January 8, 2020
Review of the Office of Intelligence and Counterintelligence’s Closing of Category A Security Incidents
The Department of Energy’s Office of Intelligence and Counterintelligence (Intelligence) is responsible for all intelligence and counterintelligence activities throughout the Department’s complex, including nearly 30 intelligence and counterintelligence offices nationwide. Intelligence contributes to national security by having the ability to leverage the Department’s scientific and technological expertise in support of policymakers, as well as national security missions in defense, homeland security, cyber security, intelligence, and energy security.
Department Order 470.4B, Safeguards and Security Program, requires that Category A security incidents be closed in the Safeguards and Security Information Management System (SSIMS), the Department’s master repository for facility clearances, contracts, surveys, and other safeguards and security issues that require resolution. Category A security incidents are incidents that meet a designated level of significance relative to the potential impact on the Department and/or national security, thereby requiring the notification and pertinent involvement of the cognizant security office. One of the objectives of the Order is to ensure that the occurrence of a security incident prompts the appropriate graded response, to include an assessment of the potential impacts, appropriate notification, extent of condition, and corrective actions.
The Office of Environment, Health, Safety and Security manages and oversees SSIMS, and uses the system to track and report safeguard and security issues that require resolution. Intelligence is responsible for ensuring that Category A security incidents are properly closed in SSIMS. During our previous inspection report, Review of Allegations Against a Department of Energy’s Office of Intelligence and Counterintelligence Senior Official, dated July 2018, we identified unrelated concerns regarding Intelligence’s handling of security incidents. Therefore, we initiated this inspection to determine whether Intelligence closed Category A security incidents in SSIMS, as required.
We determined that Intelligence did not properly close Category A security incidents in SSIMS, as required. This occurred because Intelligence had an informal agreement with the Office of Environment, Health, Safety and Security not to populate Category A security incidents into SSIMS. As a result, the Department may not have the capabilities to assess incident data for the purpose of reviewing and enhancing security policies, and providing technical incident and causal analysis expertise to site and program offices, as requested. As such, we made two recommendations aimed at improving Intelligence’s compliance with the Order. Management concurred with the report’s recommendations and indicated that corrective actions have been initiated to address the issues identified in the report.
Topic: National Security & Safety