Homeland Defense

Greater Focus on Analysis of Alternatives and Threats Needed to Improve DOD's Strategic Nuclear Weapons Security Gao ID: GAO-09-828 September 18, 2009

A successful terrorist attack on a facility containing nuclear weapons could have devastating consequences. GAO was asked to compare the Department of Defense's (DOD) and Department of Energy's (DOE) efforts to protect the nation's nuclear weapons where they are stored, maintained, or transported. This report (1) compares the nuclear weapons security policies and procedures at DOD and DOE, and the extent to which cost-benefit analyses are required; (2) compares DOD and DOE efforts to assess threats to nuclear weapons; and (3) identifies total current and projected funding requirements for securing nuclear weapons, including military construction costs. GAO analyzed DOD and DOE nuclear weapons security policies and procedures; visited sites that store, maintain, or transport nuclear weapons; and analyzed funding data for fiscal years 2006 through 2013. This report is an unclassified version of a classified report issued in May 2009.

DOD and DOE nuclear weapons security policies and guidance are similar in that both establish minimum security standards for nuclear weapons. However, DOD's guidance does not emphasize or require a cost-benefit analysis when considering alternative security measures, and therefore the full costs of alternatives may not be considered in a comprehensive manner when choosing among security measures. For example, the Navy plans to spend about $1.1 billion on security improvements to protect ballistic missile submarines while in transit, but selected one alternative without considering the full life cycle costs of the available alternatives. In contrast, DOE's policy for nuclear weapons security provides local officials greater flexibility than DOD's in determining how to meet security standards, and has a greater emphasis on cost-benefit analysis as a part of the decision-making process. Although DOD and DOE assess threats to nuclear assets as part of their nuclear weapons security programs, DOD has not provided adequate guidance or capabilities to fully develop local threat assessments where nuclear weapons are stored, maintained, or transported. DOD policies require installation commanders to develop threat assessments using a national assessment as a starting point and tailor that assessment to their installations. However, GAO identified instances where the local threat assessment generally reflected all threats contained in the national assessment, with only minimal adjustments to reflect the local environment. Further, the individuals developing the local assessments had limited guidance, were not trained as intelligence analysts and often used different methodologies. Without clear guidance and necessary threat assessment capabilities, the military services may not be fully leveraging local, regional, and national threat information in preparing local assessments. In contrast, DOE provides guidance and, at the time of GAO's review, was developing an approach to incorporate all available threat information more fully into its assessments, though GAO did not assess its effectiveness because this new approach had not been fully implemented. DOD and DOE have estimated the funds required to protect nuclear weapons to be approximately $11 billion for fiscal years 2006 through 2013, but GAO identified shortfalls in the Air Force's ability to centrally manage and track funding that limits the visibility of Air Force requirements. The Air Force and Navy make up over $8 billion of the total estimated requirement for securing nuclear weapons. The remaining $3 billion is incurred by the two DOE organizations that handle nuclear weapons. Across all four organizations, over half the $11 billion is devoted to funding security forces. Although accountability over funding data is critical to enabling decision makers to address nuclear weapons security funding requirements, GAO found that the Air Force lacked a consistent method to identify requirements specifically related to nuclear weapons security because of the decentralized method through which it manages this funding. Without a method to track these costs, the visibility of these requirements is limited, and the Air Force may not be able to effectively manage its nuclear weapons security funding.

Recommendations

Our recommendations from this work are listed below with a Contact for more information. Status will change from "In process" to "Open," "Closed - implemented," or "Closed - not implemented" based on our follow up work.

Director: Team: Phone:

GAO-09-828, Homeland Defense: Greater Focus on Analysis of Alternatives and Threats Needed to Improve DOD's Strategic Nuclear Weapons Security This is the accessible text file for GAO report number GAO-09-828 entitled 'Homeland Defense: Greater Focus on Analysis of Alternatives and Threats Needed to Improve DOD's Strategic Nuclear Weapons Security' which was released on September 18, 2009. This text file was formatted by the U.S. Government Accountability Office (GAO) to be accessible to users with visual impairments, as part of a longer term project to improve GAO products' accessibility. Every attempt has been made to maintain the structural and data integrity of the original printed product. Accessibility features, such as text descriptions of tables, consecutively numbered footnotes placed at the end of the file, and the text of agency comment letters, are provided but may not exactly duplicate the presentation or format of the printed version. The portable document format (PDF) file is an exact electronic replica of the printed version. We welcome your feedback. Please E-mail your comments regarding the contents or accessibility features of this document to Webmaster@gao.gov. This is a work of the U.S. government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from GAO. Because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. Report to Congressional Requesters: United States Government Accountability Office: GAO: September 2009: Homeland Defense: Greater Focus on Analysis of Alternatives and Threats Needed to Improve DOD's Strategic Nuclear Weapons Security: Homeland Defense: GAO-09-828: GAO Highlights: Highlights of GAO-09-828, a report to Congressional Requesters. Why GAO Did This Study: A successful terrorist attack on a facility containing nuclear weapons could have devastating consequences. GAO was asked to compare the Department of Defense‘s (DOD) and Department of Energy‘s (DOE) efforts to protect the nation‘s nuclear weapons where they are stored, maintained, or transported. This report (1) compares the nuclear weapons security policies and procedures at DOD and DOE, and the extent to which cost-benefit analyses are required; (2) compares DOD and DOE efforts to assess threats to nuclear weapons; and (3) identifies total current and projected funding requirements for securing nuclear weapons, including military construction costs. GAO analyzed DOD and DOE nuclear weapons security policies and procedures; visited sites that store, maintain, or transport nuclear weapons; and analyzed funding data for fiscal years 2006 through 2013. This report is an unclassified version of a classified report issued in May 2009. What GAO Found: DOD and DOE nuclear weapons security policies and guidance are similar in that both establish minimum security standards for nuclear weapons. However, DOD‘s guidance does not emphasize or require a cost-benefit analysis when considering alternative security measures, and therefore the full costs of alternatives may not be considered in a comprehensive manner when choosing among security measures. For example, the Navy plans to spend about $1.1 billion on security improvements to protect ballistic missile submarines while in transit, but selected one alternative without considering the full life cycle costs of the available alternatives. In contrast, DOE‘s policy for nuclear weapons security provides local officials greater flexibility than DOD‘s in determining how to meet security standards, and has a greater emphasis on cost-benefit analysis as a part of the decision-making process. Although DOD and DOE assess threats to nuclear assets as part of their nuclear weapons security programs, DOD has not provided adequate guidance or capabilities to fully develop local threat assessments where nuclear weapons are stored, maintained, or transported. DOD policies require installation commanders to develop threat assessments using a national assessment as a starting point and tailor that assessment to their installations. However, GAO identified instances where the local threat assessment generally reflected all threats contained in the national assessment, with only minimal adjustments to reflect the local environment. Further, the individuals developing the local assessments had limited guidance, were not trained as intelligence analysts and often used different methodologies. Without clear guidance and necessary threat assessment capabilities, the military services may not be fully leveraging local, regional, and national threat information in preparing local assessments. In contrast, DOE provides guidance and, at the time of GAO‘s review, was developing an approach to incorporate all available threat information more fully into its assessments, though GAO did not assess its effectiveness because this new approach had not been fully implemented. DOD and DOE have estimated the funds required to protect nuclear weapons to be approximately $11 billion for fiscal years 2006 through 2013, but GAO identified shortfalls in the Air Force‘s ability to centrally manage and track funding that limits the visibility of Air Force requirements. The Air Force and Navy make up over $8 billion of the total estimated requirement for securing nuclear weapons. The remaining $3 billion is incurred by the two DOE organizations that handle nuclear weapons. Across all four organizations, over half the $11 billion is devoted to funding security forces. Although accountability over funding data is critical to enabling decision makers to address nuclear weapons security funding requirements, GAO found that the Air Force lacked a consistent method to identify requirements specifically related to nuclear weapons security because of the decentralized method through which it manages this funding. Without a method to track these costs, the visibility of these requirements is limited, and the Air Force may not be able to effectively manage its nuclear weapons security funding. What GAO Recommends: GAO recommends that the Secretary of Defense improve DOD‘s process for evaluating and selecting among alternative security measures, improve installation commanders‘ ability to assess threats, and improve visibility and accountability over Air Force nuclear weapons security funding. DOD partially agreed with the recommendations in this report, noting several actions in process or needed to address the recommendations. View [hyperlink, http://www.gao.gov/products/GAO-09-828] or key components. For more information, contact Davi M. D'Agostino at (202) 512-5431 or dagostinod@gao.gov. [End of section] Contents: Letter: Results in Brief: Background: DOD and DOE Nuclear Weapons Security Policies Implement NSPD-28, but DOD Policies Can Limit or Preclude Analysis of Alternatives: DOD and DOE Require Local Threat Assessments, but DOD Installations Lack Guidance and Capabilities to Prepare Them: DOD and DOE Have Identified Funding Requirements of Approximately $11 Billion for Nuclear Weapons Security: Conclusions: Recommendations for Executive Action: Agency Comments and Our Evaluation: Appendix I: Scope and Methodology: Appendix II: DOD and DOE Policy Framework: Appendix III: Air Force and Navy Operating Environments for Nuclear Weapons: Appendix IV: Nuclear Weapons Security Funding for the Air Force, Navy, OST, and Pantex: Appendix V: Comments from the Department of Defense: Appendix VI: GAO Contact and Staff Acknowledgments: Related GAO Products: Tables: Table 1: Phases of the Risk Management Process: Table 2: DOD and DOE Estimated Funding for Nuclear Weapons Security, Fiscal Years 2006 through 2013: Table 3: List of Nuclear Security Policies, Procedures, and Guidance Documents Analyzed: Table 4: DOD's Nuclear Weapons Security Policy Framework: Table 5: DOE's Nuclear Weapons Security Policy Framework: Table 6: Total Estimated Air Force Nuclear Weapons Security Funding Requirements for Fiscal Years 2006 through 2013: Table 7: Total Estimated Navy Nuclear Weapons Security Funding Requirements for Fiscal Years 2006 through 2013: Table 8: Total Estimated OST Nuclear Weapons Security Funding Requirements for Fiscal Years 2006 through 2013: Table 9: Total Estimated Pantex Nuclear Weapons Security Funding Requirements for Fiscal Years 2006 through 2013: [End of section] United States Government Accountability Office: Washington, DC 20548: September 18, 2009: The Honorable Solomon Ortiz: Chairman: The Honorable Randy Forbes: Ranking Member: Subcommittee on Readiness: Committee on Armed Services: House of Representatives: The Honorable Jim Langevin: Chairman: The Honorable Michael Turner: Ranking Member: Subcommittee on Strategic Forces: Committee on Armed Services: House of Representatives: A successful terrorist attack on a facility containing nuclear weapons could have devastating consequences for the facility and its surrounding communities. As demonstrated by the terrorist attacks of September 11, 2001, the United States and other nations face increasingly diffuse threats. Terrorists have shown both the capability and willingness to attack high-value U.S. targets within the homeland and abroad. Accordingly, a recent presidential directive has noted that it must be assumed that U.S. nuclear weapons and the associated nuclear command and control system could be the target of a determined state or non-state adversary with access to substantial resources, intelligence, and advanced capabilities. Recent incidents related to the storage and transportation of nuclear weapons increased concerns about the adequacy of security measures for these assets. In 2006, critical, nuclear-related intercontinental ballistic missile (ICBM) parts, labeled as helicopter batteries, were mistakenly sent to Taiwan, and on August 30, 2007, a B-52 crew mistakenly flew nuclear weapons from Minot Air Force Base, North Dakota, to Barksdale Air Force Base, Louisiana. As a result, the Secretary of Defense and the Secretary of the Air Force requested a series of investigations and reviews that identified a serious erosion of senior-level attention, focus, expertise, mission readiness, resources, and discipline in the nuclear weapons mission area within the Air Force, which ultimately resulted in disciplinary actions and the resignation of Air Force personnel. We have also issued numerous reports over the past decade that Department of Energy (DOE) sites had not adequately addressed security-related issues, including delays in implementing security measures to address updated security requirements, challenges in developing a better-trained and better- organized security force in order to ensure that its sites were adequately prepared to defend themselves, and inconsistent implementation of protective force policies at DOE sites.[Footnote 1] To meet new and more varied threats against our national security, in June 2003, the President signed National Security Presidential Directive 28 (NSPD-28),[Footnote 2] which raised the importance of nuclear weapon command and control systems. This directive established a more stringent security requirement for nuclear weapons. It also directed the Department of Defense (DOD) and DOE, among other agencies, to implement policies, procedures, and systems to protect and control nuclear weapons. Both DOD and DOE play important roles in sustaining and protecting the United States' nuclear weapons capabilities. Within the DOD, the Air Force and the Navy operate and maintain the nation's strategic nuclear weapons arsenal. They also have the responsibility to provide for the security of those weapons in accordance with NSPD-28 and DOD implementing guidance. DOE is charged with maintaining, assembling, and disassembling nuclear weapons at its Pantex Plant (Pantex) in Amarillo, Texas, and providing secure transport of nuclear weapons and other material among and between DOD, DOE, and other sites within the continental United States by the Office of Secure Transportation (OST). [Footnote 3] DOE is also charged with the security of those materials when they are in its possession in accordance with NSPD-28 requirements. As we have previously reported, risk management is a systematic, analytical process to determine the likelihood that a threat will harm physical assets or individuals and then to identify actions to reduce risk and mitigate the consequences of an attack.