U S Department of Energy Office of Inspector General Office of Inspections and Special Inquiries Inspection Report Internal Controls Over Classified Computers and Classified Removable Media at the Lawrence Livermore National Laboratory DOE IG-0628 December 2003 Department of Energy Washington DC 20585 December 5 2003 MEMORANDUM FOR 5 ARY FROM Gregory H Friedman Inspector General SUBJECT INFORMATION Inspection Report on Internal Controls Over Classi ed Computers and Classi ed Removable Media at the Lawrence Livermore National Laboratory BACKGROUND Computers are used extensively in the full range of operations at the Department of Energy s DOE Lawrence Livermore National Laboratory Livermore including processing classi ed national security information Livermore maintains a signi cant inventory of classi ed laptop and desktop computers as well as classi ed removable media such as hard drives and computer disks DOE policy requires strict inventory controls over classi ed computers and classi ed removable media The purpose of this inspection was to determine the adequacy of internal controls over classi ed computers and classi ed removable media at Livermore RESULTS OF INSPECTION During the inspection we were able to physically locate each of the classi ed laptop computers listed in Livermore s inventory as well as each of the classi ed desktop computers and classi ed removable hard drives we selected for sampling At the same time we did identify certain internal control weaknesses in Livermore s administration of its classi ed computer and classi ed removable media inventories increasing the vulnerability of these items to loss abuse and theft Speci cally we found that Classi ed Nuclear Emergency Search Team computer equipment and removable media were not subjected to required inventories 0 Six classi ed desktop computers that had been shipped permanently to other DOE sites remained in Livermore s property inventory and a A classi ed removable hard drive was not entered into Livennore s classi ed removable media tracking and accounting system as required Printed with soy ink on recycled paper The ndings in this report complement several recent Inspector General reports concerning the adequacy of internal controls over sensitive property such as classi ed computers and rearms at Departmental facilities Given current national security concerns the Department and its contractors must make a maximum effort to safeguard classi ed computers and classi ed media to reduce the possibility of loss abuse and theft Consequently this report includes several recommendations to help to achieve this objective Because of the security implications during our inspection we alerted Livermore of cials to our ndings so appropriate corrective actions could be initiated immediately MANAGEMENT REACTION Management agreed with our ndings and recommendations and identi ed the corrective actions already taken or planned to address our concerns Attachment cc Deputy Secretary Administrator National Nuclear Security Administration Under Secretary for Energy Science and Environment Manager Livermore Site Of ce Director Policy and Internal Controls Management INTERNAL CONTROLS OVER CLASSIFIED COMPUTERS AND CLASSIFIED REMOVABLE MEDIA AT THE LAWRENCE LIVERMORE NATIONAL LABORATORY TABLE OF CONTENTS OVERVIEW Introduction and Objective 1 Observations and Conclusions 2 DETAILS OF FINDINGS NEST Equipment 3 Transferred Classified Computers 3 Classified Removable Media 4 RECOMMENDATIONS 5 MANAGEMENT COMMENTS 5 INSPECTOR COMMENTS 5 APPENDICES A Scope and Methodology 6 B Management Comments 7 Overview INTRODUCTION AND OBJECTIVE Computers are used extensively in the full range of operations at Lawrence Livermore National Laboratory Livermore including processing classified national security information Livermore reported an inventory of 86 classified laptop computers and 1 141 classified desktop computers as of March 2003 In addition Livermore reported approximately 15 000 pieces of classified removable media Department of Energy DOE policy requires strict inventory controls over classified computers and classified removable media The objective of this inspection was to determine the adequacy of internal controls over the accountability of classified computers and classified computer removable media at Livermore This inspection complements similar work performed at Los Alamos National Laboratory “Interim Inspection Report on Inspection of Internal Controls Over Personal Computers at Los Alamos National Laboratory” DOE IG-0597 April 2003 the Savannah River Site “Inspection of Internal Controls Over Laptop and Desktop Computers at the Savannah River Site” INS-L-03-09 July 29 2003 and other laboratories “Management of Sensitive Equipment at Selected Locations” DOE IG-0606 June 2003 It also complements our recent inspection of Livermore’s internal controls over firearms “Firearms Internal Controls at the Lawrence Livermore National Laboratory DOE IG-0621 September 2003 Page 1 Internal Controls Over Classified Computers and Classified Removable Media at the Lawrence Livermore National Laboratory OBSERVATIONS AND CONCLUSIONS We were able to account for each of the 86 classified laptop computers listed in Livermore’s property