapons; preventing the
proliferation of weapons of mass destruction; designing, building, and
maintaining naval nuclear propulsion systems; and ensuring the security
of the nuclear weapons complex. In 2000, however, the Congress created
a separately organized agency within DOE--the NNSA.[Footnote 8]
NNSA's Office of Defense Nuclear Security is primarily responsible for
developing the agency's security programs, including protecting,
controlling, and accounting for material and ensuring physical security
for all facilities in the complex. Historically, NNSA has conducted
comprehensive annual surveys of contractors' operations for safeguards
and security. These surveys, which can draw upon subject matter experts
throughout the complex,[Footnote 9] generally take about 2 weeks to
conduct and cover 5 "topical" areas and 32 subtopical areas. The
topical areas include program management, protection program
operations, information security, nuclear materials control and
accountability, and personnel security. The survey team assigns ratings
of satisfactory, marginal, or unsatisfactory. Currently, NNSA's
facilities have been rated satisfactory in most topical areas. All
deficiencies (findings) identified during a survey require the
contractors to take corrective action, and both findings and corrective
actions are to be entered in the Safeguards and Security Information
Management System--a DOE-wide, integrated tracking database for
findings of surveys and other safeguards and security activities.
In addition, NNSA's Office of Facilities and Operations is expected to
provide policy guidance for safeguards and security. This office is
also expected to be responsible for the Nuclear Safeguards and Security
Program, which oversees the implementation of safeguards and security
in NNSA facilities. The office is expected to integrate and defend the
budget for safeguards and security to ensure that program components
can achieve mission objectives. Through various contract mechanisms,
NNSA provides financial incentives, such as award fees, for contractor
performance. NNSA assesses this performance based on the extent
contractors meet a set of measures, which are generally established in
annual performance plans--so-called performance measures.
DOE's Office of Independent Oversight and Performance Assurance
supports NNSA in safeguards and security assessments and conducts
independent oversight activities in line with DOE and NNSA policies and
priorities. Among other things, the office is responsible for
evaluating the effectiveness of contractors' performance in safeguards
and security. To carry out this function, this office periodically
assesses both federal and contractor operations at a site and
identifies findings, issues, and opportunities for improvement. It also
performs follow-up reviews to ensure corrective actions are effective
and that weaknesses in safeguards and security are appropriately
addressed.
NNSA's Lack of Safeguards and Security Direction in Key Areas Results
in Inconsistent Management of Contractors:
NNSA has not been fully effective in managing its safeguards and
security program in four key areas, and therefore, it cannot be assured
that its contractors are working to maximum advantage to protect its
sites. First, NNSA has not fully defined safeguards and security roles
and responsibilities. Second, without an effective management
structure, site offices are uncertain about how to conduct their
safeguards and security responsibilities. This uncertainty has resulted
in inconsistencies in how site offices comply with DOE orders in
assessing contractors. Third, even when assessments are done, NNSA
contractors do not consistently conduct required DOE analyses in
preparing corrective action plans. Finally, NNSA's shortfalls at its
site offices in the total number of staff and expertise could make it
more difficult for the site offices to oversee safeguards and security
effectively.
NNSA Has Not Clearly Defined Roles and Responsibilities, Resulting in
Confusion at Sites:
Since its creation in March 2000, NNSA's management structure has been
in a state of flux, and NNSA expects it will take at least to September
2004 to implement a new management structure. However, NNSA needs a
stable structure to establish clear roles and responsibilities for its
headquarters and site offices, including safeguards and security
oversight. In May 2001, NNSA's Administrator proposed a management
structure for his organization,[Footnote 10] but in December 2001, we
reported that a clearly delineated overall management structure still
did not exist.[Footnote 11] In February 2002, NNSA reported in more
detail to Congress on its outline for a new management
structure[Footnote 12] to improve NNSA's effectiveness and efficiency.
NNSA expected to implement the new structure later in the year.