[Footnote 4] The principles of risk management acknowledge that while risk generally cannot be eliminated, enhancing protection from known or potential threats can serve to reduce risk. Key elements of risk management include assessing threats, vulnerabilities, and criticality of assets and selecting between alternative courses of action to mitigate risk. Risk management can help policymakers make decisions about allocating resources and taking actions under conditions of uncertainty. Because of the importance of providing adequate security for our nation's nuclear weapons and the significant investments required to provide that security, you asked us to evaluate and compare DOD's and DOE's policies and procedures for protecting the nation's nuclear weapons and identify the resources being applied by both organizations to achieve that goal. Accordingly, this report (1) compares the nuclear weapons security policies, procedures, and guidance at DOD and DOE, and determines the extent to which alternatives and cost-benefit analyses are required; (2) compares DOD's and DOE's efforts to assess threats to nuclear weapons facilities and in-transit nuclear assets; and (3) identifies DOD's and DOE's total current and projected funding requirements for securing nuclear weapons, including military construction costs and the services' ability to track those costs. In May 2009, we reported to you on the results of our work in a classified report. This report is an unclassified version of that report. To compare DOD's and DOE's policies and procedures for protecting the nation's nuclear weapons and determine the extent to which they require alternatives and cost-benefit analyses, we analyzed DOD and DOE nuclear weapons security policies and procedures; visited 6 of 10 sites that store, maintain, or transport fully assembled nuclear weapons, including Air Force and Navy installations and the two DOE entities that handle fully assembled nuclear weapons--OST and Pantex; and interviewed DOD, DOE, Air Force, Navy, and other officials at headquarters and relevant field locations. We also compared DOD's and DOE's policies and guidance for weighing costs and benefits to GAO and OMB guidelines for analyzing costs and selecting among alternatives. We selected two Navy programs requiring significant investment of resources initiated after implementation of NSPD-28 as examples of how alternatives were evaluated and costs and benefits were weighed based on the existing policies. To evaluate the extent to which DOD and DOE apply risk management principles in their approach to establish nuclear security measures, we compared DOD, DOE, Air Force, and Navy policies, procedures, site security plans, and any related cost-benefit analyses to commonly accepted elements of risk management. Specifically, we assessed each organization's approach to identify the extent to which they address strategic goals and objectives, risk assessments (threat, vulnerability, and criticality assessments), evaluating and selecting alternative courses of action to mitigate risk, and management oversight. DOE updated its threat policy in August 2008 and is modifying related implementation manuals. Because the policy is new and had not been fully implemented, we were unable to fully assess the extent to which Pantex and OST are implementing new security requirements to address DOE's revised policy. To determine DOD's and DOE's total current and projected funding requirements for securing nuclear weapons, and the reliability of the data, we obtained and analyzed DOD and DOE funding data for fiscal years 2006 through 2013 related to securing nuclear weapons and supporting documentation. We identified major cost drivers and military construction costs during those budget years for each organization. We determined the cost data obtained to be sufficiently reliable for our purposes. We conducted the work for the classified report from November 2007 to April 2009 in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives. A more detailed description of our scope and methodology can be found in appendix I. Results in Brief: DOD and DOE policies and guidance for nuclear weapons security are driven by NSPD-28, and both departments established minimum security standards for nuclear weapons, but DOD's guidance is more prescriptive in that, in some instances, it sets forth very specific physical security measures and does not require, or in some cases allow, the military services to consider all available alternatives or weigh the full costs and benefits of implementing them. On the other hand, DOE's guidance permits consideration of alternative security measures and life cycle costs. For example, DOD's nuclear weapons security manual specifies barrier type and height, which precludes the military services from identifying and considering alternative measures that may achieve a similar result.[Footnote 5] The manual also states that "all efforts must be made to build future storage and maintenance facilities underground." As a practical matter, according to officials from the Office of the Deputy Assistant to the Secretary of Defense for Nuclear Matters, this policy requires all new facilities to be constructed underground unless it is physically impossible to do so. Consequently, in one case we examined, the Navy is pursuing the construction of an underground facility for weapons storage and maintenance at one of its Strategic Weapons Facilities without having considered other options or the full cost of the project compared to other alternatives. Further, while DOD nuclear security guidance states that affordability and life cycle costs of a nuclear weapon system shall be considered, this requirement applies primarily to the research and development and acquisition process, not to the actual selection and implementation of nuclear physical security measures. In addition, the guidance does not specifically provide for cost-benefit analysis when considering and selecting between alternative security measures. As a result, according to DOD officials, security measures may be selected without full consideration of their total costs. In another case we examined, the Navy is planning to spend approximately $1.1 billion on security improvements to protect ballistic missile submarines while in transit between the wharf and the surface/dive point, but selected one alternative without considering the full life cycle costs of the alternative solutions that were available.[Footnote 6] Specifically, the Navy did not consider all associated costs, such as additional facilities and support needed for the blocking vessels that protect the in-transit submarines or the full life cycle costs of the various alternatives when making its decision. We are recommending DOD modify nuclear weapons security guidance to place greater emphasis on alternatives analysis and cost-benefit considerations, including life cycle costs, when selecting alternative security measures. Both DOD and DOE assess threats and vulnerabilities of facilities and in-transit nuclear assets as part of their risk management approaches to nuclear weapons security, but DOD has not provided adequate guidance or capabilities to fully develop local threat assessments where nuclear weapons are stored, maintained, or transported. DOD policies require installation commanders to develop threat assessments using a national- level threat assessment that discusses all known threats to nuclear weapons as a starting point and tailor that assessment to their respective installations. However, at the installations we visited, we identified instances where the local threat assessment generally reflected all of the threats contained in the national-level assessment, with minimal adjustments to reflect the local threat environment. Because of the uncertain and unpredictable nature of terrorist threats, installation officials were reluctant to eliminate any threat listed in the national assessment, and individuals developing local threat assessments had limited guidance and were not trained as intelligence analysts. Without clear guidance and the necessary capabilities to comprehensively assess threats at nuclear weapons facilities, DOD and the military services may not be fully leveraging all available threat information at the local, regional, and national levels as local threat assessments are being prepared. In addition, in the absence of detailed guidance, we found that Air Force and Navy officials prepare their local threat assessments using different methodologies. Throughout the course of our review, DOD officials agreed that local commanders lacked the necessary guidance and capabilities to comprehensively assess threats at the installation level. In contrast, DOE provides guidance on the process for identifying and analyzing threats to its sites that handle nuclear material, and at the time of our review, OST was developing an approach to assess and incorporate local, regional, and national threat information more fully into its threat assessments. Beginning in 2008, DOE's Office of Secure Transportation placed intelligence analysts at U.S. Northern Command and DOE's Office of Intelligence and Counterintelligence to collect available intelligence information from regional and national sources, and established an analysis center to fuse that information, assess local threats, and provide this information to appropriate security personnel. OST officials believed it was important to obtain all available information to enhance the local threat assessment process and provide that as a basis for training and preparing security forces. However, because the initiative has not been fully implemented, we did not assess its effectiveness in this review. We are recommending that DOD provide more specific guidance on the methodology to develop local threat assessments and provide installation commanders with the capabilities necessary to enhance the local threat assessment process. DOD and DOE have estimated the funds required to protect nuclear weapons to be approximately $11 billion for fiscal years 2006 through 2013, but we identified shortfalls in the Air Force's ability to centrally manage and track this funding that limits its visibility. The Air Force and Navy make up over $8 billion (73 percent) of the total estimated requirement for securing nuclear weapons. The remaining $3 billion (27 percent) of the requirement is incurred by the two DOE organizations that handle nuclear weapons, OST and Pantex. Across all four organizations, over half of the $11 billion associated with securing nuclear weapons is devoted to funding security forces. Although accountability over funding data is critical to enabling decision makers to address the funding requirements of the nuclear weapons security program, we found that the Air Force lacked a consistent method to identify funding requirements specifically related to nuclear weapons security because of the decentralized method through which it manages this funding. Therefore, it took the Air Force over 8 months to provide us with details related to its costs associated with securing nuclear weapons. Without a method to track these costs, the visibility of these requirements is limited, and the Air Force may not be able to effectively manage its nuclear weapons security program as it moves to a new nuclear command structure.[Footnote 7] We are recommending that the Air Force establish a method to track funding associated with nuclear weapons security as it moves to a new nuclear command structure. Details related to major funding components for each organization are shown in appendix IV. DOD provided written comments on a draft of this report. DOD partially agreed with our recommendations and described actions in process or needed to implement them. DOD also provided technical comments, which we incorporated into the final report as appropriate. A summary of DOD's comments and a summary of our response to these comments follow the Recommendations for Executive Action section of this report. DOD's written comments are reprinted in appendix V. DOE also reviewed a draft of this report and had no comments. However, it provided technical comments, which we incorporated into the final report as appropriate. Background: In June 2003, the President signed NSPD-28. This directive emphasized the need to prevent the unauthorized or accidental use of U.S. nuclear weapons. In response to NSPD-28, DOD updated its entire family of nuclear weapons security policies and guidance to reflect the higher security requirements of the new presidential directive. DOE has also updated its family of nuclear weapons security policies and guidance since NSPD-28 was issued. Within DOD, the Air Force and Navy are responsible for implementing DOD's nuclear weapons security policies and securing the weapons under their control. Within the Air Force, four major commands have a role in the nuclear mission--Air Force Space Command, Air Combat Command, Air Force Materiel Command, and U.S. Air Force Europe. Air Force Space Command has authority over three Air Force installations responsible for maintaining the ICBM fields that are located in five states and span 23,500 square miles. Missile silos located throughout the ICBM fields can often be hundreds of miles from the main installation. Air Combat Command has authority over two installations that store and maintain the nuclear weapons used on B-2 and B-52 aircraft. Air Force Materiel Command is responsible for one installation that is home to DOD's only underground storage and maintenance facility for nuclear weapons. U.S. Air Force Europe has responsibility for U.S. nuclear weapons located on both U.S. and host nation installations in Europe. The Navy has a single, centralized command and control system for its nuclear mission to oversee its two strategic weapons facilities that operate in four environments that are distinct from the Air Force's operating environments (see app. III for a detailed description of each nuclear weapon operating environment for the Air Force and the Navy). The Navy's installations are comparatively compact sites, unlike the Air Force's missile fields, and support nuclear-powered submarines (commonly referred to as SSBNs) equipped to launch Trident missiles. DOE and the National Nuclear Security Administration--a separately organized agency within DOE--are responsible for implementing DOE's nuclear security threat policy and overseeing the 10 entities in DOE that currently handle types and quantities of special nuclear materials that can be used in nuclear weapons. Of these entities that handle nuclear material, only 2 handle fully assembled nuclear weapons--OST and Pantex located in Amarillo, Texas. OST is responsible for securely transporting nuclear weapons, components, and other sensitive nuclear materials between authorized destinations in support of both DOD's and DOE's nuclear missions. OST is not responsible for any work related to maintaining or servicing the weapons or components--its purpose is solely to provide secure transport. In contrast, Pantex is a fixed site that carries out several missions related to maintaining and servicing nuclear weapons, including the development, testing, and fabrication of high explosive components; supporting the nuclear weapons life extension programs;[Footnote 8] and dismantling weapons after they are retired by the military. Risk Management Framework: Risk management is a widely accepted method within the federal government and the