July 21, 2017

Alleged Tesa Access Issues At Lawrence Livermore National Laboratory


The National Nuclear Security Administration’s Lawrence Livermore National Laboratory (Livermore) is managed and operated by Lawrence Livermore National Security, LLC (LLNS). The Livermore Field Office administers the National Nuclear Security Administration’s management and operating contract with LLNS. As a national security laboratory, Livermore has an extensive security infrastructure in place. Livermore’s Locks, Keys, and Tesa Group (LKTG) manages the Tesa locks at the site. Tesa locks are electro-mechanical locks that are accessed by inserting a Tesa-encoded card into the lock. Tesa locks can be attached to internal and external doors, or lockboxes to a classified network. A personalized pin may also be required to access certain Tesa locks. LKTG also maintains a Tesa database that is required to contain information on all Tesa locks to which individuals have access at Livermore.

The Office of Inspector General received an allegation that Livermore’s Tesa database contained outdated and incorrect data and that this constituted a serious security issue. This incorrect data surfaced after an employee lost his/her Tesa-encoded Livermore Site identification (ID) card in 2014. Specifically, it was alleged that the employee’s Tesa locking plan included numerous Tesa locks for which the employee did not have a current need, could not access, or could not locate. We initiated this inspection to examine the facts and circumstances surrounding the allegation.

We substantiated the allegation that Livermore’s Tesa database contained incorrect data. Of the 63 locks on the employee’s locking plan we found:

• 44 Tesa locks for which the employee had no current mission-related need, 5 Tesa locks that the employee was erroneously given access to, and 1 Tesa lock that had been removed from service; and

• 13 locks on the employee’s locking plan for Tesa lockbox’s related to a classified network account.

A Livermore official told us that any individual that has access to a Tesa lockbox must have an established account to access Livermore’s classified network. The employee had an established account to access Livermore’s classified network, so he/she had a need for the 13 Tesa lockboxes on his/her locking plan. However, since the employee did not fully complete the lost badge recovery process, LKTG took action to remove the employee’s access to 6 of the 13 Tesa lockboxes related to a classified network account. When we discussed this issue with Livermore management, a senior official indicated that this individual’s circumstances posed no risk to Livermore’s classified network.

Additionally, we found that for 23 of the 85 Livermore employees included in a judgmental sample, information stored in the Tesa database had not been updated in a timely manner or in accordance with Livermore’s Locks, Keys, and Tesa Policy and Procedures.

The Tesa database contained outdated and incorrect data because Livermore did not always accurately maintain its employee’s Tesa locking plans within its areas of responsibility. The non-mission-related Tesa locks on the employee’s locking plan, and the additional Tesa database issues from our sample existed because Livermore did not always have adequate controls in place to ensure that Tesa locks were removed from the employee’s locking plans when the mission-related need ceased.

We made recommendations to the Manager of the Livermore Field Office.  Management concurred with the report’s recommendations and indicated that Livermore has already made process and internal control improvements and has additional actions planned to address the report’s recommendations.

Topic: National Security & Safety