Since then, NNSA headquarters and field officials have been defining
safeguards and security roles and responsibilities. In December 2002,
NNSA fundamentally changed the management structure for safeguards and
security. It abolished operations offices, which had been responsible
for conducting the annual, comprehensive surveys as well as other
safeguards and security activities. It divided these operations
offices' responsibilities among the site offices and a service center,
formerly the Albuquerque operations office; headquarters will oversee
the performance of the site offices. The restructuring brings day-to-
day federal oversight of laboratories and plants closer to the site
offices. However, these changes do not complete the management
structure. NNSA plans to further streamline its oversight of
contractors by reducing site activities. Among other things, NNSA plans
to focus more on ensuring that contractors' management systems are
valid. Furthermore, NNSA plans to review its policies and practices and
decide which site office oversight activities can be reduced or
eliminated in order for the site offices to work more efficiently. It
has not yet identified which specific activities will be modified. At
the time of our review, headquarters could not provide details on how
it intends to monitor the NNSA site offices' performance with respect
to safeguards and security or address deficiencies.
In creating this new management structure, NNSA has not yet developed a
Functions, Responsibilities, and Authorities Manual (FRAM), an
organizational tool used by managers at federal agencies, including
DOE, for defining roles and responsibilities. This manual is to address
the functions, responsibilities, and authorities of all elements within
NNSA. NNSA headquarters security officials agree that this guidance is
crucial and stated that they are currently developing the components of
a FRAM, which should be finalized in 2003. NNSA told us that completing
the FRAM takes significant time because of the highly detailed planning
necessary for determining staff functions at the various sites.
According to NNSA site office officials, as they wait for formal
guidance from headquarters on conducting security oversight, each
office is carrying out oversight activities as it deems appropriate. In
addition, these officials told us that they have not received formal
notification about the change in their safeguards and security
oversight responsibilities, such as responsibilities for the survey
program. Officials at several site offices expressed frustration with
this lack of direction.
NNSA's Security Assessment Processes Differ among Sites and Are
Inconsistent with DOE Requirements:
NNSA site offices are not consistent in how they assess contractor
safeguards and security activities, and they may not be conducting
these assessments in accordance with DOE policy. The lack of
consistency and the failure to implement DOE policy occurs in part
because the site offices have had to assume new oversight
responsibilities without, among other things, clear guidance from
headquarters on how to carry out these responsibilities. As a result,
three offices of the seven NNSA site offices we visited continue to use
the traditional survey approach to oversee security activities (Oak
Ridge, Savannah River, and NNSA's Office of Transportation Safeguards),
while the remaining four have adopted or are adopting a surveillance
model---Amarillo, Kirtland, Livermore, and Los Alamos. The distinction
between these two activities is important: A survey provides a
comprehensive annual review, by a team of experts, of contractor
safeguards and security and generally takes about 2 weeks; formerly,
the operations offices generally conducted surveys, assisted by experts
from throughout the complex, as necessary. In contrast, surveillance
relies on a single or small number of NNSA site officials overseeing
one or more aspects of a contractor's safeguards and security
activities throughout the year, and the documentation from a
surveillance or a group of surveillance activities may be used as part
of the survey.
By relying on surveillance, NNSA may have less assurance that it fully
knows the condition of security at its sites and therefore potentially
cannot act to correct deficiencies undisclosed by this limited review.
Surveillance allows subject matter experts at the sites to evaluate
areas of contractor safeguards and security performance more often than
the traditional survey process and therefore potentially identify
deficiencies faster. However, according to DOE officials, reliance on
surveillance is not consistent with DOE orders calling for a
comprehensive survey of a contractor's safeguards and security
performance. This survey provides a unified assessment of all security-
related topical areas.[Footnote 13] Officials from DOE's Office of
Security--which developed the policy for conducting surveys--believe
the surveillance model does not comply with DOE order survey
requirements because it is not comprehensive. Officials from DOE's
Office of Independent Oversight and Performance Assurance expressed
concern about the site offices' ability to conduct surveillance because
of shortfalls in available expertise. Furthermore, the director of
NNSA's Office of Defense Nuclear Security acknowledged that although
some NNSA site offices, such as the Los Alamos site office, are using
the surveillance model, this site and others lacked the necessary
personnel to conduct surveillance.