private sector for protecting important assets, identifying threats to those assets and vulnerabilities in protective measures, and prioritizing security needs. Risk management principles acknowledge that while risk generally cannot be eliminated, enhancing protection from known or potential threats can reduce it. Risk management includes a series of analytical and managerial steps that can be used to assess risk, evaluate alternatives for reducing risks, choose among those alternatives, implement the selected alternatives, monitor their implementation, and continually use new information to adjust and revise the assessments and actions, as needed. Table 1 summarizes the five phases of risk management. Table 1: Phases of the Risk Management Process: Phase: Setting strategic goals and objectives, and determining constraints; Description: Decisions should align with corresponding strategic goals and objectives and should not go beyond the identified constraints of the organization. Phase: Assessing risks; Description: Risk assessment consists of identifying threats, vulnerabilities, and potential consequences. While threat assessments identify and evaluate potential threats against an identified asset or location, vulnerability assessments identify security weaknesses that may be exploited by identified threats. Consequence information for a terrorist attack or other hazard is combined with the threat information and known vulnerabilities to complete the risk assessment and help prioritize assets and allocate resources to protective actions. Phase: Evaluating alternatives for addressing risks; Description: A process should be in place for identifying and evaluating strategies to reduce risks through various measures designed to prevent or mitigate an attack. Cost-benefit analysis is critical in assessing alternatives because it links the benefits of alternative measures to the costs associated with implementing and maintaining them. Phase: Selecting alternatives; Description: Managers select the blend of options from the proposed alternatives that achieves the greatest expected reduction in risk in relation to cost for both the short and the long term. Phase: Implementation and monitoring; Description: Once the selected countermeasures are implemented, monitoring is essential in order to help ensure that the process remains current and relevant. Source: GAO, Risk Management: Further Refinements Needed to Assess Risks and Prioritize Protective Measures at Ports and Other Critical Infrastructure, [hyperlink, http://www.gao.gov/products/GAO-06-91] (Washington, D.C.: Dec. 15, 2005). [End of table] DOD and DOE Nuclear Weapons Security Policies Implement NSPD-28, but DOD Policies Can Limit or Preclude Analysis of Alternatives: Both DOD and DOE have established policies and guidance for nuclear weapons security that set minimum security standards for storing, maintaining, or transporting nuclear weapons, but DOD's guidance can limit or preclude analysis of alternatives and does not require or emphasize costs and benefits to be weighed when selecting among security alternatives to meet those standards. As a result, according to DOD officials, security measures may be selected without full consideration of their total costs. In the two cases we examined the Navy did not fully consider life cycle costs in making decisions about security investments, and it is unclear whether the most cost-effective measures were selected. DOD and DOE have similar nuclear weapons security responsibilities to address the requirements of NSPD-28 and each has established its own nuclear weapons security policy frameworks that seek to meet these requirements and spell out specific minimum standards for sites to implement. However, DOD's overarching policies and guidance are generally more prescriptive in their requirements for physical security measures than DOE's and in some cases this may limit the military services' abilities to consider all available security options. For example, DOD's Nuclear Weapons Security Manual requires installations to construct a barrier around their borders and specifies that the barrier must be a fence constructed of chain link material and stand 7 feet tall.[Footnote 9] In contrast, DOE's Physical Protection Manual requires sites, such as Pantex, to construct a barrier around its area boundaries in order to control, impede, or deny access to the site. DOE's guidance provides local officials flexibility to meet the requirement by building a wall, fence, or other barrier, so long as the objectives of the barrier described in the manual are met. Other differences in DOD's and DOE's approaches to nuclear weapons security are primarily due to differences in their respective command structures, operating environments, and missions. Additional detail on the similarities and differences in DOD's and DOE's approaches to nuclear weapons security can be found in appendix II. DOD's Nuclear Weapons Security Guidance Does Not Emphasize Analysis of Alternatives or Cost-Benefit Analyses When Choosing New Security Measures: DOD's nuclear weapons security guidance does not emphasize or require a cost-benefit analysis when considering alternative security measures, and therefore the full costs of various alternatives may not be considered in a comprehensive manner when choosing among alternative security measures.[Footnote 10] DOD nuclear weapons security guidance states that affordability and life cycle costs of a nuclear weapon system[Footnote 11] shall be considered; however, this requirement applies primarily to the research and development and acquisition process for the system, not to the actual selection and implementation of nuclear security measures. In addition, the guidance does not specifically provide for cost-benefit analysis, although costs are occasionally cited as a criterion for deviations from security requirements. As a result, according to DOD officials from the Office of the Deputy Assistant to the Secretary of Defense for Nuclear Matters, as well as Navy officials, security measures can and have been selected without full consideration of their total life cycle costs. In one case we examined, the Navy is planning to spend over $1.1 billion on a new program to enhance the security of its submarines carrying nuclear weapons in transit between the wharf and the surface/ dive point. The Navy's analysis used modeling, exercises, and simulations to evaluate 19 different alternatives, including maintaining the status quo. Based on the results of modeling the 19 alternatives, Navy officials narrowed the candidate options to the ones they thought provided an acceptable level of effectiveness and began to compare the cost of those alternatives. Navy officials then selected one option that in their view provided the best balance between cost and effectiveness. The Navy's analysis included leasing, procurement, operations and maintenance, and staffing costs for only the first 6 years of the program, however, which did not cover the entire life cycle for these security measures.[Footnote 12] Furthermore, the Navy did not consider the military construction costs of building new facilities to support the new security measures, including those required to berth the blocking vessels that protect the submarines during transit and new storage and administrative space. In another case, the Navy interpreted DOD's prescriptive nuclear weapons security standards as precluding the consideration of costs and benefits. Specifically, the Navy has undertaken a project at one of its nuclear facilities to build an underground maintenance and storage facility without conducting any comparative analysis of costs and benefits to examine alternatives. Navy officials told us that building underground facilities is the only alternative for replacing old, substandard facilities because DOD's manual establishes what they consider a requirement for new nuclear weapons storage and maintenance facilities to be built underground.The Navy has defined life cycle cost estimates as the total cost of a program over its full life from research and development to final disposal. Specifically, Naval Sea Systems Command's Cost Estimating Handbook[Footnote 13] identifies four phases that a life cycle cost estimate must address: * Research and development costs include those for development, design, start-up, testing, and changing facilities, among other similar costs. * Procurement and investment costs are those associated with production and deployment of the system and related support equipment and facilities. * Operations and support costs are all direct and indirect costs incurred when using the asset through its entire life, including fuel and maintenance costs, among others. * Disposal includes the costs of disposing or retiring the asset after its useful life. Analyzing costs and benefits is a critical component of risk management when choosing among alternative security measures because it links the benefits of alternatives to the costs associated with implementing and maintaining them. Additionally, GAO and the Office of Management and Budget have published guidelines for all agencies on analyzing costs that explain that life cycle costs should be analyzed to determine the most cost-effective alternative.[Footnote 14],[Footnote 15] Without calculating and comparing the full life cycle costs for alternatives to securing submarines, including supporting facilities, it is unclear whether the alternative selected was the most cost-effective option. Furthermore, DOD does not require costs and benefits of alternative security measures to be weighed and, in some cases, prescribes specific measures the services are required to implement without weighing their costs and benefits. DOE, in contrast, provides its sites with specific guidance on analyzing alternative security measures, including steps to weigh costs and benefits. DOE's Vulnerability Assessment Process Guide describes a process for selecting and analyzing alternative security measures. [Footnote 16] Following this guidance, OST and Pantex both established their own respective processes for considering alternatives and weighing costs--OST's Concept to Capability Process and Pantex's Technology Integration Process. For example, officials at Pantex recently followed its process to weigh the alternatives for replacing armored security vehicles. Through this process, three alternative vehicles were identified and analyzed before one was selected. DOD and DOE Require Local Threat Assessments, but DOD Installations Lack Guidance and Capabilities to Prepare Them: Both DOD and DOE assess threats and vulnerabilities of facilities and in-transit nuclear assets as part of their risk management approaches to nuclear weapons security, but DOD has not provided adequate guidance or capabilities to fully develop local threat assessments where nuclear weapons are stored, maintained, or transported. DOD's nuclear weapons security policies require commanders to prepare local threat assessments for locations that store, maintain, or transport nuclear weapons based on the Nuclear Security Threat Capabilities Assessment (NSTCA),[Footnote 17] published in December 2005 by the Defense Intelligence Agency, which describes the threat to DOD's U.S. nuclear weapons based on historical precedents and plausible scenarios. Essentially, the NSTCA is a compilation of information from a variety of sources that attempts to identify all potential threats to the nuclear weapons under DOD's control. The NSTCA focuses primarily on threats from international terrorist groups, state actors, and domestic groups acting solely within the United States. DOD's antiterrorism standards also require installation commanders to conduct annual threat assessments at every installation, including those with nuclear weapons, and to assess threats using local, regional, and national sources of information.[Footnote 18] We reviewed the local threat assessments for Air Force and Navy installations and found that although there are some differences in how they incorporate information from the NSTCA, they all generally mirror its threat information. For example, the local threat assessment prepared by officials of the Navy Strategic Weapons Facility we visited draws heavily from the NSTCA and, to a limited extent, on the threat assessment prepared by the Naval Criminal Investigative Service (NCIS) for the local area surrounding the installation. In contrast, the local assessment for the other Navy Strategic Weapons Facility simply states that the threat to that location is "consistent with the threats documented" in the NSTCA. In fact, one senior Navy official with responsibility for nuclear security programs told us that strategic weapons facility commanders are reluctant to eliminate any of the threats in the NSTCA from their local threat assessments because of the uncertain and unpredictable nature of terrorist threats. Similarly, the local threat assessments for the Air Force installations we visited generally highlighted the same threats as those documented in the national assessment and contained the same information provided in the installation threat assessments prepared by the local Air Force Office of Special Investigations (OSI). Officials at both Air Force and Navy facilities lack the guidance and capabilities necessary to analyze available intelligence information from the local, regional, and national levels. Officials told us that the only guidance they have received is that contained in the March 2006 cover memo to the NSTCA, which directs installation commanders to localize the NSTCA to each operating environment at each storage and operational location, but does not provide any detailed guidance on how the assessments should be prepared or the sources of information that should be used to develop the local threat assessments. Throughout the course of our review, DOD officials agreed that local commanders lacked the necessary guidance and capabilities to comprehensively assess threats at the installation level. In the absence of detailed guidance, we found that Air Force and Navy officials prepare their local threat assessments using different methodologies. For example, at two of the Air Force installations we visited, commanders relied on threat working groups comprising installation officials to develop the local nuclear security threat assessment.[Footnote 19] At the third Air Force installation we visited, the installation intelligence officer worked independently to identify and assess the threat and prepare the localized nuclear security threat assessment. At each of the Air Force installations, the officials charged with preparing the local nuclear threat assessment reviewed local defense threat assessments prepared by the Air Force's OSI in preparing their local assessments. At the Navy installation we visited, the deputy security director coordinated with local NCIS agents to obtain local threat information and compared the national- level threats and capabilities identified in the NSTCA to the local situation to develop a local threat assessment. In addition to limited guidance, at the local level installation commanders have limited capabilities to develop local threat assessments. Specifically, the Air Force and Navy rely heavily on assistance from their OSI and NCIS counterparts to provide local threat information, prepare local threat assessments, and serve as a conduit to local law enforcement agencies, the local Federal Bureau of Investigation (FBI) offices, and Joint Terrorism Task Forces (JTTF) or fusion centers in the area.