inventory as well as the 272 classified desktop computers and 200 classified removable hard drives we selected for sampling Despite this we determined that there were significant inadequacies in the internal controls over classified computers and classified removable media at Livermore Specifically we found that • Classified National Nuclear Security Administration NNSA Nuclear Emergency Search Team NEST computer equipment and removable media were not subjected to required inventories • Six classified desktop computers that were shipped permanently to other DOE sites and organizations remained in Livermore’s property inventory and • A classified removable hard drive was not entered into Livermore’s tracking and accounting system for classified removable media as required Because of the security implications during our inspection we alerted Livermore officials to our findings so appropriate corrective actions could be initiated immediately Page 2 Observations and Conclusions Details of Findings NEST EQUIPMENT We found that classified NEST computer equipment and removable media were not subjected to required inventories DOE policy presented in the “Classified Matter Protection and Control Manual” requires that NEST classified computer equipment and related media undergo a complete inventory at least once a month by two individuals Based on historical events and the clear vulnerability of classified computer equipment and media such exceptional inventory requirements are an essential component of the Department’s effort to ensure national security However we identified three pieces of NEST classified computer equipment and five classified removable media that were not being inventoried on a monthly basis by two individuals rather inventories were conducted intermittently at longer intervals by one person Additionally we identified two NEST classified removable media that were being inventoried on an annual basis but not on a monthly basis as required Reportedly these media did not contain sensitive information A Livermore official responsible for the NEST equipment advised that he was unaware of the DOE inventory requirements TRANSFERRED CLASSIFIED COMPUTERS We found that six classified desktop computers that were shipped permanently to other DOE sites and organizations remained in Livermore’s property inventory The six classified desktop computers were sent to other DOE sites and organizations one or more years ago under the DOE Secure Communications and Teleconferencing1 SCAT project Details on the computers’ locations and dates of shipment are as follows Type Desktop Computer Desktop Computer Desktop Computer Desktop Computer Desktop Computer Desktop Computer DOE Location Bechtel Andrews AFB MD Pantex Plant Amarillo TX ORISE Kirtland AFB NM DOE Wash DC Savannah River Site Office GA Yarrow Assoc Fairfax VA Date Shipped 7 29 99 8 23 99 10 25 00 12 12 00 1 24 01 10 25 01 1 The SCAT system is used for crisis and routine communication by DOE the Department of Homeland Security and other emergency response organizations Livermore is responsible for the acquisition and transfer of all SCAT computers to DOE sites and organizations in the SCAT program Page 3 Details of Findings We were advised that the transfer of ownership for the six computers was not completed in a timely manner because the property representative responsible for the transfer had overlooked the requirement A Livermore official said that action was being taken to transfer ownership of the six classified computers to the appropriate DOE sites and organization CLASSIFIED REMOVABLE MEDIA We found that a classified removable hard drive was not entered into Livermore’s tracking and accounting system for classified removable media We accounted for each of the 200 classified removable hard drives in our judgmental sample of the 2 309 classified removable hard drives listed in Livermore’s tracking and accounting system However during our sampling of the classified removable hard drives we identified a classified removable hard drive that was not entered into Livermore’s tracking and accounting system We were advised that the reason for this was an oversight by a Livermore employee The exclusion of any classified media from the Laboratory’s tracking system regardless of the underlying cause has serious implications for the security and accountability of highly sensitive materials Livermore officials informed us that they took immediate action to correct this condition Livermore officials advised that they entered the classified hard drive into Livermore’s tracking and accounting system Livermore officials also advised that they conducted a physical inventory of all classified removable hard drives and that all other media was being tracked and accounted for Further Livermore officials advised that Livermore published a “Lessons Learned” bulletin reminding all employees that all “classified removable electronic media” are accountable and must be tracked in Livermore’s tracking and accounting system for classified removable media Page 4 Details of Findings RECOMMENDATIONS Livermore’s failure to adequately enforce inventory and accountability requirements for classified items increases the vulnerability of classified computers and