According to officials from DOE's Office of Independent Oversight and
Performance Assurance and one site office, surveillance is not
compatible with the current Safeguards and Security Information
Management System, a DOE information database system used to track
findings and associated corrective actions, and therefore could pose
problems for sites in entering information. On the other hand, NNSA
officials at site offices and headquarters argue that using the
surveillance model for oversight will produce an annual end of the year
survey report and should have the same end result as an annual survey.
However, NNSA could have difficulty ensuring consistent and
comprehensive assessments because of the difficulties posed by using
the surveillance model without appropriate NNSA-wide implementation
guidance, site office staffing shortfalls, and database compatibility
problems.
NNSA's Corrective Action Practices Are Inconsistent with DOE
Requirements:
Contractors have not consistently prepared effective, formal root cause
analyses in developing corrective action plans for identified
deficiencies, as DOE policy requires.[Footnote 14] An effective,
formal, root cause analysis can enhance the development of corrective
actions, as we observed while reviewing some plans. However, less than
half of the 43 corrective action plans we reviewed, dated between 1999
and 2002, showed that the contractor had performed the required root
cause analysis. Furthermore, in a few cases corrective action plans
were based on root cause analyses that were poorly prepared, resulting
in confusion and contradictions. For example, NNSA had identified a
deficiency at one site of potential entry into a critical facility. The
contractor did not fully develop a root cause for this problem but
merely rebutted the finding's validity. Nevertheless, the contractor
took a corrective action in response to this deficiency--spending about
$150,000. However, because the root cause analysis was not fully
developed, we could not determine how, or if, the contractor's
corrective actions would correct the deficiency. Furthermore, the
contractor's staff preparing the analysis did not have formal training
in how to conduct root cause analyses. NNSA site officials agreed that
the root cause analysis was performed incorrectly and that their
oversight review of the analysis had not detected this problem.
Despite the problems some contractors have had in preparing root cause
analyses, corrective action processes in 2002 at all 7 sites showed
that some sites are making progress. For example, in late 2000, the
Office of Transportation Safeguards, which is responsible for securely
transporting critical NNSA items and material, had begun to correct
significant weaknesses in its process for preparing and tracking
corrective actions. According to an official responsible for corrective
actions at the office, the new process has already resulted in
documented improvements to the quality and completeness of its
corrective action plans. For example, the new process for root cause
analyses identified additional reasons for a recurring NNSA finding on
problems in how three federal agent facilities in NNSA's Office of
Transportation Safeguards inspected the vehicles used to transport
critical materials across the nation. These inspections are crucial in
preventing individuals from attaching explosives or other foreign
devices to the vehicles in potential attempts at sabotage or theft. The
new process enabled NNSA to identify specific actions to ensure
consistent interpretation and implementation of vehicle inspection
procedures among the three facilities. Because the finding has not been
repeated since July 2000, it appears that the additional corrective
actions proved effective. Another site, Sandia National Laboratories,
has developed a process for root cause analysis that other sites may
find useful. Sandia uses a designated root cause analyst to
systematically lead teams of subject matter experts at the laboratory
through the steps for determining root cause. With this expert in root
cause analyses, Sandia helps ensure that these analyses are consistent
and effective.
Other analyses and assessments that are critical to planning corrective
actions are also not consistently prepared at NNSA sites. In
particular, less than 25 percent of the corrective action plans we
reviewed showed documentation of other analyses required by the DOE
order for corrective action, such as risk assessment or cost-benefit
analysis. Without this documentation, we found it difficult to
determine what process, if any, the sites had used to determine the
risk level of the problem or the cost and relative benefit of
implementing corrective actions.
Consistency problems are likely to continue without effective NNSA
guidance for corrective actions. For example, at four sites we visited,
the sites either did not require a risk assessment and cost-benefit
analyses or stated that they were optional, depending on the site's
evaluation of the need for an analysis. However, the remaining three
sites we visited required these analyses for all corrective action
plans. This inconsistency resulted in part from differing
interpretations of the DOE order governing corrective actions. As a
result, NNSA cannot be assured that all contractors are considering the
costs of corrective actions in conjunction with the risk posed or the
potential benefits to be gained. NNSA officials at some sites stated
that, without implementation guidance, the intent of the DOE order
requiring these analyses can be interpreted differently from site to
site, which contributes to the inconsistent practices we observed.