[Footnote 20] However, at the installations we visited, these agents were field agents not intelligence analysts. These agents stated that, in their view, they did not believe they were in the best position to analyze and fuse intelligence information collected from local, regional, and national levels as the basis for the local NSTCA. Furthermore, at the installations we visited, the local threat assessments are not generally vetted through OSI and NCIS beyond the local office or any non-DOD organization, such as the FBI, and the agents involved may not even see the final product. For example, NCIS agents at the Navy installation we visited told us that they had not seen or read the local threat assessment for that installation. Also, an FBI official who was the principal liaison with an Air Force installation we visited had not seen and was not familiar with the local threat assessment for that installation, and he was not aware of any process through which the local threat assessment would be vetted through the local FBI office or intelligence analysts. Without clear guidance and capabilities to prepare the local threat assessments, DOD and the military services may not be fully leveraging all available threat information as local threat assessments are being prepared. The DOD Nuclear Weapons Security Manual[Footnote 21] also requires commanders at facilities that operate, maintain, store, or transport nuclear weapons to conduct annual vulnerability assessments and recommend actions to reduce or mitigate the identified vulnerabilities as part of the threat and risk assessment process.[Footnote 22] The manual states that a threat assessment, based on the postulated national threat as well as the local threat assessment, is to be used as the basis for the vulnerability assessment. However, if the local threat assessment does not fully identify the threats present in the area, that omission may also affect the installation commander's ability to identify all vulnerabilities. We reviewed the vulnerability assessments prepared by commanders of the Air Force and Navy installations that we visited. We found that each conducted annual vulnerability assessments based on the national-level threat postulated in the NSTCA and on the local threat assessment. At the two Navy installations, vulnerability assessment teams evaluated each of the environments in which they operate in terms of available security measures and the potential threats identified in the national- level and localized threat assessments. At the Air Force installations, we found that as for the Navy, vulnerability assessments were prepared using the postulated threats outlined in the NSTCA and the locally prepared threat assessments, as described above, and generally focus on the threats identified at the national level. However, because vulnerability assessments are based in part on threat assessments, an incomplete assessment of the local threats could result in an incomplete assessment of the installation's vulnerabilities. DOE Provides More Specific Guidance to Assess Threats, and an Assessment Approach That Allows Greater Access to Information Sources: In contrast to DOD's approach to threat assessments, DOE has provided its two sites that handle nuclear weapons more specific guidance and resources than DOD to identify and assess local threats. Like DOD, DOE requires that its two sites that handle nuclear weapons--OST and Pantex--incorporate local, regional, and national threat information into their annual assessments. DOE's guidance states that the Graded Security Protection (GSP) policy--DOE's national-level threat policy-- must be the baseline threat definition but that regional and local threats should be identified and considered in conducting site vulnerability assessments. In practice, OST and Pantex conduct their threat assessments in cooperation with the FBI and other federal agencies. At Pantex, for example, local FBI agents are stationed on- site to identify local and regional threats and provide a conduit to state and local law enforcement agencies. In addition, in 2008, OST established a new threat assessment approach that includes placing its intelligence analysts at U.S. Northern Command and DOE's Office of Intelligence and Counterintelligence. The approach also provides a capability to fuse threat information from these and other sources-- including the FBI, National Counter Terrorism Center, JTTF, and others- -and includes intelligence analysts who process this information and provide threat assessments to DOE personnel involved in transporting nuclear materials. According to the OST Assistant Deputy Administrator with responsibility for security, OST's new approach was necessary because DOE's former threat policy, the Design Basis Threat (DBT), focused on the more severe but less likely threats.[Footnote 23] In his opinion, it was important for OST to obtain all available information to identify potentially less severe, but more likely threats as a basis for training and preparing security forces. According to DOE officials, these threats although less severe include events that may embarrass the United States, affect the entire continental United States-based nuclear weapons program, or both. In its technical comments on a draft of this report, DOE stated that its new threat policy, the GSP, will serve as a strategic-level planning document that addresses a range of assets, threats, and adversary types. DOE further commented that the security approach instituted by OST and other sites in the department represents a mechanism for implementing the GSP on a day-to-day basis that considers each site's specific mission. Because the new initiative has not been fully implemented, we did not assess its effectiveness in this review. DOD and DOE Have Identified Funding Requirements of Approximately $11 Billion for Nuclear Weapons Security: DOD and DOE have estimated the funds required to protect nuclear weapons to be approximately $11 billion for fiscal years 2006 through 2013.[Footnote 24] However, we identified shortfalls in the Air Force's ability to centrally manage and track funding that limit the visibility of Air Force requirements. DOD estimated nuclear weapons security funding to be $8.1 billion--approximately $4.7 billion for the Air Force and almost $3.4 billion for the Navy. Within DOE, the two organizations that handle fully assembled nuclear weapons, OST and Pantex, estimated the funding for nuclear weapons security to be approximately $1.9 billion and $1.1 billion, respectively. Personnel costs are the single largest driver in security costs across both DOD and DOE--representing approximately $6.2 billion, or 56 percent of the $11 billion total. Table 2 summarizes the nuclear weapons security funding requirements for the Air Force, Navy, OST, and Pantex. The funding categories used by DOD and DOE organizations differ somewhat because of differences in the departments and missions. Additional detail concerning the nuclear weapons security funding requirements of each of these organizations can be found in appendix IV. Table 2: DOD and DOE Estimated Funding for Nuclear Weapons Security, Fiscal Years 2006 through 2013: Organization: Air Force; Funding category[A]: Military personnel; FY 2006: $454.9 million; FY 2007: $462.3 million; FY 2008: $473.6 million; FY 2009: $417.4 million; FY 2010: $423.7 million; FY 2011: $439.0 million; FY 2012: $456.7 million; FY 2013: $471.4 million; Grand total: $3,599.0 million. Organization: Air Force; Funding category[A]: Weapons procurement; FY 2006: $40.8 million; FY 2007: $79.1 million; FY 2008: $98.9 million; FY 2009: $93.7 million; FY 2010: $80.8 million; FY 2011: $27.4 million; FY 2012: $24.5 million; FY 2013: $19.2 million; Grand total: $464.4 million. Organization: Air Force; Funding category[A]: Operations and maintenance (equipment); FY 2006: $42.0 million; FY 2007: $48.4 million; FY 2008: $71.9 million; FY 2009: $51.7 million; FY 2010: $43.7 million; FY 2011: $51.0 million; FY 2012: $44.7 million; FY 2013: $45.4 million; Grand total: $398.8 million. Organization: Air Force; Funding category[A]: Military construction; FY 2006: 0.0; FY 2007: 0.0; FY 2008: 0.0; FY 2009: 0.0; FY 2010: 0.0; FY 2011: 0.0; FY 2012: $4.6 million; FY 2013: 0.0; Grand total: $4.6 million. Organization: Air Force; Funding category[A]: Other appropriations; FY 2006: $32.6 million; FY 2007: $27.2 million; FY 2008: $16.4 million; FY 2009: $30.3 million; FY 2010: $34.2 million; FY 2011: $30.4 million; FY 2012: $24.4 million; FY 2013: $18.8 million; Grand total: $214.3 million. Organization: Air Force; Funding category[A]: Total Air Force funding requirement; FY 2006: $570.3 million; FY 2007: $617.0 million; FY 2008: $660.8 million; FY 2009: $593.1 million; FY 2010: $582.4 million; FY 2011: $547.8 million; FY 2012: $554.9 million; FY 2013: $554.8 million; Grand total: $4,681.1 million. Organization: Navy; Funding category[A]: Operations and maintenance; FY 2006: $99.7 million; FY 2007: $150.1 million; FY 2008: $150.5 million; FY 2009: $171.9 million; FY 2010: $167.1 million; FY 2011: $166.5 million; FY 2012: $169.8 million; FY 2013: $173.3 million; Grand total: $1,248.9 million. Organization: Navy; Funding category[A]: Military construction; FY 2006: $94.3 million; FY 2007: $48.1 million; FY 2008: $39.8 million; FY 2009: $50.7 million; FY 2010: $133.7 million; FY 2011: $309.0 million; FY 2012: $44.6 million; FY 2013: $56.0 million; Grand total: $776.2 million. Organization: Navy; Funding category[A]: Navy and Marine Corps manpower; FY 2006: $62.9 million; FY 2007: $70.0 million; FY 2008: $72.2 million; FY 2009: $85.7 million; FY 2010: $88.3 million; FY 2011: $90.9 million; FY 2012: $93.6 million; FY 2013: $96.4 million; Grand total: $660.0 million. Organization: Navy; Funding category[A]: Other procurement; FY 2006: $112.7 million; FY 2007: $41.1 million; FY 2008: $53.1 million; FY 2009: $52.9 million; FY 2010: $33.9 million; FY 2011: $27.3 million; FY 2012: $95.9 million; FY 2013: $97.8 million; Grand total: $514.7 million. Organization: Navy; Funding category[A]: Weapons procurement; FY 2006: $5.1 million; FY 2007: 0.0; FY 2008: $7.0 million; FY 2009: $45.4 million; FY 2010: $44.3 million; FY 2011: $31.2 million; FY 2012: 0.0; FY 2013: 0.0; Grand total: $133.0 million. Organization: Navy; Funding category[A]: Other appropriations; FY 2006: 0.0; FY 2007: $41.9 million; FY 2008: $5.8 million; FY 2009: $0.9 million; FY 2010: $0.9 million; FY 2011: 0.0; FY 2012: 0.0; FY 2013: 0.0; Grand total: $49.5 million. Organization: Navy; Funding category[A]: Total Navy funding requirement; FY 2006: $374.7 million; FY 2007: $351.2 million; FY 2008: $328.4 million; FY 2009: $407.5 million; FY 2010: $468.2 million; FY 2011: $624.9 million; FY 2012: $403.9 million; FY 2013: $423.5 million; Grand total: $3,382.3 million. Total DOD funding requirement; Grand total: $8,063.4 million. Organization: OST; Funding category[A]: Mission capacity; FY 2006: $121.0 million; FY 2007: $117.0 million; FY 2008: $122.7 million; FY 2009: $123.0 million; FY 2010: $149.8 million; FY 2011: $160.0 million; FY 2012: $165.2 million; FY 2013: $166.1 million; Grand total: $1,124.8 million. Organization: OST; Funding category[A]: Program management; FY 2006: $39.7 million; FY 2007: $47.0 million; FY 2008: $46.6 million; FY 2009: $48.2 million; FY 2010: $52.6 million; FY 2011: $54.1 million; FY 2012: $56.9 million; FY 2013: $58.0 million; Grand total: $403.1 million. Organization: OST; Funding category[A]: Infrastructure; FY 2006: $26.1 million; FY 2007: $28.7 million; FY 2008: $24.0 million; FY 2009: $28.0 million; FY 2010: $25.1 million; FY 2011: $30.2 million; FY 2012: $30.7 million; FY 2013: $30.5 million; Grand total: $223.3 million. Organization: OST; Funding category[A]: Security/safety capability; FY 2006: $23.1 million; FY 2007: $16.5 million; FY 2008: $23.6 million; FY 2009: $21.8 million; FY 2010: $23.8 million; FY 2011: $21.8 million; FY 2012: $22.1 million; FY 2013: $22.1 million; Grand total: $174.8 million. Organization: OST; Funding category[A]: Total OST funding requirement; FY 2006: $209.9 million; FY 2007: $209.2 million; FY 2008: $216.9 million; FY 2009: $221.0 million; FY 2010: $251.3 million; FY 2011: $266.1 million; FY 2012: $274.9 million; FY 2013: $276.7 million; Grand total: $1,926.0 million. Organization: Pantex; Funding category[A]: Protective forces; FY 2006: $90.3 million; FY 2007: $92.5 million; FY 2008: $100.3 million; FY 2009: $105.5 million; FY 2010: $117.6 million; FY 2011: $117.6 million; FY 2012: $123.5 million; FY 2013: $117.0 million; Grand total: $864.3 million. Organization: Pantex; Funding category[A]: Physical security systems; FY 2006: $6.9 million; FY 2007: $7.3 million; FY 2008: $10.3 million; FY 2009: $4.8 million; FY 2010: $8.7 million; FY 2011: $10.2 million; FY 2012: $9.7 million; FY 2013: $20.0 million; Grand total: $77.9 million. Organization: Pantex; Funding category[A]: DBT security enhancements; FY 2006: $14.7 million; FY 2007: $9.1 million; FY 2008: $25.5 million; FY 2009: 0.0; FY 2010: 0.0; FY 2011: 0.0; FY 2012: 0.0; FY 2013: 0.0; Grand total: $49.3 million. Organization: Pantex; Funding category[A]: All other programs; FY 2006: $11.1 million; FY 2007: $13.1 million; FY 2008: $14.7 million; FY 2009: $15.1 million; FY 2010: $8.8 million; FY 2011: $15.0 million; FY 2012: $14.6 million; FY 2013: $15.0 million; Grand total: $107.4 million. Organization: Pantex; Funding category[A]: Total Pantex funding requirement; FY 2006: $123.0 million; FY 2007: $122.0 million; FY 2008: $150.8 million; FY 2009: $125.4 million; FY 2010: $135.1 million; FY 2011: $142.8 million; FY 2012: $147.8 million; FY 2013: $152.0 million; Grand total: $1,098.9 million. Total DOE funding requirement: Grand total: $3,024.9 million. Total DOD and DOE nuclear security funding requirement: Grand total: $11,088.3 million. Source: GAO analysis of DOD (Air Force and Navy) and DOE (OST and Pantex) data. [A] Funding categories include appropriation accounts for the Air Force and Navy, subprograms for OST, and programs for Pantex. [End of table] DOD has estimated the funds required to protect the Air Force arsenal of nuclear weapons to be approximately $ 4.7 billion for fiscal years 2006 through 2013. The most significant component of this estimate is the funding for security forces. Air Force personnel who protect the nuclear weapons account for over three-fourths--$3.6 billion (over 76 percent)--of the Air Force's total estimated funding. Safeguarding the Air Force nuclear weapons arsenal is a labor-intensive mission because of the vast geographic areas that its security forces must operate in and the specific response times required by DOD's nuclear weapons security policies. The Air Force's funding estimate also includes $4.6 million in military construction funds to construct a weapons storage area security control facility for the Air Combat Command in fiscal year 2012. The Air Force's military construction requirement is small in comparison to the Navy's investment in military construction projects for fiscal years 2006 through 2013, because, according to Air Force officials, many of the Air Force facilities that store and process nuclear assets were constructed prior to fiscal year 2006. DOD has estimated the funds required to protect the Navy stockpile of nuclear weapons to be approximately $3.4 billion for fiscal years 2006 through 2013.