November 2, 2023

Alleged Disclosure of Sensitive Information at the Department of Energy

The Department of Energy’s mission is to ensure U.S. security and prosperity by addressing its energy, environmental, and nuclear challenges through transformative science and technology solutions.  The National Nuclear Security Administration (NNSA) is a semi-autonomous agency within the Department responsible for, among other things, maintaining and enhancing the safety, security, and effectiveness of the U.S. nuclear weapons stockpile.  The Department’s Office of Intelligence and Counterintelligence (IN) is responsible for all intelligence and counterintelligence activities throughout the Department, and it protects vital national security information and technologies.  The Department’s Office of Environment, Health, Safety and Security has responsibility for health, safety, environment, and security for the Department.  That Office is also responsible for policy development and technical assistance, safety analysis, and corporate safety and security programs.

In September 2022, the Office of Inspector General received an allegation that classified information was disclosed during a routine, unclassified NNSA meeting at the Department Headquarters’ Forrestal Building held with a mix of in-person, video conference, and telephonic attendees—some of whom did not have a need-to-know regarding the classified information.  According to the allegation, the NNSA incident was reported to an IN official who conducted a formal review of the matter, but the report was subsequently “buried” by senior IN management.  We initiated this inspection to determine the facts and circumstances regarding the alleged: (1) disclosure of classified information during an open NNSA unclassified, mixed-media teleconference meeting, and (2) failure to properly report the security incident.

We did not substantiate the allegation that classified information was disclosed during an open NNSA unclassified, mixed-media teleconference meeting at the Department Headquarters’ Forrestal Building, but we did substantiate the allegation that the suspected incident was not properly reported.  An IN Headquarters Security Officer conducted an inquiry review and produced a report in August 2022 that concluded classified information was not disclosed during this meeting, and that it was a non-incident. 

Additionally, we determined that the IN report was not “buried” by senior IN management.  However, we found that the former IN Headquarters Security Officer did not notify the Headquarters Security Incidents Program Manager before or after the incident inquiry was conducted, as required by the Headquarters Facilities Master Security Plan.  The failure to properly report this incident occurred because the information that was allegedly disclosed did not fall within the purview of IN.  During our inspection, we also identified a discrepancy between expectations and the written policy contained in a chapter of the Headquarters Facilities Master Security Plan.

This report contains three recommendations that, if fully implemented, will strengthen the incidents of security concern reporting process.  Management concurred with our recommendations and provided corrective actions taken that are responsive to our recommendations.