Since we provided our draft report to NNSA in April 2003, it has sent a
brief guidance letter on corrective action plans to its site offices,
clarifying its analysis and documentation requirements. An NNSA
headquarters official stated that issuance of additional guidance for
implementing DOE security policies is expected in 2003.
And finally, NNSA sites do not consistently measure all performance
aspects of contractors' preparation of corrective action plans and may
reward contractors simply for closing the finding on schedule.
According to our review of performance measures concerning corrective
actions, four of the six contractor-operated sites we visited had
measures that were primarily based on whether the contractor met the
schedule for completing corrective actions, not on whether and how well
the contractor had performed the analyses.[Footnote 15] The other two
sites did not consider any corrective action performance measures in
assessing contractor performance--not even the schedule. However, DOE
guidance encourages sites to measure qualitative factors, whenever
possible, to minimize the need to rely solely on schedule-driven
measures.[Footnote 16] Effective qualitative performance measures
would essentially reflect how well the contractor completes root cause
analyses, risk assessment, and cost-benefit analyses.
The lack of qualitative performance measures affects the quality of the
correction plan. For example, in fiscal year 1999, DOE's Office of
Independent Oversight and Performance Assurance criticized a site that
had schedule-driven performance measures for poorly prepared corrective
action plans. Out of the 50 plans reviewed for that site, 27 had
inadequate root cause determinations, and 15 had corrective actions
that were unlikely to fix the deficiency cited. The performance
measures in place for this contractor in fiscal year 1999--and then
again in fiscal years 2000 and 2001--did not reflect qualitative
aspects of these analyses; instead, they were primarily focused on
schedule-driven outcomes. Some contract provisions permit the
contractor to forfeit some of the award fee based on other generic
performance factors, such as "management failure." However, these
generic provisions may not be fully effective in motivating contractors
in all aspects of their corrective action performance because these
provisions are not explicitly focused on corrective action and are
therefore not highly visible.
Difficulties in Allocating Staff Could Hinder Effective Safeguards and
Security Oversight:
NNSA's site offices have shortfalls in the total number of staff and in
the expertise for effectively overseeing contractors, including
covering all topical areas in the annual surveys. At five of the seven
sites we visited, NNSA officials told us that they currently have, or
will have, two to six vacancies in safeguards and security positions
once NNSA fully implements its new management structure; each site
believes that it needs from 10 to 14 security-related positions in
order to carry out its oversight activities under NNSA's new
organization. In particular, some of the site offices are experiencing
difficulty in filling positions because some staff consider the site
locations less desirable than others and because NNSA has instituted a
hiring freeze. Some of these vacancies are for specialists in
particular subject areas, such as industrial security systems--a key
specialty needed for conducting physical security inspections.
Officials in the Office of Independent Oversight and Performance
Assurance concurred that NNSA's reorganization and the shifting of
responsibilities to the site offices has the potential to weaken
security oversight.
To offset the lack of some subject matter experts at sites, NNSA field
officials indicated that they frequently rely on subject matter experts
from headquarters or other site offices to cover site offices that do
not have expertise locally. With only a limited number of subject
matter experts in the complex, the sites have to coordinate oversight
carefully. Coordination is particularly complicated at those sites that
have switched to a surveillance model since they may have to rely on
particular subject expertise that is only available during certain
times.
NNSA's new management structure further complicates the problems in
staff allocation. NNSA expects to reduce headquarters and field staff
by 20 percent by the end of fiscal year 2004. In this restructuring,
NNSA plans to share staff expertise, creating a "virtual" organization
to cover the needs of site offices and other areas within the complex
until a final move of personnel can be made. Headquarters officials
told us that it may take 1 to 2 years to move the appropriate
safeguards and security persons to the areas where they are needed.
Until then, they expect the virtual organization to meet the complex's
needs. The virtual organization will include subject matter experts
whose knowledge will be needed throughout the nuclear weapons complex
and not just at their current sites. Some of these experts will work
from the service center or be detailed to site offices as needed. With
competing demands for the experts, it is unclear how they will
successfully provide assistance to site offices in their surveillance
processes. The assistance may be unavailable when needed since
components of surveillance are ongoing and may span an entire year.