[Footnote 25] Operations and maintenance is the major component of this estimate, encompassing about $1.2 billion (36.9 percent) of the total. The majority of the operations and maintenance funding--$633.5 million (50.7 percent)--is borne by one program, the Transit Protection System, which is a group of vessels, personnel, and weapons systems intended to protect SSBNs transiting between a homeport and a safe surface/dive location. However, the total cost of the Transit Protection System project is estimated to be about $1.1 billion. Over $776.2 million (22.9 percent) of the Navy's funding estimate includes military construction projects. The Navy's largest building project is the construction of a secure production and storage complex at both Strategic Weapons Facility locations. These complexes provide a secure, hardened location for storage and processing facilities at an estimated cost of $459.7 million. DOE has estimated the funds required to protect fully assembled nuclear weapons and other nuclear material and components that OST transports from one location to another, for fiscal years 2006 through 2013, to be over $1.9 billion. OST organizes its work into four subprograms: mission capacity, program management, infrastructure, and security/ safety capability. Each of the subprograms is further described below: * Mission capacity ($1.1 billon) consists of raising and maintaining its capacity to meet projected workloads, including annual training classes; recruiting, equipping, and training federal agent candidates; and maintaining vehicles, among other things. * Program management ($403.1 million) includes business supplies and operations and evaluation of work functions and processes. * Infrastructure ($223.3 million) covers the maintenance and modernization of communications systems at OST, among other things, including maintaining classified command, control, and communications systems for oversight of nuclear convoys. * Security/safety capability ($174.8 million) encompasses security and safety programs--such as liaison with local law enforcement--and the identification, design, and testing of new technologies, among other things. DOE has estimated the funds required to protect the fully assembled nuclear weapons and other nuclear material and components at Pantex to be about $1.1 billion for fiscal years 2006 through 2013. Pantex organizes its funding information in the following categories: * Protective forces program ($864.3 million) pays for an armed, contracted security force and equipment, facilities, training, management, and administrative support. * Physical security systems program ($77.9 million) provides intrusion detection and assessment capabilities, access controls, and maintenance of security systems at Pantex. * The DBT Security Enhancements program ($49.3 million) pays for upgrades associated with implementation of DOE's 2005 DBT policy, including hiring and training of additional officers, deploying new weapons and ammunition, and upgrading physical security systems. [Footnote 26] * All other programs ($107.4 million) include program management and support, information protection, materials control and accountability, and the personnel security program. Air Force Lacks a Centralized Approach to Manage and Track Funding: Although accountability over funding data is critical to enabling decision makers to address the funding requirements of the nuclear weapons security program, we found that the Air Force lacked a consistent method to identify nuclear weapons security funding because of the decentralized method through which it manages this funding. As a result, Air Staff officials made data calls to all commands with nuclear weapons security responsibility to obtain and assimilate the funding information before forwarding it to us. With this process, it took Air Force personnel over 8 months to provide us with the information and supporting documentation. In the course of our work, Air Force officials indicated that they recognize the limitations of the current decentralized approach to managing and tracking nuclear security funding. In contrast, the Navy and the two DOE organizations-- OST and Pantex--have a more centralized approach to managing nuclear weapons security funding and were therefore able to provide their respective nuclear weapons security funding estimates and supporting documentation in a more timely manner. In October 2008, the Air Force announced plans to reorganize its nuclear command and control system and will consolidate the management of nuclear weapons under one major command to oversee its nuclear mission--Global Strike Command--that is scheduled to reach initial operating capability in September 2009. According to Air Force officials this reorganization has the potential to provide them with different methods to manage and track funding associated with nuclear weapons. We have previously reported that producing timely, useful, and reliable performance information, including related cost data, is critical for achieving the goals that Congress established in the Government Performance and Results Act of 1993 and other federal financial management reform legislation.[Footnote 27] Further, the Air Force recently reported that any nuclear enterprise funding decisions should be based upon relevant, accurate, consistent, defendable, repeatable, and transparent data and analysis.[Footnote 28] In light of the significance of nuclear assets and two well-publicized events in which control of nuclear weapons was lost, there is now a renewed emphasis on nuclear security, including the allocation of additional resources. However, without a more systematic approach to providing timely, reliable funding data--and therefore visibility and accountability over funding--the Air Force cannot effectively prioritize its nuclear security resources and requirements to develop a sound investment strategy. Conclusions: In an era of scarce resources and competing demands, a risk management approach to nuclear weapons security can provide DOD and DOE managers with necessary tools to help identify and prioritize necessary investments and optimize the security provided to these critical assets. We have identified several areas where DOD can broaden its application of risk management principles and improve its approach to nuclear weapons security. First, the prescriptive nature of DOD's nuclear security policies and guidance combined with a limited emphasis on cost-benefit analysis can result in expenditure of funds on security measures that have not been fully analyzed. Without a requirement to perform cost-benefit analyses and fully consider life cycle costs for alternative nuclear weapons security measures, DOD organizations may not consider the full range of alternatives or may not select the most cost-effective option available. In contrast, we found that DOE's policy for nuclear weapons security provides local officials greater flexibility than DOD's in determining how to meet security standards, and has a greater emphasis on cost-benefit analysis as a part of the decision-making process. Second, the foundation of risk assessment is a comprehensive and current assessment of potential threats, but DOD has not provided installation commanders with clear guidance or the necessary capabilities to develop local threat assessments where nuclear weapons are stored, maintained, or transported. A more comprehensive approach for assessing threats at the local level could enhance DOD security forces' awareness and preparedness. While DOE has recently adopted the new GSP policy, it is too soon to determine whether it will be effective. OST has identified limitations in its threat assessment process and is taking steps to improve its access to available threat information at all levels--local, regional, and national--and the ability to analyze it and how it is used to prepare security measures. OST officials believe that this approach will improve the training and readiness of its security forces. Finally, the Air Force has difficulty effectively managing and overseeing the significant resources planned to improve nuclear weapons security because it lacks sufficient visibility into its nuclear security spending. The establishment of a new major command that will centralize the nuclear enterprise in the Air Force provides an opportunity to enhance the visibility of funding to sustain and improve security. Recommendations for Executive Action: We recommend the Secretary of Defense take the following five actions. To improve DOD's process for evaluating and selecting among alternative security measures, we recommend that the Secretary of Defense direct the: * Deputy Secretary of Defense for Acquisition, Technology and Logistics to modify DOD Directive 5210.41, Security Policy for Protecting Nuclear Weapons, to require alternatives and cost-benefit analyses of nuclear security measures as appropriate and: * Assistant to the Secretary of Defense for Nuclear and Chemical and Biological Defense to modify DOD S-5210.41-M, Nuclear Weapons Security Manual, to provide appropriate guidance to the military services for weighing costs, including life cycle costs, and benefits when considering alternative security measures for nuclear weapons. To improve installation commanders' ability to assess threats where nuclear weapons are stored, maintained, or transported, we recommend that the Secretary of Defense direct the: * Deputy Assistant to the Secretary of Defense for Nuclear Matters to provide more specific guidance on the methodology to develop local threat assessments and: * Secretaries of the Air Force and Navy to provide installation commanders with the capabilities necessary to more fully collect and assess local, regional, and national intelligence information. To more effectively manage its nuclear weapons security program and provide visibility and accountability as the Air Force moves to a new nuclear command structure, we recommend that the Secretary of Defense direct the Secretary of the Air Force to establish a method to centrally manage and track funding associated with nuclear weapons security. Agency Comments and Our Evaluation: In written comments on a draft of this report, DOD partially agreed with four of our recommendations and agreed with one, stating that in some cases, actions were already underway that would address the issues identified in this report. DOD's comments appear in their entirety in appendix V. DOD also provided technical comments, which we have incorporated into the draft as appropriate. DOE also reviewed a draft of this report and had no comments, but provided technical comments, which we have incorporated as appropriate. In response to our recommendation that the Secretary of Defense direct the Under Secretary of Defense (Acquisition, Technology, and Logistics) to modify DOD Directive 5210.41, Security Policy for Protecting Nuclear Weapons, to require alternatives and cost benefit analysis of nuclear security measures, DOD partially agreed. DOD stated that the policy already provides guidance which meets the recommendation's intent and inherently requires the department to examine alternatives in regard to cost benefit. Specifically, DOD noted that the policy states that "physical security requirements associated with nuclear weapons shall take into consideration the affordability and life-cycle costs of a nuclear weapon system." However, as discussed in this report, our review of the policy indicates that, as implemented by the Nuclear Weapons Security Manual (DOD S-5210.41-M), it primarily applies to the research, development, and acquisition process for nuclear weapons systems. It is unclear if or how this requirement applies to the procurement of security systems or equipment. Therefore, we believe that DOD should take additional steps to modify guidance in order to strengthen the requirement for cost-benefit analysis when considering and selecting among alternative nuclear security measures. Regarding our recommendation that the Secretary of Defense direct the Assistant to the Secretary of Defense for Nuclear and Chemical and Biological Defense Programs to modify the Nuclear Weapons Security Manual, DOD S-5210.41-M, to provide appropriate guidance to the Services for weighing costs, including life-cycle costs, and benefits when considering alternative security measures for nuclear weapons, DOD partially agreed. DOD agreed that greater emphasis on costs and benefits and security effectiveness in selecting and implementing nuclear physical security measures is appropriate and stated that this issue is addressed in its proposed revision of the Nuclear Weapons Security Manual. If the changes made to the manual provide clearer guidance for weighing costs and benefits that applies directly to nuclear weapons security, we believe it will address the intent of our recommendation. In its response, DOD further states that this report implies that the Navy relied solely on Nuclear Weapons Security Manual requirements in deciding to replace existing maintenance and storage facilities by building new facilities underground. DOD asserts that the Navy assessed a variety of options and determined that the most cost- effective approach that would meet performance requirements was a hardened, underground structure. However, when we discussed this example with Navy officials during the course of our work, they told us that they made the decision to build the new facility underground because they believe that the Nuclear Weapons Security Manual requires new storage and maintenance facilities to be constructed underground. Further, we asked for documentation supporting any cost benefit analysis that was performed prior to making the decision and Navy officials were unable to provide such documentation. Without any documentation we were unable to verify or evaluate the Navy's claim that it assessed a variety of options or any cost and benefit analysis that may have been completed. Additionally, DOD states that this report notes that the Navy did not include the full life cycle costs in its analysis of alternatives prior to selecting its new Transit Protection System for in-transit SSBNs. DOD states that a 2006 Program Analysis and Evaluation (PA&E) review of the Navy's analysis of alternatives concluded that the system selected provided the most significant benefit when evaluated in terms of deployment time, effectiveness, ability to evolve, impact to SSBN operations and cost. However, PA&E only reviewed the costs the Navy used in making its decision and, as discussed in this report, the Navy's methodology excluded life-cycle costs beyond the Future Years Defense Program and military construction costs for building new facilities to support the new security measures. DOD also partially agreed with our recommendation that the Secretary of Defense direct the Deputy Assistant to the Secretary of Defense for Nuclear Matters to provide more specific guidance on the methodology for developing local threat assessments. While DOD notes that DOD Instruction 2000.16, DOD Antiterrorism Standards, prescribes procedures for conducting annual local threat assessments, it also states that the proposed revision to the Nuclear Weapons Security Manual provides more detailed guidance on preparing local threat assessments at nuclear installations. We believe that if the revision to the manual provides such guidance for installation commanders when published, it will address the intent of our recommendation. The Department also partially agreed with our recommendation that the Secretary of Defense direct the Secretaries of the Air Force and Navy to provide installation commanders with the capabilities necessary to more fully collect and assess local, regional, and national intelligence information. DOD states that a comprehensive study by the Services to determine capability gaps in intelligence collection is needed to determine if installation commanders lack the resources and personnel to meet the requirements or if better, more efficient use of existing resources and personnel is needed. We continue to believe that the capability to fully collect and assess intelligence information from all levels is critical to the installation commanders' ability to assess the threat and localize the threat assessment to his or her installation. While DOD's proposed study is a good first step, we are unable to assess the extent to which such a study addresses our recommendation until it is completed and actions identified. Therefore, we believe that our recommendation is still warranted. Finally, DOD agreed with our recommendation that the Secretary of Defense direct the Secretary of the Air Force to establish a method to centrally manage and track funding associated with nuclear weapons security. However, the department did not specify any actions that it plans to take to address this recommendation. As a result, we have no basis for determining whether it will take steps to address the intent of our recommendation. We believe our recommendation is still warranted. We are sending copies of this report to the Secretary of Defense and interested congressional committees. In addition, the report will be available at no charge on GAO's Web site at [hyperlink, http://www.gao.gov]. If you or your staffs have any questions about this report, please contact Davi M. D'Agostino at (202) 512-5431 or dagostinod@gao.gov or Gene Aloise at (202) 512-6870 or aloisee@gao.gov. Contact points for our Offices of Congressional Relations and Public Affairs may be found on the last page of this report. Other major contributors to this product are listed in appendix VI. Signed by: Davi M. D'Agostino: Director, Defense Capabilities and Management: Signed by: Gene Aloise: Director, Natural Resources and Environment: [End of section] Appendix I: Scope and Methodology: To evaluate and compare the Department of Defense's (DOD) and Department of Energy's (DOE) policies and procedures and guidance including how they are interpreted and applied by the major organizations within each department that handle nuclear weapons and the extent to which each department requires alternatives and cost- benefit analyses, we obtained and compared DOD's and DOE's nuclear security policies and procedures; visited several sites that store, maintain, or transport fully assembled nuclear weapons; and interviewed DOD, DOE, Air Force, and Navy officials at headquarters and relevant field locations. We analyzed policies, guidance, and implementation manuals that instruct DOD installations and DOE sites in their nuclear security practices. (Table 3 lists the specific polices, procedures, and guidance that we analyzed.) Table 3: List of Nuclear Security Policies, Procedures, and Guidance Documents Analyzed: Department: Office of the President; Number (date): NSPD-28 (June 20, 2003); Title: National Security Presidential Directive 28. Department: Department of Defense; Number (date): DODD 2000.12 (Aug. 18, 2003); Title: DOD Antiterrorism Program. Department: Department of Defense; Number (date): DOD O 2000.12-H (February 2004); Title: DOD Antiterrorism Handbook. Department: Department of Defense; Number (date): DODI 2000.16 (Oct. 2, 2006); Title: DOD Antiterrorism Standards. Department: Department of Defense; Number (date): DODD 5210.41 (Nov. 1, 2004); Title: Security Policy for Protecting Nuclear Weapons. Department: Department of Defense; Number (date): DOD S-5210.41-M (Nov. 22, 2004); Title: Nuclear Weapons Security Manual. Department: Department of Defense; Number (date): (July 30, 2008); Title: Nuclear Weapons Physical Security Roadmap, 2008-2018. Department: Department of Defense; Number (date): (December 2005); Title: Nuclear Security Threat Capability Assessment 2005 to 2015 (NSTCA). Department: Department of Defense; Number (date): (Mar. 17, 2006); Title: NSTCA Transmittal Memorandum. Department: Department of the Air Force; Number (date): Air Force Manual 31-108 (Feb. 1, 2007); Title: Nuclear Weapon Security Manual. Department: Department of the Air Force; Number (date): [Empty]; Title: Analysis of Alternatives for U.S. Air Force/A7S Program Objective Memorandum Fiscal Year 10 Submission. Department: Air Combat Command; Number (date): Air Force Manual 31-108, Air Combat Command Supplement; Title: Nuclear Weapon Security Manual. Department: Air Force Materiel Command; Number (date): Air Force Manual 31-108, Air Force Materiel Command Supplement; Title: Nuclear Weapon Security Manual. Department: Air Force Space Command; Number (date): Air Force Space Command Instruction 31-1101; Title: Intercontinental Ballistic Missile (ICBM) Systems Security Standard. Department: Navy; Number (date): Secretary of the Navy Instruction S8126.1 (Apr. 4, 2006); Title: Naval Nuclear Security Policy. Department: Department of Energy; Number (date): DOE P 226.1 (May 25, 2007); Title: DOE Oversight Policy. Department: Department of Energy; Number (date): DOE 470.3A (Nov. 29, 2005); Title: Design Basis Threat Policy. Department: Department of Energy; Number (date): DOE M 413.3-1 (Mar. 28, 2003); Title: Project Management for the Acquisition of Capital Assets. Department: Department of Energy; Number (date): DOE P 470.1 (May 8, 2001); Title: Integrated Safeguards and Security Management Policy. Department: Department of Energy; Number (date): DOE M 470.4-1 (Aug. 26, 2005); Title: Safeguards and Security Planning and Management Manual. Department: Department of Energy; Number (date): DOE M 470.4-2 (Aug. 26, 2005); Title: Physical Protection. Department: Department of Energy; Number (date): DOE O 470.2 B (Oct. 31, 2002); Title: Independent Oversight & Performance Assurance Program. Department: Department of Energy; Number (date): DOE M 470.4-3 (Aug. 26, 2005); Title: Protective Force. Department: Department of Energy; Number (date): DOE M 470.4-5 (Aug. 26, 2005); Title: Personnel Security. Department: Department of Energy; Number (date): DOE M 470.4-6 (Aug. 26, 2005); Title: Nuclear Material Control and Accountability. Department: Department of Energy; Number (date): DOE O 470.3B (Aug. 12, 2008); Title: Graded Security Protection Policy. Department: Department of Energy; Number (date): (Sept. 30, 2004); Title: Vulnerability Assessment Process Guide. Department: National Nuclear Security Administration; Number (date): (Oct. 2006); Title: Defense Nuclear Security Strategic Plan. Department: National Nuclear Security Administration; Number (date): (Apr. 2008); Title: Strategic Planning Guidance. Department: National Nuclear Security Administration; Number (date): (Dec. 2007); Title: Draft Complex Transformation Supplemental Programmatic Environmental Impact Statement. Department: National Nuclear Security Administration; Number (date): (Mar. 21, 2009); Title: Defense Nuclear Security Program Executing Guidance. Source: GAO analysis. [End of table] We reviewed DOD and DOE's policies, procedures, and guidance to identify differences in their approaches to achieve desired security levels for nuclear weapons. We also visited four DOD installations and two DOE sites to meet with knowledgeable officials and discuss and observe the nuclear security procedures and practices in place at each facility. For security reasons, we do not discuss location-specific information in this report. In addition, we met with headquarters DOD and DOE officials to obtain their perspectives on how nuclear security policies and procedures are applied. Specifically, we met with officials from the following DOD organizations: Office of the Deputy Assistant to the Secretary of Defense for Nuclear Matters; Office of the Under Secretary of Defense for Intelligence; Office of Assistant Secretary of Defense for Special Operations and Low-Intensity Conflict; Defense Threat Reduction Agency; Defense Intelligence Agency; Navy Strategic Systems Program Office; Office of Naval Intelligence; Naval Criminal Investigative Service; Air Force Intelligence Directorate; Air Force Office of Special Investigation; Air Force Operations and Force Protection Division; and Air Force Space Command. We also met with DOE officials from the Office of Intelligence and Counterintelligence and three offices within the Office of Health, Safety, and Security: Office of Security Technology and Assistance, Office of Security Assistance, and Office of Security Policy. To evaluate the extent to which DOD and DOE apply risk management principles in their approach to establishing nuclear security measures, we compared DOD, DOE, Air Force, and Navy policies, procedures, site security plans, and any related cost-benefit analyses to commonly accepted elements of risk management. Specifically, we assessed each organization's approach to identify the extent to which it addresses strategic goals and objectives, risk assessments (threat, vulnerability, and criticality assessments), evaluating and selecting alternative courses of actions to mitigate risk, and management oversight. We also met with DOD and DOE officials to discuss how they implemented the risk management principles to protect nuclear assets from terrorist attack. Specifically, we met with officials from the following DOD organizations: Office of the Deputy Assistant to the Secretary of Defense for Nuclear Matters; Office of the Under Secretary of Defense for Intelligence; Office of Assistant Secretary of Defense for Special Operations and Low-Intensity Conflict; and Air Force Operations and Force Protection Division. We also discussed the application of risk management principles with officials at Air Force Space Command, and at two Air Force installations we visited. In addition, we met with DOE officials from the OST and three offices within the Office of Health, Safety, and Security: Office of Security Technology and Assistance, Office of Security Assistance, and Office of Security Policy. To determine DOD and DOE's total funding requirements for securing nuclear weapons, we obtained and analyzed funding data related to nuclear weapons security from DOD and DOE for fiscal years 2006 through 2013. Specifically, we obtained information relating to the amount of funds received for fiscal years 2006 through 2008 and the amount programmed for fiscal years 2009 to 2013, as of the President's fiscal year 2008 budget. To assess the reliability of this information, we obtained and analyzed funding information by funding category for each of the four organizations in our review.[Footnote 29] We also met with budget officials from the Air Force, Navy, OST, and Pantex to discuss the reliability of the data. Using the 2008 funding information obtained from the four organizations, we selected a nonprobability sample of three estimated funding requirements for each of the organizations, obtained source documentation for each funding requirement, and compared it to each of the sample funding estimates. Both the Navy and OST provided source documentation supporting the funding requirement represented by each sample item to within 97 percent. Pantex provided source documentation supporting the funding requirement represented by one sample item to within 95 percent. Although Pantex officials did not provide detailed documentation supporting the other two sample items selected, they were able to provide reports of independent reviews of the systems used to produce the estimated funding requirements, to include reviews by the National Nuclear Security Administration. The reports supported the reliability of the Pantex systems used to produce the funding requirements information. Conversely, the Air Force was unable to provide supporting documentation for three selected funding requirements from the President's fiscal year 2008 budget or any independent reviews of the systems used to produce the funding estimate. We updated our analysis with data from the President's fiscal year 2009 budget, which are used throughout this report for all four organizations. Therefore, we selected another nonprobability sample of four funding requirements from the Air Force's fiscal year 2009 estimate. The Air Force provided source documentation supporting the funding requirement for three sample items to within 96 percent of the estimate. It was unable to provide source documentation for one item. The Air Force's inability to provide source documentation for the 2008 funding requirements and one of the four requested 2009 funding requirements raised questions for us regarding the reliability of the Air Force data reporting process, though we found only minor discrepancies with the three 2009 funding requirements where we were able to examine source documentation. Overall, we found the funding requirements data obtained from each of the four organizations in our review to be sufficiently reliable for our purposes. We conducted this performance audit from November 2007 to April 2009 in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives. [End of section] Appendix II: DOD and DOE Policy Framework: DOD and DOE have each established their own nuclear weapons security policy framework that seeks to meet national requirements and spells out specific minimum standards for sites to implement. National Security Presidential Directive 28 requires DOD and DOE to establish policies, procedures, and systems to deny access by unauthorized personnel to nuclear weapons and warheads. Tables 4 and 5 outline DOD's and DOE's frameworks for nuclear weapons security, respectively, from high-level policies to implementation manuals. Table 4: DOD's Nuclear Weapons Security Policy Framework: Issuing organization: DOD (Defense Intelligence Agency); Document: Nuclear Security Threat Capabilities Assessment; Description: DOD's national-level threat assessment that establishes security objectives and seeks to identify the greatest threats to DOD installations. Issuing organization: DOD; Document: Security Policy for Protecting Nuclear Weapons (Directive 5210.41); Description: Establishes DOD's policy for nuclear weapons security. Issuing organization: DOD; Document: Nuclear Weapons Security Manual (5210.41-M); Description: DOD's implementing guidance that sets minimum standards for nuclear weapons security at DOD installations. Issuing organization: Air Force; Document: Air Force Manual 31-108; Description: Air Force's supplemental guidance that instructs its installations on meeting standards set in DOD's 5210.41-M. Issuing organization: Air Force; Document: Major command guidance; Description: Each of Air Force's major commands published guidance that provides its respective installations with additional instruction AFMAN 31-108 and 5210.41-M. Issuing organization: Navy; Document: Naval Nuclear Security Policy (Secretary of the Navy Instruction 8126.1); Description: Navy's supplemental guidance that instructs its installations on meeting standards set in DOD's 5210.41-M. Source: GAO analysis of DOD information. [End of table] Table 5: DOE's Nuclear Weapons Security Policy Framework: Issuing organization: DOE; Document: Graded Security Protection (DOE O 470.3B); Description: DOE's national-level threat policy that identifies the threats and their capabilities to DOE's entities that store, maintain, or transport nuclear material or components. OST's and Pantex's security systems must meet the threats defined in the GSP, at a minimum. Issuing organization: DOE; Document: Integrated Safeguards and Security Management Policy (P470.1); Description: DOE's policy that establishes a framework of requirements and guidance for implementing safety and security standards, including those for nuclear weapons. Issuing organization: DOE; Document: M 470 series of implementation manuals; Description: A series of manuals that provide specific requirements and guidance for implementing security standards. Source: GAO analysis of DOE information. [End of table] To address the requirements of NSPD-28 and provide implementation guidance, DOD and DOE have issued policies and guidance for their respective sites to follow when securing nuclear weapons. To respond to NSPD-28, DOD updated its security policy and provided implementation guidance to the services by revising the Security Policy for Protecting Nuclear Weapons (Directive 5210.41) and the Nuclear Weapons Security Manual (5210.41-M) in November 2004. In addition, DOD, in cooperation with the Defense Intelligence Agency, published a new assessment of the threats to nuclear weapons in the Nuclear Security Threat Capabilities Assessment (NSTCA) in December 2005. To supplement DOD's Nuclear Weapons Security Manual, both Air Force and Navy published additional guidance for installations under their command. Additionally, Air Force's major commands published implementing instructions for their respective sites that handle nuclear weapons. Together, these documents establish DOD's security policy and an implementation framework for securing nuclear weapons; describe nuclear security policy, objectives, and concepts; and prescribe minimum security standards for protecting nuclear weapons. For example, DOD's manual prescribes specific minimum security standards that must be met at each installation that stores, maintains, or transports nuclear weapons. DOE's recently updated nuclear weapons threat policy--the Graded Security Protection (GSP) policy--and the safeguards and security policy establish DOE's framework for securing nuclear weapons and other materials.