Energy OIG: Y-12 contractors negligent at best, cheaters at worst


Contractors at the Y-12 National Security Complex say they did not intend to cheat on a written test of security knowledge, but the Energy Department office of inspector general says their credibility is questionable.

DOE officials planned to administer the test as part of its inspection after a July incident where three activists, including an 82-year-old nun infiltrated the Y-12 grounds in Tennessee. But an inspector discovered a copy of that test in one contractor's vehicle the day before it was set to be administered, auditors say in a report (.pdf) dated Oct. 26.

The test's questions and answers had been distributed to many of contractor WSI Oak Ridge's captains, lieutenants and security police officers. Contractor personnel all told auditors they had no intent to cheat, and the report says there's no direct evidence that they intended to cheat, but they were at best negligent.

The failure to safeguard the test, "especially given the intense focus on Y-12 and the security concerns at the site, was, in our opinion, inexplicable and inexcusable," auditors say.

The federal official who initially distributed the test encrypted the email containing it and sent it to contractors designated as "trusted agents" to get input on the relevance and accuracy of the test questions. But the federal official did not instruct them on how to protect the test from leaking out.

A contractor official then forwarded the email to a manager who was not a designated trusted agent, asking for comments. The manager passed it along to two security officers, neither of whom were trusted agents. The test spread from there, auditors say.

Contractor officials treated it like a training aid, the report says, but the test had a clear header that read "Y-12 Protective Force Test Key." Those who distributed the test told auditors they didn't notice it.

"We found this purported lack of attention not to be credible," auditors say.

The report recommends that to prevent another compromised test, the National Nuclear Security Administration should ensure that communications that contain test materials are marked so that there's no ambiguity as to whether they can be shared.

The NNSA's office of health, safety and security told auditors it has begun to use email security features that prevent forwarding. But the agency also told them it believed the compromise of the test was the contractor's fault for abusing the trusted agent concept.

For more:
- download the report, DOE/IG-0875 (.pdf)

Related Articles:
Multiple failures permitted trespassers to penetrate Y-12 complex
Podonsky: NNSA security fixes often just temporary