Conclusions:
Without effectively managing its safeguards and security program, NNSA
cannot be assured that its contractors are working to maximum advantage
to protect its nuclear weapons sites. These sites may have critical
materials that could be prime terrorist targets. Several factors
contribute to this lack of assurance. NNSA continues to change its
management structure, making it difficult to define roles and
responsibilities clearly. Without a functional management structure,
some site offices and contractors may not be carrying out their
security responsibilities, as DOE orders require. In particular, NNSA
has not fully assured itself that the four sites that rely on
surveillance activities, rather than on the DOE-required surveys, are
overseeing contractors' security activities in the integrated,
comprehensive fashion that are called for in the annual surveys.
Moreover, when NNSA site offices allow and reward contractors for
closing findings without ensuring that the contractors have correctly
identified the root cause, assessed risk, and conducted a cost-benefit
analysis, NNSA cannot be assured that the security problem identified
was adequately addressed. Finally, to provide effective oversight, NNSA
needs to develop an approach, beyond its "virtual" organization, that
ensures its limited security resources are able to provide oversight,
over the long term, where and when it is needed.
Recommendations for Executive Action:
In order to strengthen the safeguards and security program of the
nuclear weapons complex, we recommend that the NNSA Administrator and
Secretary of Energy:
* formalize the roles and responsibilities of site offices and
headquarters for conducting oversight;
* ensure that sites are performing oversight using a survey approach
that provides an integrated comprehensive view of security conditions
and is consistent with DOE orders;
* ensure that contractors' corrective action plans are prepared and
documented consistently and are based on qualitative root-cause, risk-
assessment, and cost-benefit analyses, and that appropriate incentives
are used to help motivate contractors toward effectively addressing
findings; and:
* develop and implement a plan to ensure that NNSA allocates safeguards
and security staff so that it provides effective safeguards and
security oversight over the long term.
Agency Comments and Our Evaluation:
We provided the DOE's NNSA with a draft of this report for review and
comment. Overall, NNSA concurred with two of our four recommendations,
disagreed with one, and did not indicate agreement or disagreement with
the fourth. In the area of concurrence, NNSA concurred with our
recommendation to formally establish roles and responsibilities, and it
plans to do so in 2003. NNSA also concurred that corrective action
plans must be prepared in accordance with established standards and
policy and based on documented root cause analysis, risk assessments,
and cost-benefit analysis. Since we provided our draft report to NNSA,
it has sent its site offices a guidance letter on corrective action
plans that clarifies its analysis and documentation requirements. NNSA
now allows required elements to be omitted from corrective action
plans, but only if the contractors document the rationale for the
exclusion as a formal part of their plan. We believe this guidance
letter is a positive step in clarifying some implementation aspects of
the DOE requirements, and we encourage continued management attention
to this area. NNSA did not comment on the portion of this
recommendation concerning the use of appropriate incentives to motivate
contractors to address findings effectively.
NNSA disagreed with the conclusion that led to our recommendation to
conduct oversight using a survey approach, which provides an
integrated, comprehensive view of security conditions and is consistent
with DOE orders. Specifically, NNSA disagreed with our conclusion that
it was not ensuring the comprehensive annual assessments of
contractors' performance that DOE policy requires. As we reported, four
of the seven site offices no longer conduct comprehensive, integrated
surveys to assess security but instead rely on surveillance activities.
NNSA believed that these surveillance activities were also
comprehensive; however, NNSA provided no evidence--such as
implementation guidance to the sites that are conducting surveillances-
-that would ensure that the sites' surveillance activities conform to
DOE's policies. Without such guidance, NNSA cannot be fully assured
that surveillance activities, as presently conducted, provide the
comprehensive assessment DOE requires in its surveys. Our
recommendation therefore is intended to focus NNSA management attention
on ensuring that site offices conduct security assessments that are
integrated, comprehensive, and on par with the survey approach
previously used and currently described in DOE orders. Furthermore,
NNSA asserted, incorrectly, that we found its security posture to be at
risk. Assessing NNSA's security posture was not the objective of this
report. Rather, our objective was to assess the way NNSA manages its
overall security program. We have clarified the report, where
appropriate.