media including critical NEST equipment to loss abuse and theft Therefore we recommend that the Manager Livermore Site Office ensure that 1 All NEST classified computer equipment and removable media are subjected to inventory reviews in accordance with DOE policy 2 Livermore transfers the ownership of all SCAT classified desktop computers to the appropriate DOE sites and organizations and 3 Steps are taken to ensure that classified media is immediately controlled upon being designated as classified MANAGEMENT COMMENTS On November 18 2003 the Associate Administrator for Management and Administration National Nuclear Security Administration provided written comments on our draft inspection report The Associate Administrator’s verbatim response is included as Appendix B to this report Management agreed with the report findings and recommendations and identified corrective actions taken or planned relating to the recommendations INSPECTOR COMMENTS We consider management’s comments and actions regarding the findings and recommendations contained in our report to be responsive Page 5 Recommendations Management and Inspector Comments Appendix A SCOPE AND METHODOLOGY We conducted the fieldwork portion of our review during January 2003 to June 2003 Our review included interviews with officials from the Livermore Site Office and Lawrence Livermore National Laboratory In addition we conducted inventory verification of a judgmental sampling of classified desktop computers We also reviewed applicable policies and procedures and other records regarding property management and computers including • Livermore Management and Operating Contracts • DOE Property Management Regulations Title 41 Code of Federal Regulations Chapter 109 • Livermore Property Management Policies and Procedures • DOE M 471 2-1C Classified Matter Protection and Control Manual Approved 4-17-01 • DOE M 471 2-2 Classified Information Systems Security Manual dated 8-3-99 • Livermore’s Classified Document User’s Manual dated October 2002 • Livermore’s Accountable Documents and Media Procedures dated September 2000 Revised March 11 2002 • Livermore’s General Plan 4001 v1 3 General Computer Security Plan for PL-1 Multiple User Classified Systems dated July 30 2002 • Livermore’s Policy 4303 v4 3 Classified – Single User Stand Alone SUSA Security Plan dated July 24 2002 This inspection was conducted in accordance with the “Quality Standards for Inspections” issued by the President’s Council on Integrity and Efficiency Page 6 Scope and Methodology Appendix '1 09 Department of Energy m m gg National Nuclear Security Administration Washington DC 20585 NOV 1 8 2003 MEMORANDUM FOR Alfred K Walters Acting Assistant Inspector General for Inspections and Special Ian' 5 FROM Michael c Kane Associate Administrator for Management and Administration SUBJECT Comments to Draft Report Control Over Classi ed Computers The Of ce of Inspector General 16 issued their draft report Inspection of Internal Controls Over Classi ed Computers and Classi ed Removable Media at the Lawrence Livermore National Laboratory on October 16 2003 We appreciate having had the opportunity to have reviewed the draft report NNSA understands that the objective oftl iis inspection was to determine the adequacy ol intcmal controls over the accountability ol'classil'red computers and classi ed computer removable media at the Lawrence National Laboratory While the IG Inspectors were able to account for all equipment selected for sampling 8t laptops 27 2 and 2 00 removable hard drives-all classi ed the 1G still concluded that there were significant inadequacies in the internal controls otter classi ed computers and classi ed removable media at the Laboratory The 16 believed that failure to adequately enforce inventory and accountability requirements for classi ed items increases the vulnerability ofclassi cd computers and media including critical NEST equipment to loss abuse and theft NNSA agrees with the report s ndings and recommendations LLNL has implemented or is in the process of implementing corrective actions relating to the recommendations Attached is NNSA's management decision on the recommendations If you have any questions please contact Richard Speidel Director Policy' and Internal Controls Managenrent at Attachment cc Camille Yuan Soo Hoo Manager Livermore Site Of ce Robert Braden Senior Procurement Executive NA-GB William Desmond Director Office of Nuclear Safeguards and Security Programs David Marks Field Chief Financial Officer Plum-nth 50 Iri rancid papal Page 7 Management Comments National Nuclear Security Administration Management Decision to the Inspector General’s Draft Report “Inspection of Internal Controls Over Classified Computers and Classified Removable Media at the Lawrence Livermore National Laboratory” We recommend that the Manager Livermore Site office ensure that Recommendation 1 All NEST classified computer equipment and removable media are subjected to inventory reviews in accordance with DOE policy Management Decision Concur While the LLNL NEST Team has been very diligent in checking and inventorying their equipment the inventories have not been performed using the two-person rule as required by DOE security policy LLNL NEST personnel have