[Footnote 30] These policies are further detailed in a series of DOE implementation manuals that provide specific requirements and guidance, including the Safeguards and Security Program Planning and Management Manual (M 470.4-1), the Physical Protection Manual (M 470.4- 2), and the Protective Force Manual (M 470.4-3). For example, the Safeguards and Security Program and Planning Management Manual establishes standards for documenting a site's security plan. According to DOE officials, they are reviewing security requirements to provide a more consistent and integrated set of policies. OST and Pantex are also currently developing implementation plans and finalizing the updates of their security plans. [End of section] Appendix III: Air Force and Navy Operating Environments for Nuclear Weapons: Air Force operating environments: Launch facility; Operating environment definitions: These facilities consist of underground missile silos and associated support facilities. Air Force operating environments: Off-base convoy; Operating environment definitions: Off-base convoys are conducted to move reentry vehicles from weapons storage areas to launch facilities and vice versa. Convoys transit base, local, state, and federal interstate routes, both paved and dirt/gravel. Air Force operating environments: On-base convoy; Operating environment definitions: On-base convoys are conducted to move nuclear weapons from weapons storage areas to aircraft. These movements transit paved roads, and distances traveled are generally limited to a few miles or shorter. Air Force operating environments: Prime nuclear airlift force (PNAF); Operating environment definitions: PNAFs take place in conjunction with on-base convoys and may deliver nuclear weapons to or remove them from aircraft. Air Force operating environments: Aircraft (bomber) generation; Operating environment definitions: Aircraft generation[A] takes place in conjunction with on-base convoys and may deliver or remove nuclear weapons. Air Force operating environments: Weapons storage area; Operating environment definitions: This kind of above-ground weapons storage area is located on select Air Force bases and contains hardened, alarmed storage bunkers, called igloos, for storing nuclear weapons. Air Force operating environments: Underground storage area; Operating environment definitions: The underground storage area stores weapons in hardened, alarmed underground storage bunkers. Air Force operating environments: Weapons storage and security (WS3)/MUNS; Operating environment definitions: The WS3/MUNS systems are a series of underground vaults located within hardened/protective aircraft shelters in a foreign country; this environment does not exist in the United States. Host nations provide security within the MUNS environment. Navy operating environments: Limited area; Operating environment definitions: The limited area is a heavily guarded area away from the waterfront where nuclear weapons are received, processed, maintained, stored, and shipped. Navy operating environments: Convoy route; Operating environment definitions: The convoy route area includes and bounds the path that mated Trident missiles take when they are transported between the limited area and the wharf for ballistic missile submarine off-loading and on-loading. The convoy route also includes the dockside handling building and a landside waterfront facility where the missiles are prepared for installation on a Trident nuclear-powered submarine (SSBN). Navy operating environments: Waterfront and harbor; Operating environment definitions: The waterfront and harbor area encompasses the waterfront restricted area and all landside and harbor countermeasures that provide security for moored SSBNs. Navy operating environments: SSBN transit; Operating environment definitions: The SSBN transit environment includes countermeasures that provide security for SSBNs while they are en route between the harbor and the dive/surface point. Source: DOD information. [A] Aircraft generation is an operational situation when nuclear forces are ordered to regenerate to alert status or where forces are reestablished to an operational status. This applies to forces that are not in this posture as a normal (day-to-day peacetime) practice. [End of table] [End of section] Appendix IV: Nuclear Weapons Security Funding for the Air Force, Navy, OST, and Pantex: DOD and DOE have estimated the funds required to protect nuclear weapons to be approximately $11.1 billion for fiscal years 2006 through 2013.[Footnote 31] The nuclear weapons security funding requirements estimated by each of the organizations in our review--Air Force, Navy, OST, and Pantex--are presented in greater detail below. Total Funding to Protect Air Force Nuclear Assets Is $4.7 Billion: DOD has estimated the funds required to protect the Air Force stockpile of nuclear weapons to be about $ 4.7 billion for fiscal years 2006 through 2013, as shown in table 6. Table 6: Total Estimated Air Force Nuclear Weapons Security Funding Requirements for Fiscal Years 2006 through 2013: Appropriation: Military personnel; FY 2006: $454.9 million; FY 2007: $462.3 million; FY 2008: $473.6 million; FY 2009: $417.4 million; FY 2010: $423.7 million; FY 2011: $439.0 million; FY 2012: $456.7 million; FY 2013: $471.4 million; Total: $3,599.0 million. Appropriation: Weapons procurement; FY 2006: $40.8 million; FY 2007: $79.1 million; FY 2008: $98.9 million; FY 2009: $93.7 million; FY 2010: $80.8 million; FY 2011: $27.4 million; FY 2012: $24.5 million; FY 2013: $19.2 million; Total: $464.4 million. Appropriation: Operations and maintenance (equipment); FY 2006: $42.0 million; FY 2007: $48.4 million; FY 2008: $71.9 million; FY 2009: $51.7 million; FY 2010: $43.7 million; FY 2011: $51.0 million; FY 2012: $44.7 million; FY 2013: $45.4 million; Total: $398.8 million. Appropriation: Other procurement; FY 2006: $22.4 million; FY 2007: $11.1 million; FY 2008: $3.7 million; FY 2009: $16.6 million; FY 2010: $22.3 million; FY 2011: $18.0 million; FY 2012: $11.4 million; FY 2013: $5.5 million; Total: $111.0 million. Appropriation: Operations and maintenance (civilian pay); FY 2006: $5.2 million; FY 2007: $5.4 million; FY 2008: $5.5 million; FY 2009: $6.1 million; FY 2010: $7.5 million; FY 2011: $7.9 million; FY 2012: $8.3 million; FY 2013: $8.6 million; Total: $54.5 million. Appropriation: Aircraft procurement; FY 2006: $3.1 million; FY 2007: $8.6 million; FY 2008: $4.9 million; FY 2009: $4.4 million; FY 2010: $1.1 million; FY 2011: $1.1 million; FY 2012: $1.2 million; FY 2013: $1.2 million; Total: $25.6 million. Appropriation: Munitions; FY 2006: $1.9 million; FY 2007: $2.1 million; FY 2008: $2.3 million; FY 2009: $3.2 million; FY 2010: $3.3 million; FY 2011: $3.4 million; FY 2012: $3.5 million; FY 2013: $3.5 million; Total: $23.2 million. Appropriation: Military construction; FY 2006: 0.0; FY 2007: 0.0; FY 2008: 0.0; FY 2009: 0.0; FY 2010: 0.0; FY 2011: 0.0; FY 2012: $4.6 million; FY 2013: 0.0; Total: $4.6 million. Appropriation: Total; FY 2006: $570.3 million; FY 2007: $617.0 million; FY 2008: $660.8 million; FY 2009: $593.1 million; FY 2010: $582.4 million; FY 2011: $547.8 million; FY 2012: $554.9 million; FY 2013: $554.8 million; Total: $4,681.1 million. Source: GAO analysis of Air Force information. [End of table] Total Funding to Protect Navy Nuclear Assets is $3.4 Billion: DOD has estimated the funds required to protect the Navy arsenal of nuclear weapons to be about $3.4 billion for fiscal years 2006 through 2013, as shown in table 7.[Footnote 32] Table 7: Total Estimated Navy Nuclear Weapons Security Funding Requirements for Fiscal Years 2006 through 2013: Appropriation: Operations and maintenance; FY 2006: $99.7 million; FY 2007: $150.1 million; FY 2008: $150.5 million; FY 2009: $171.9 million; FY 2010: $167.1 million; FY 2011: $166.5 million; FY 2012: $169.8 million; FY 2013: $173.3 million; Total: $1,248.9 million. Appropriation: Military construction; FY 2006: $94.3 million; FY 2007: $48.1 million; FY 2008: $39.8 million; FY 2009: $50.7 million; FY 2010: $133.7 million; FY 2011: $309.0 million; FY 2012: $44.6 million; FY 2013: $56.0 million; Total: $776.2 million. Appropriation: Other procurement; FY 2006: $112.7 million; FY 2007: $41.1 million; FY 2008: $53.1 million; FY 2009: $52.9 million; FY 2010: $33.9 million; FY 2011: $27.3 million; FY 2012: $95.9 million; FY 2013: $97.8 million; Total: $514.7 million. Appropriation: Marine Corps manpower; FY 2006: $39.6 million; FY 2007: $40.8 million; FY 2008: $42.1 million; FY 2009: $45.7 million; FY 2010: $47.1 million; FY 2011: $48.5 million; FY 2012: $49.9 million; FY 2013: $51.4 million; Total: $365.1 million. Appropriation: Navy manpower; FY 2006: $23.3 million; FY 2007: $29.2 million; FY 2008: $30.1 million; FY 2009: $40.0 million; FY 2010: $41.2 million; FY 2011: $42.4 million; FY 2012: $43.7 million; FY 2013: $45.0 million; Total: $294.9 million. Appropriation: Weapons procurement; FY 2006: $5.1 million; FY 2007: 0.0; FY 2008: $7.0 million; FY 2009: $45.4 million; FY 2010: $44.3 million; FY 2011: $31.2 million; FY 2012: 0.0; FY 2013: 0.0; Total: $133.0 million. Appropriation: Research, development testing and evaluation; FY 2006: 0.0; FY 2007: $41.9 million; FY 2008: $5.8 million; FY 2009: $0.9 million; FY 2010: $0.9 million; FY 2011: 0.0; FY 2012: 0.0; FY 2013: 0.0; Total: $49.5 million. Appropriation: Total; FY 2006: $374.7 million; FY 2007: $351.2 million; FY 2008: $328.4 million; FY 2009: $407.5 million; FY 2010: $468.2 million; FY 2011: $624.9 million; FY 2012: $403.9 million; FY 2013: $423.5 million; Total: $3,382.3 million. Source: GAO analysis of Navy information. [End of table] Total Funding to Protect OST's Nuclear Assets is $1.9 Billion: For fiscal years 2006 through 2013, DOE has estimated the funds required to protect fully assembled nuclear weapons and other nuclear material and components that OST transports from one location to another to be over $1.9 billion, as shown in table 8. Table 8: Total Estimated OST Nuclear Weapons Security Funding Requirements for Fiscal Years 2006 through 2013: Subprogram: Mission capacity; FY 2006: $121.0 million; FY 2007: $117.0 million; FY 2008: $122.7 million; FY 2009: $123.0 million; FY 2010: $149.8 million; FY 2011: $160.0 million; FY 2012: $165.2 million; FY 2013: $166.1 million; Total: $1,124.8 million. Subprogram: Program management; FY 2006: $39.7 million; FY 2007: $47.0 million; FY 2008: $46.6 million; FY 2009: $48.2 million; FY 2010: $52.6 million; FY 2011: $54.1 million; FY 2012: $56.9 million; FY 2013: $58.0 million; Total: $403.1 million. Subprogram: Infrastructure; FY 2006: $26.1 million; FY 2007: $28.7 million; FY 2008: $24.0 million; FY 2009: $28.0 million; FY 2010: $25.1 million; FY 2011: $30.2 million; FY 2012: $30.7 million; FY 2013: $30.5 million; Total: $223.3 million. Subprogram: Security/safety capability; FY 2006: $23.1 million; FY 2007: $16.5 million; FY 2008: $23.6 million; FY 2009: $21.8 million; FY 2010: $23.8 million; FY 2011: $21.8 million; FY 2012: $22.1 million; FY 2013: $22.1 million; Total: $174.8 million. Subprogram: Total; FY 2006: $209.9 million; FY 2007: $209.2 million; FY 2008: $216.9 million; FY 2009: $221.0 million; FY 2010: $251.3 million; FY 2011: $266.1 million; FY 2012: $274.9 million; FY 2013: $276.7 million; Total: $1,926.0 million. Source: GAO analysis of OST information. Note: The budget for each subprogram also includes Program Direction funding requirements, which include the funding requirement for personnel, such as salaries and benefits, travel, and other related expenses. [End of table] Total Funding to Protect Nuclear Assets at Pantex is $1.1 Billion: DOE has estimated the funds required to protect fully assembled nuclear weapons and other nuclear material and components at Pantex for fiscal years 2006 through 2013 to be about $1.1 billion, as shown in table 9. Table 9: Total Estimated Pantex Nuclear Weapons Security Funding Requirements for Fiscal Years 2006 through 2013: Program: Protective forces; FY 2006: $90.3 million; FY 2007: $92.5 million; FY 2008: $100.3 million; FY 2009: $105.5 million; FY 2010: $117.6 million; FY 2011: $117.6 million; FY 2012: $123.5 million; FY 2013: $117.0 million; Total: $864.3 million. Program: Physical security systems; FY 2006: $6.9 million; FY 2007: $7.3 million; FY 2008: $10.3 million; FY 2009: $4.8 million; FY 2010: $8.7 million; FY 2011: $10.2 million; FY 2012: $9.7 million; FY 2013: $20.0 million; Total: $77.9 million. Program: Design Basis Threat security enhancements; FY 2006: $14.7 million; FY 2007: $9.1 million; FY 2008: $25.5 million; FY 2009: 0.0; FY 2010: 0.0; FY 2011: 0.0; FY 2012: 0.0; FY 2013: 0.0; Total: $49.3 million. Program: Program management and support; FY 2006: $3.0 million; FY 2007: $4.3 million; FY 2008: $5.3 million; FY 2009: $6.9 million; FY 2010: $4.7 million; FY 2011: $5.7 million; FY 2012: $5.5 million; FY 2013: $5.7 million; Total: $41.1 million. Program: Information protection; FY 2006: $3.7 million; FY 2007: $4.4 million; FY 2008: $4.5 million; FY 2009: $3.4 million; FY 2010: $0.3 million; FY 2011: $4.6 million; FY 2012: $4.5 million; FY 2013: $4.6 million; Total: $30.0 million. Program: Materials control and accountability; FY 2006: $3.3 million; FY 2007: $3.3 million; FY 2008: $3.7 million; FY 2009: $3.2 million; FY 2010: $3.7 million; FY 2011: $3.6 million; FY 2012: $3.5 million; FY 2013: $3.6 million; Total: $27.9 million. Program: Personnel security program; FY 2006: $1.1 million; FY 2007: $1.1 million; FY 2008: $1.2 million; FY 2009: $1.6 million; FY 2010: $0.1 million; FY 2011: $1.1 million; FY 2012: $1.1 million; FY 2013: $1.1 million; Total: $8.4 million. Program: Total; FY 2006: $123.0 million; FY 2007: $122.0 million; FY 2008: $150.8 million; FY 2009: $125.4 million; FY 2010: $135.1 million; FY 2011: $142.8 million; FY 2012: $147.8 million; FY 2013: $152.0 million; Total: $1,098.9 million. Source: GAO analysis of Pantex information. [End of table] [End of section] Appendix V: Comments from the Department of Defense: Assistant To The Secretary Of Defense: Nuclear And Chemical And Biological Defense Programs: 3050 Defense Pentagon: Washington, DC 20301-3050: April 20, 2009: Ms. Davi M. D'Agostino: Director, Defense Capabilities and Management: U.S. Government Accountability Office: 441 G Street, N.W. Washington, DC 20548: Dear Ms. D'Agostino: This is the Department of Defense (DOD) response to the GAO draft report, GAO-09-463, "Homeland Defense: Greater Focus on Analysis of Alternatives and Threats Needed to Improve DoD's Strategic Nuclear Weapons Security," dated March 20, 2009 (GAO Code 351119). The Department provides the enclosed comments. Detailed technical comments were provided separately. If you need additional information, please do not hesitate to call me at 703-697-3060. The point of contact for this matter is Colonel Patrick Vetter, Office of the Deputy Assistant to the Secretary of Defense (Nuclear Matters), 703-697-7130, patrick.vetter@osd.mil. Signed by: Steve Henry: Deputy Assistant to the Secretary of Defense (Nuclear Matters): Enclosure: As stated: [End of letter] GAO Draft Report - Dated March 20, 2009: GAO Code 351119/GAO-09-463: "Homeland Defense: Greater Focus on Analysis of Alternatives and Threats Needed to Improve DoD's Strategic Nuclear Weapons Security" Department Of Defense Comments To The Recommendations: Recommendation 1: The GAO recommends that the Secretary of Defense direct the Under Secretary of Defense (Acquisition, Technology and Logistics), to modify DoD Directive 5210.41, Security Policy for Protecting Nuclear Weapons, to require alternatives and cost benefit analysis of nuclear security measures as appropriate. DOD Response: Partially concur. DoD Directive 5210.41, Security Policy for Protecting Nuclear Weapons, provides guidance which meets the recommendation's intent. Paragraph 4.8 states: "physical security requirements associated with nuclear weapons shall take into consideration the affordability and life-cycle costs of a nuclear weapon system." In its current form, this policy statement inherently requires the department to examine alternatives in regard to cost benefit. Recommendation 2: The GAO recommends that the Secretary of Defense direct the Assistant to the Secretary of Defense for Nuclear and Chemical and Biological Defense Programs to modify DoD S-5210.41-M, Nuclear Weapons Security Manual, to provide appropriate guidance to the Services for weighing costs, including life-cycle costs, and benefits when considering alternative security measures for nuclear weapons. DOD Response: Partially concur. DoD S-5210.41-M. Nuclear Weapons Security Manual, is intended to implement the policy established in the governing DoD Directive 5210.41, Security Policy for Protecting Nuclear