Finally, regarding our recommendation that NNSA develop and implement a
plan to ensure that it effectively allocates staff to provide
safeguards and security oversight, NNSA commented that managers have
staffing plans and that its virtual organization and additional hiring
will address sites' need for certain types of skilled personnel.
Reliance on the virtual approach may be effective in the short term.
However, the continuing vacancies at some sites indicate that NNSA may
have difficulty attracting and retaining necessary expertise at
specific, understaffed locations over the long term. NNSA's comments do
not indicate that it fully understands the need to address this longer-
term problem. We have modified our recommendation to target this
specific long-term concern.
We modified our report, where appropriate, to reflect NNSA's comments
and to clarify some of our conclusions. NNSA's comments on our draft
report are presented in appendix I.
As arranged with your office, unless you publicly announce its contents
earlier, we plan no further distribution of this report until 30 days
after the date of this letter. At that time, we will send copies of the
report to the Secretary of Energy, the Administrator of NNSA, the
Director of the Office of Management and Budget, and appropriate
congressional committees. We will make copies available to others on
request. In addition, the report will also be available at no charge on
the GAO Web site at http://www.gao.gov.
If you or your staff have any questions about this report, please call
me at (202) 512-3841. Major contributors to this report are listed in
appendix II.
Sincerely yours,
Robin M. Nazzaro
Director,
Natural Resources and Environment:
Signed by Robin M. Nazzaro:
[End of section]
Appendix I: Comments from the National Nuclear Security Administration:
Department of Energy:
National Nuclear Security Administration Washington, DC 20585:
APR 25 2003:
Ms. Robin Nazzaro Director:
Natural Resources and Environment U.S. General Accounting Office
Washington, D.C. 20548:
Dear Ms. Nazzaro:
The National Nuclear Security Administration (NNSA) appreciated the
opportunity to have reviewed draft report GAO-03-471, "Nuclear
Security: NNSA Needs to Better Manage Its Safeguards and Security
Program." While many of the recommendations can help to improve areas
of security program management, we categorically disagree with the
GAO's conclusion and implications in sections throughout the draft
report that NNSA cannot be assured that it is protecting its nuclear
weapons' sites.
The report addresses the structure to manage security and the
methodology to carry out security review processes. It does not include
any information or basis on which to make a judgment or inference
regarding the effectiveness of the NNSA security programs and
infrastructure. Numerous internal and independent external reviews,
including rigorous force-on-force and in-depth analysis and evaluation
of protection system effectiveness across all of the NNSA sites have
verified that the security posture is and remains strong and effective.
We urge you to edit the document, including its proposed title, to
appropriately reflect this.
A central focus of NNSA, since its establishment, has been to improve
management of its programs. During the period of time that the draft
GAO report was being developed, NNSA has made significant progress not
only in the structure of the safeguards and security organization, but
throughout the entire organization. Our lines of authority have been
strengthened to provide accountability at all levels of the NNSA. Our
business practices reflect the new management philosophy to achieve
effective efficiencies that include implementing "best practices" or
changing long-standing, less efficient processes. An example of this
philosophical change is GAO's discussion of security surveillance
versus security surveys. The NNSA management model is designed to
streamline oversight, increase governmental efficiency, and provide
greater management flexibility to contractors, while maintaining
accountability. The surveillance methodology is only one of a number of
assessment mechanisms that can be used to help assure timely
understanding of security system performance as well as procedural
compliance.
The GAO's recommendation on formally establishing roles and
responsibilities under the new NNSA management structure is
appropriate. A draft functions,
responsibilities and authorities document reflecting the recently
announced NNSA reengineering, has been put together and will be
finalized with the NNSA field activities this year. However, it is very
important that GAO also acknowledge that there is a sixty-year base of
safeguards and security program policies, orders, implementation and
organizational roles and responsibilities. This was not suspended on
the stand-up of the NNSA or in the recently announced reengineering in
late December 2002. It is this very base of safeguards and security
programs and operations on which NNSA now, through its reengineering
efforts, is working to further improve the effectiveness and efficiency
of its safeguards and security and all other program activities.
NNSA disagrees with the conclusions in the GAO report regarding the
appropriate manner in which site security activities are assessed and
the comprehensiveness of those assessments as it applies to Security
Surveys versus Security Surveillances. We do no fully agree with the
comment that "...NNSA sites that rely on surveillance activities,
rather than the DOE required surveys, are not overseeing contractors'
security activities in the integrated comprehensive fashion that the
annual surveys call for." Surveillances are only a part of the planned
oversight and evaluation activities. A vital element of a surveillance
program is the scoping of the topical and sub-topical elements to
ensure that a comprehensive review of the critical program elements
will be accomplished during the surveillance cycle. Areas not addressed
in the current surveillance cycle are automatically included in the
next cycle. When completed, a comprehensive report incorporating all
surveillance activities of the safeguards and security program,
including findings and observations, is forwarded to Headquarters.
Regarding the adequate staffing of comprehensive surveillances,
effective use of matrix support between NNSA site offices and support
service contractors has afforded the use of well-qualified subject
matter experts for the conduct of surveillance activities.
NNSA agrees with the GAO that corrective action plans must be prepared,
implemented, and evaluated through resolution. We also agree that the
causal effect must be established and addressed. This can be achieved
by root-cause analysis or risk assessment with the accompanying cost-
benefit analysis when appropriate. A guidance letter on this issue has
been sent to NNSA activities by the Chief, Defense Nuclear Security,
this week. With a continual contractor performance evaluation system
supplemented by Federal oversight, NNSA will achieve a level of
confidence that corrective action plans are appropriately developed and
closed in a timely, and cost-effective manner. Please be assured that
the focus of the NNSA is on effective safeguards and security
performance. Oversight is a tool that is used to identify opportunities
for improvement Additionally, NNSA Headquarters, through Policy Letters
or other means, will provide the NNSA specific guidance for all
programmatic and business functions. An example of this process is
evidenced by the draft Policy Letter, "NNSA Line Oversight and
Contractor's Assurance System.":
The size of the Federal staff within NNSA is being reduced. As part of
the re-engineering effort, each Site Manager, the Service Center
Manager, and the Deputy/Associate Administrators have prepared staffing
plans for their specific areas of responsibility. Safeguards and
security is an important part of this NNSA effort. Where critical
vacancies exist; hiring, support from the service center, other site
offices and/or headquarters are all available options to assure each
NNSA site has the appropriate skills mix to effectively execute their
safeguards and security program assessment responsibilities. Finally,
while the draft report references comments from the Department of
Energy's Office of Independent Oversight and Performance Assurance
regarding the potential to weaken security oversight if staffing and
expertise at site offices are not addressed; they have also stated that
NNSA's reorganization steps, to date, have helped to clarify roles and
responsibilities for security oversight and that future plans have the
potential to further strengthen security oversight.
We would welcome the opportunity to meet with the GAO staff that
prepared the draft report in order to expand on the above comments and
link them to the specific areas of the draft report.
Sincerely,
Anthony R. Lane
Associate Administrator for Management and Administration:
Signed by Anthony R. Lane:
[End of section]
Appendix II: GAO Contact and Staff Acknowledgments:
GAO Contact:
James Noel (202) 512-3591:
Acknowledgments:
In addition to the individual named above, Christopher R. Abraham, Jill
Berman, Jonathan M. Gill, Andrea R. Miller, Christopher M. Pacheco, and
Carol Herrnstadt Shulman made key contributions to this report.
FOOTNOTES
[1] U.S. General Accounting Office, Nuclear Security: Lessons to Be
Learned from Implementing NNSA's Security Enhancements, GAO-02-358
(Washington, D.C.: March 29, 2002).
[2] Commission on Science and Security, Center for Strategic and
International Studies, Science and Security in the 21st Century: A
Report to the Secretary of Energy on the Department of Energy
Laboratories (Washington, D.C.: Apr. 2002).
[3] Physical security is the combination of operational and security
equipment, personnel, and procedures used to protect facilities,
information, documents, or material against theft, sabotage, diversion,
or other criminal acts.
[4] A surveillance is generally conducted by a single or small number
of subject matter experts, and the documentation from a surveillance or
group of surveillance activities may be used as part of the survey.
[5] We did not include naval reactors in our review because it is a
semiautonomous entity within NNSA with a unique security structure and
program.
[6] Although the Savannah River Site is still an Environmental
Management designated site, according to site officials, it will likely
become an NNSA site once the accelerated cleanup is complete. Because
of its present role as a key DOE nuclear weapons production site, we
included it in our review of site offices.
[7] One of the seven sites--Transportation Safeguards----is operated by
NNSA, not a contractor.
[8] National Defense Authorization Act for Fiscal Year 2000, Pub. L.
No. 106-65, tit. 32 (also known as the National Nuclear Security
Administration Act).
[9] The core skill sets needed to address the safeguards and security
elements at a facility include program management and planning;
protective force operations; classified matter protection and control;
physical security; technical security and security systems; nuclear
material control and accountability; and safeguards and security
program infrastructure.
[10] National Nuclear Security Administration, Report to Congress on
the Plan for Organizing the National Nuclear Security Administration
(Washington, D.C.: May 3, 2001).
[11] U.S. General Accounting Office, NNSA Management: Progress in the
Implementation of Title 32, GAO-02-93R (Washington, D.C.: Dec. 12,
2001).
[12] National Nuclear Security Administration, Report to Congress on
the Organization and Operations of the National Nuclear Security
Administration (Washington, D.C.: Feb. 25, 2002).
[13] The frequency of survey schedules can be modified if the site
being surveyed meets certain criteria.
[14] DOE Order 470.1 Safeguards and Security Program; Sept. 28, 1995.
[15] One site, the Office of Transportation Safeguards is federally
operated and therefore performance award fees are not applicable.
[16] U.S. Department of Energy, Guidelines for Performance Measurement,
DOE G 120.1-5 (Washington, D.C.: June 30, 1996).
GAO's Mission:
The General Accounting Office, the investigative arm of Congress,
exists to support Congress in meeting its constitutional
responsibilities and to help improve the performance and accountability
of the federal government for the American people. GAO examines the use
of public funds; evaluates federal programs and policies; and provides
analyses, recommendations, and other assistance to help Congress make
informed oversight, policy, and funding decisions. GAO's commitment to
good government is reflected in its core values of accountability,
integrity, and reliability.
Obtaining Copies of GAO Reports and Testimony:
The fastest and easiest way to obtain copies of GAO documents at no
cost is through the Internet. GAO's Web site ( www.gao.gov ) contains
abstracts and full-text files of current reports and testimony and an
expanding archive of older products. The Web site features a search
engine to help you locate documents using key words and phrases. You
can print these documents in their entirety, including charts and other
graphics.
Each day, GAO issues a list of newly released reports, testimony, and
correspondence. GAO posts this list, known as "Today's Reports," on its
Web site daily. The list contains links to the full-text document
files. To have GAO e-mail this list to you every afternoon, go to
www.gao.gov and select "Subscribe to e-mail alerts" under the "Order
GAO Products" heading.
Order by Mail or Phone:
The first copy of each printed report is free. Additional copies are $2
each. A check or money order should be made out to the Superintendent
of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or
more copies mailed to a single address are discounted 25 percent.
Orders should be sent to:
U.S. General Accounting Office
441 G Street NW,
Room LM Washington,
D.C. 20548:
To order by Phone:
Voice: (202) 512-6000:
TDD: (202) 512-2537:
Fax: (202) 512-6061:
To Report Fraud, Waste, and Abuse in Federal Programs:
Contact:
Web site: www.gao.gov/fraudnet/fraudnet.htm E-mail: fraudnet@gao.gov
Automated answering system: (800) 424-5454 or (202) 512-7470:
Public Affairs:
Jeff Nelligan, managing director, NelliganJ@gao.gov (202) 512-4800 U.S.
General Accounting Office, 441 G Street NW, Room 7149 Washington, D.C.
20548:
