Disarmament DiplomacyIssue No. 37, May 1999The Richardson Plan: DOE Reforms'Richardson Unveils Security Reform Package,' DOE Press Release R-99-111, 11 May 1999 "… Richardson's plan is as follows: 1. New Office of Security and Emergency Operations A key component of Richardson's plan is a comprehensive security reorganization at the Department of Energy and its national laboratories. The plan calls for the creation of a new office, the Office of Security and Emergency Operations. It will be responsible for all safeguards and security policy, cyber-security, and emergency operations functions throughout the DOE complex. The new office will oversee all security-related functions which previously were handled by different DOE program offices. Unfortunately, due to other demands placed on the program offices, security did not always receive the high-level consideration and focus it requires. 'By creating a consolidated security budget, where security funds are clearly separated from program funds, we ensure that security needs and priorities will not be compromised because of competing program requirements,' said Secretary Richardson. 'This new office which will report directly to me will strengthen and consolidate the management of our various security programs and will ensure the proper implementation of the many new counterintelligence and security measures I have ordered.' This new office will be comprised of several important components including:
Richardson is creating a new office to independently evaluate security and emergency operations functions throughout the department. This new Office of Independent Oversight and Performance Assurance will provide independent analysis of the performance of safeguards and security and other critical functions from across the department. The new office will report directly to the Office of the Secretary. As the case with other security-related issues, while security oversight has been an important departmental function, it was not the primary purpose of its umbrella office. By elevating and expanding the oversight functions for safeguards and security, special nuclear materials accountability, and other related areas to one new independent office, the department will ensure that any security problems can be quickly raised at the highest levels. 3. Cyber-security improvement Richardson will ask Congress for an additional $50 million over the next two fiscal years (2000 and 2001) to support additional cyber-security improvements. The funding will implement additional upgrades in electronic and physical protection to ensure the continual monitoring of DOE computers for unauthorized and non-secure use. The enhanced program also will include random audits of individual computer users to ensure compliance with property security procedures. New requirements will be established that place stringent controls on computers and workstations, including controls on removable media, removable drives, and other devices that could be used to download files. The new funding request is in addition to the $8 million in cyber-security funds Richardson announced on 17 March. 4. Zero-Tolerance Security Policy The Richardson plan establishes a 'Zero Tolerance Security Policy.' Under this new policy, he is sending a signal that no security infractions are acceptable. Penalties will be strengthened, including immediate suspension for verified breaches that risk a significant national security compromise, or display a willful disregard for security procedures. 5. Counterintelligence Measures Richardson also detailed several new security related measures to continue to strengthen the department's improved counterintelligence program.
6. Strengthen the Security Management Board The administration will submit to the Congress legislation that will strengthen the charter of the Security Management Board that oversees the Department of Energy's safeguards and security. The board is comprised of Department of Defense, Central Intelligence Agency and Federal Bureau of Investigation security experts that will continuously review DOE's safeguards and security. 7. Accelerate 'Goal Posts Plan' To improve security at the Department of Energy nuclear sites, the Richardson plan accelerates the 'Goal Posts Plan.' The 'Goal Posts Plan' is a statement of those specific actions that must be taken by DOE nuclear sites to remedy less than satisfactory ratings that were reported in the 1997/1998 Annual Report to the President on Safeguards and Security at Defense Nuclear Facilities. By the end of this calendar year, under the accelerated plan, the laboratories and facilities should have taken the corrective actions necessary for them to meet the highest security ratings. 8. Accelerate Upgrades to Physical Safeguards and Security The department will seek significantly increased funding to ensure the physical safeguard and security of DOE nuclear sites. The plan also calls for the application of new technologies and capabilities, including the installation of explosive detection devices and chem-bio protection capabilities at sensitive laboratories. 9. Cyber-Security Training Program The plan establishes an aggressive department-wide cyber-security training program using mobile training teams. By the end of this year, 1,000 computer security and system administrators from across the DOE complex will be trained in the use of cutting-edge cyber-security tools and procedures. The managers will be briefed on specific cyber-security threats, their responsibility to defend against it, and countermeasures available for implementation. 10. Declassification Deadline Extension At Richardson's request, President Clinton will extend by 18 months the automatic declassification deadline of Executive Order 12958. Under the existing Executive Order, all classified documents over 25 years old will be automatically declassified in April 2000. The Department of Energy will use the 18-month extension to ensure that all documents released by the Executive Order will have been properly declassified and searched for inadvertently commingled nuclear design information. This step will help ensure the administration's openness initiatives don't jeopardize security concerns. …" © 1999 The Acronym Institute. |