been conducting weekly inventories in conjunction with their requirement to test the computer equipment There are 177 inventory sheets covering the time period of January 2002 through October 2003 However the form of the inventories was not one that led to an easy inspection because of changes in the format of the inventory checklist and multiple inventory locations Some of the items had also been deployed to Kirtland Air Force Base but the accompanying receipts were not stapled to the inventory sheet In addition the draft report mentions that two NEST classified removable media were not being inventoried at all In fact the media was being inventoried annually and did not contain any sensitive data This media will now be included in the future monthly inventories Currently LLNL is inventorying NEST computers and removable classified media using the two person rule After the OIG exit conference the LLNL Classified Matter Protection and Control Manager reviewed all of the inventory files and designed a new checklist that enables someone to easily verify the items being inventoried It will be used for the next monthly inventory LLNL NEST computer security will now validate that monthly inventories have been completed NNSA LSO will validate that these corrective actions are in place by December 7 2003 Page 8 Management Comments __________________________________________________________________ 2 Recommendation 2 Livermore transfers the ownership of all SCAT classified desktop computers to the appropriate DOE sites and organizations Management Decision Concur This discrepancy was apparently due to an oversight on the part of the LLNL property representative LLNL has since transferred ownership of these computers to the appropriate DOE sites and organizations The LLNL Property Manager met with the property representative involved in the transfer to coach the employee on property transfer procedures We consider the actions taken responsive and complete Recommendation 3 Steps are taken to ensure that classified media is immediately controlled upon being designated as classified Management Decision Concur This issue led to NNSA LSO issuing the following finding to LLNL in May 2003 LLNL Classified Matter Protection and Control practices do not ensure that all classified removable media are subjected to accountability controls as required LLNL accountability processes do not address all material that should be accounted for and inventoried 03LLNL-IS 2-001 Corrective Actions included • A wall to wall assessment was completed on March 28 2003 to identify if additional items were not in accountability LLNL will conduct another wall to wall assessment in June 2004 • A working group was formed by the LLNL Director’s Office to identify and address root causes A final report was delivered to LSO on June 10 2003 __________________________________________________________________ Page 9 Management Comments 3 • Page 10 Local operating plans were developed covering issues related to training requirements and notification to employees of local processes developed to ensure classified removable media were placed into accountability Full implementation of these plans is expected by November 21 2003 Management Comments IG Report No DOE IG-0628 CUSTOMER RESPONSE FORM The Office of Inspector General has a continuing interest in improving the usefulness of its products We wish to make our reports as responsive as possible to our customers’ requirements and therefore ask that you consider sharing your thoughts with us On the back of this form you may suggest improvements to enhance the effectiveness of future reports Please include answers to the following questions if they are applicable to you 1 What additional background information about the selection scheduling scope or procedures of the inspection would have been helpful to the reader in understanding this report 2 What additional information related to findings and recommendations could have been included in the report to assist management in implementing corrective actions 3 What format stylistic or organizational changes might have made this report’s overall message more clear to the reader 4 What additional actions could the Office of Inspector General have taken on the issues discussed in this report which would have been helpful 5 Please include your name and telephone number so that we may contact you should we have any questions about your comments Name Date Telephone Organization When you have completed this form you may telefax it to the Office of Inspector General at 202 586-0948 or you may mail it to Office of Inspector General IG-1 Department of Energy Washington DC 20585 ATTN Customer Relations If you wish to discuss this report or your comments with a staff member of the Office of Inspector General please contact Wilma Slaughter at 202 586-1924 The Office of Inspector General wants to make the distribution of its reports as customer friendly and cost effective as possible Therefore this report will be available electronically through the Internet at the following address U S Department of Energy Office of Inspector General Home Page http www ig doe gov Your comments would be appreciated and can be provided on the Customer Response Form