Weapons. It establishes specific requirements to meet the Nuclear Weapons Security Standard delineated in National Security Presidential Directive 28. Paragraph C3.1.9 of DoD S-5210.41-M dictates that system security consideration and updating of existing security systems should be integrated into the system engineering process, consistent with mission requirements and cost effectiveness consistent with DoD Directive 5000.01, The Defense Acquisition System, and DoD Instruction 5000.2, Operation of the Defense Acquisition System. Additionally, DoD S-5210.41-M Chapter 10 provides instructions on deviating from established requirements while providing the equivalent levels of security through other means. To support this recommendation, the report implies, on page 13, the Navy relied solely upon DoD S-5210.41-M requirements in building an underground maintenance and storage facility. The Navy assessed a variety of options from a performance perspective and determined the most cost effective approach that would meet performance requirements was a hardened, underground structure. As further support for this recommendation, the report notes the Navy failed to include costs for the entire life cycle of their Ship, Submersible, Ballistic, Nuclear (SSBN) transit protection system (TPS). A 2006 PA&E review of TPS alternatives concluded that the TPS selection which provided the most significant benefit when evaluated in terms of deployment time, effectiveness, ability to evolve, impact to SSBN operations and cost was the system selected by the Navy. However, greater emphasis on cost-benefit and security effectiveness in selection and implementation of nuclear physical security measures is appropriate. This issue is addressed in the proposed revised DoD S- 5210.41-M. Recommendation 3: The GAO recommends that the Secretary of Defense direct the Deputy Assistant to the Secretary of Defense for Nuclear Matters (DATSD(NM)) to provide more specific guidance on the methodology to develop local threat assessments. DOD Response: Partially concur. DoD Instruction 2000.16, DOD Antiterrorism (AT) Standards paragraph E3.4 prescribes procedures for conducting an annual local threat assessment. The proposed revision to DoD S-5210.41-M, provides more detailed guidance on preparing local threat assessments at nuclear installations. Recommendation 4: The GAO recommends that the Secretary of Defense direct the Secretaries of the Navy and Air Force to provide installation commanders with the capabilities necessary to more fully collect and assess local, regional, and national intelligence information. DOD Response: Partially concur. A comprehensive study by the Services to determine capability gaps in intelligence collection is needed to determine if installation commanders lack resources and personnel to meet requirements or better, more efficient use of existing resources and personnel is needed. Recommendation 5: The GAO recommends that the Secretary of Defense direct the Secretary of the Air Force to establish a method to centrally manage and track funding associated with nuclear weapons security. DOD Response: Concur. [End of section] Appendix VI: GAO Contact and Staff Acknowledgments: GAO Contacts: Davi D'Agostino (202) 512-5431 or dagostinod@gao.gov: Gene Aloise (202) 512-6870 or aloisee@gao.gov: Staff Acknowledgments: In addition to the contacts named above Ryan T. Coles, Assistant Director; Robert L. Repasky, Assistant Director; Steven D. Boyles; Grace A. Coleman; Penney M. Harwell Caramia; Wyatt R. Hundrup; Ronald La Due Lake; Gregory A. Marchand; and Charles W. Perdue also made key contributions to this report. [End of section] Related GAO Products: Nuclear Security: Nuclear Safety: Department of Energy Needs to Strengthen Its Independent Oversight of Nuclear Facilities and Operations. [hyperlink, http://www.gao.gov/products/GAO-09-61]. Washington, D.C.: October 23, 2008. Los Alamos National Laboratory: Information on Security of Classified Data, Nuclear Material Controls, Nuclear and Worker Safety, and Project Management Weaknesses. [hyperlink, http://www.gao.gov/products/GAO-08-173R]. Washington, D.C.: January 10, 2008. Nuclear Security: DOE's Office of the Under Secretary for Energy, Science and Environment Needs to Take Prompt, Coordinated Action to Meet the New Design Basis Threat. [hyperlink, http://www.gao.gov/products/GAO-05-611]. Washington, D.C.: July 15, 2005. Nuclear Security: DOE Needs to Resolve Significant Issues Before It Fully Meets the New Design Basis Threat. [hyperlink, http://www.gao.gov/products/GAO-04-623]. Washington, D.C.: April 27, 2004. Nuclear Security: NNSA Needs to Better Manage Its Safeguards and Security Program. [hyperlink, http://www.gao.gov/products/GAO-03-471]. Washington, D.C.: May 30, 2003. Nuclear Security: Lessons to Be Learned from Implementing NNSA's Security Enhancement., [hyperlink, http://www.gao.gov/products/GAO-02-358]. Washington, D.C.: March 29, 2002. Nuclear Security: Security Issues At DOE and Its Newly Created National Nuclear Security Administration. [hyperlink, http://www.gao.gov/products/GAO/T-RCED-00-123]. Washington, D.C.: March 14, 2000. Nuclear Security: Improvements Needed in DOE's Safeguards and Security Oversight. [hyperlink, http://www.gao.gov/products/GAO/RCED-00-62]. Washington, D.C.: February. 24, 2000. Risk Management: Risk Management: Strengthening the Use of Risk Management Principles in Homeland Security. [hyperlink, http://www.gao.gov/products/GAO-08- 904T]. Washington, D.C.: June 25, 2008. Homeland Security: Applying Risk Management Principles to Guide Federal Investments. [hyperlink, http://www.gao.gov/products/GAO-07-386T]. Washington, D.C.: February 7, 2007. Risk Management: Further Refinements Needed to Assess Risks and Prioritize Protective Measures at Ports and Other Critical Infrastructure. [hyperlink, http://www.gao.gov/products/GAO-06-91]. Washington, D.C.: December 15, 2005. Defense Management: Additional Actions Needed to Enhance DOD's Risk- Based Approach for Making Resource Decisions. [hyperlink, http://www.gao.gov/products/GAO-06-13]. Washington, D.C.: November 15, 2005. Combating Terrorism: Threat and Risk Assessments Can Help Prioritize and Target Program Investments. [hyperlink, http://www.gao.gov/products/GAO/NSIAD-98-74]. Washington, D.C.: April 9, 1998. Homeland Security: Homeland Security: Challenges and Strategies in Addressing Short-and Long-Term National Needs. [hyperlink, http://www.gao.gov/products/GAO-02-160T]. Washington, D.C.: November 7, 2001. Government Performance and Results Act of 1993: 21st Century Challenges: Performance Budgeting Could Help Promote Necessary Reexamination. [hyperlink, http://www.gao.gov/products/GAO-05-709T]. Washington, D.C.: June 14, 2005. Best Practices: GAO Cost Estimating and Assessment Guide: Best Practices for Developing and Managing Capital Program Costs. [hyperlink, http://www.gao.gov/products/GAO-09-3SP]. Washington, D.C.: March 2009. [End of section] Footnotes: [1] The following GAO reports address problems with DOE's security that we have identified in the past: GAO, Nuclear Security: Improving Correction of Security Deficiencies at DOE's Weapons Facilities, [hyperlink, http://www.gao.gov/products/GAO/RCED-93-10] (Washington, D.C.: Nov. 16, 1992); Nuclear Security: Improvements Needed in DOE's Safeguards and Security Oversight, [hyperlink, http://www.gao.gov/products/GAO/RCED-00-62] (Washington, D.C.: Feb. 24, 2000); Nuclear Security: Lessons to Be Learned from Implementing NNSA's Security Enhancements, [hyperlink, http://www.gao.gov/products/GAO-02-358] (Washington, D.C.: Mar. 29, 2002); Nuclear Security: NNSA Needs to Better Manage Its Safeguards and Security Program, [hyperlink, http://www.gao.gov/products/GAO-03-471] (Washington, D.C.: May 30, 2003); Nuclear Security: DOE Needs to Resolve Significant Issues Before It Fully Meets the New Design Basis Threat, [hyperlink, http://www.gao.gov/products/GAO-04-623] (Washington, D.C.: Apr. 27, 2004); Nuclear Security: DOE's Office of the Under Secretary for Energy, Science, and Environment Needs to Take Prompt, Coordinated Action to Meet the New Design Basis Threat, [hyperlink, http://www.gao.gov/products/GAO-05-611] (Washington, D.C.: July 15, 2005); and Los Alamos National Laboratory: Information on Security of Classified Data, Nuclear Material Controls, Nuclear and Worker Safety, and Project Management Weaknesses, [hyperlink, http://www.gao.gov/products/GAO-08-173R] (Washington, D.C.: Jan. 10, 2008). [2] The White House, National Security Presidential Directive 28, United States Nuclear Weapons Command and Control, Safety, and Security (Washington, D.C., June 20, 2003). [3] OST also transports nuclear material between DOE sites and some sites licensed by the Nuclear Regulatory Commission. [4] GAO, Homeland Security: Challenges and Strategies in Addressing Short-and Long-Term National Needs, [hyperlink, http://www.gao.gov/products/GAO-02-160T] (Washington, D.C.: Nov. 7, 2001. [5] DOD S-5210.41-M, Nuclear Weapons Security Manual (Nov. 22, 2004). [6] In its Naval Sea Systems Command 2005 Cost Estimating Guide, the Navy has defined life-cycle cost estimates as the total cost of a program over its full life. The costs can be grouped into the following four categories: research and development, procurement, operation and support, and disposal. [7] To address the recommendations of several task forces chartered to assess the Air Force's nuclear security posture in the aftermath of security breaches at one of its installations, the Air Force restructured its nuclear enterprise. The restructuring will ultimately include the Strategic Deterrence and Nuclear Integration Office, a newly created headquarters organization of the Air Staff, and the Global Strike Command, a new organization that will command all of the service's nuclear capability. A provisional command began operations on January 12, 2009, and the new command is expected to achieve initial operating capability in September 2009. [8] The life extension programs were developed to extend the expected lifetime of warheads or warhead components by at least 20 years; the programs include the B61 and W76 life extension programs. [9] DOD S-5210.41-M, Nuclear Weapons Security Manual (Nov. 22, 2004). [10] DOD Directive 5210.41, Security Policy for Protecting Nuclear Weapons (Nov. 1, 2004), and DOD S-5210.41-M. [11] A nuclear weapon system is one or more nuclear weapons that is/are on or physically attached to their delivery platform in combination with all related equipment, material, services, and personnel required for self-sufficiency. A nuclear weapon system is distinct and different from a nuclear command and control system. [12] The first 6 years of the program covered fiscal year 2006 through fiscal year 2011. [13] Naval Sea Systems Command, 2005 Cost Estimating Handbook (Washington, D.C.; Nov. 18, 2004). [14] GAO, GAO Cost Estimating and Assessment Guide: Best Practices for Developing and Managing Capital Program Costs, [hyperlink, http://www.gao.gov/products/GAO-09-3SP] (Washington, D.C.: March 2009). [15] Office of Management and Budget, Circular A-94, Guidelines and Discount Rates for Benefit-Cost Analysis of Federal Programs (Washington, D.C.: Oct. 29, 1992). [16] Department of Energy, Vulnerability Assessment Process Guide (Washington, D.C.: September 2004). [17] Department of Defense, Defense Intelligence Agency, Nuclear Security Threat Capabilities Assessment 2005 - 2015 (Washington, D.C., December 2005). [18] DOD Instruction 2000.16, DOD Antiterrorism Standards (Dec. 8, 2006). [19] Members of the threat working groups typically include representatives from the installation security forces, the antiterrorism and force protection officer, the intelligence officer, and an Air Force Office of Special Investigations agent. [20] JTTFs are multi-agency teams led by the Justice Department and the FBI designed to combine the resources of federal, state, and local law enforcement. The JTTFs are small cells of highly trained, locally based investigators, analysts, linguists, Special Weapons and Tactics (SWAT) experts, and other specialists from dozens of U.S. law enforcement and intelligence agencies. Fusion Centers have been created by many states and larger cities to share information and intelligence within their jurisdictions as well as with the federal government. [21] DOD S-5210.41-M. [22] These assessments are specific to the nuclear facility and are in addition to the vulnerability assessments required by DOD's antiterrorism policy. DOD's antiterrorism policy requires that installation commanders or unit antiterrorism officers conduct annual vulnerability assessments of the entire installation to identify physical characteristics or procedures that render critical assets vulnerable to terrorists. [23] The DBT, most recently updated in 2005 and replaced by the GSP in August 2008, is a classified document that identifies the potential size and capabilities of terrorist threats to DOE facilities that handle nuclear material. DOE requires its sites to provide sufficient security measures to defend against the threat identified in the DBT. [24] Funding data provided by DOD and DOE were based on the fiscal year 2009 President's Budget. [25] Funding information for base operations support and facilities, sustainment, restoration, and modernization at the Navy's two strategic weapons facilities is not included in this estimate. [26] DOE O 470.3A, Design Basis Threat Policy, (Nov. 29, 2005). [27] GAO, 21st Century Challenges: Performance Budgeting Could Help Promote Necessary Reexamination, [hyperlink, http://www.gao.gov/products/GAO-05-709T] (Washington, D.C.: June 14, 2005). [28] Department of the Air Force, Reinvigorating the Air Force Nuclear Enterprise (Washington, D.C.: Oct. 24, 2008). [29] The funding category differed among three of the four agencies. The funding category for DOD was an appropriation account, for OST a goal, and for Pantex a program. [30] The GSP was signed by the Acting Deputy Secretary of Energy in August 2008. Since then, DOE has been updating its directives and OST and Pantex are currently updating their security plans. [31] Funding data provided by DOD and DOE were based on the fiscal year 2009 President's Budget. [32] Funding information for base operations support and facilities, sustainment, restoration, and modernization at the Navy's two strategic weapons facilities is not included in this estimate. [End of section] GAO's Mission: The Government Accountability Office, the audit, evaluation and investigative arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO's commitment to good government is reflected in its core values of accountability, integrity, and reliability. Obtaining Copies of GAO Reports and Testimony: The fastest and easiest way to obtain copies of GAO documents at no cost is through GAO's Web site [hyperlink, http://www.gao.gov]. Each weekday, GAO posts newly released reports, testimony, and correspondence on its Web site. To have GAO e-mail you a list of newly posted products every afternoon, go to [hyperlink, http://www.gao.gov] and select "E-mail Updates." Order by Phone: The price of each GAO publication reflects GAO‘s actual cost of production and distribution and depends on the number of pages in the publication and whether the publication is printed in color or black and white. Pricing and ordering information is posted on GAO‘s Web site, [hyperlink, http://www.gao.gov/ordering.htm]. Place orders by calling (202) 512-6000, toll free (866) 801-7077, or TDD (202) 512-2537. Orders may be paid for using American Express, Discover Card, MasterCard, Visa, check, or money order. Call for additional information. To Report Fraud, Waste, and Abuse in Federal Programs: Contact: Web site: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]: E-mail: fraudnet@gao.gov: Automated answering system: (800) 424-5454 or (202) 512-7470: Congressional Relations: Ralph Dawn, Managing Director, dawnr@gao.gov: (202) 512-4400: U.S. Government Accountability Office: 441 G Street NW, Room 7125: Washington, D.C. 20548: Public Affairs: Chuck Young, Managing Director, youngc1@gao.gov: (202) 512-4800: U.S. Government Accountability Office: 441 G Street NW, Room 7149: Washington, D.C. 20548: