The Department of Energy’s Enterprise Assessment office found deficiencies in Consolidated Nuclear Security’s (CNS) procedures to guide employees on the proper disposal of classified information, resulting in four security incidents over the past few years at the Pantex Plant in Texas, according to a Nov. 30 enforcement letter from to Morgan Smith, CNS president and chief executive.
The letter to CNS, the management and operations contractor at Pantex and the Y-12 National Security Complex in Tennessee, said the security incidents involved “the presence of classified information in unclassified waste streams” but offered little additional detail about the events. It noted that one incident occurred in 2012, two in 2014, and one in 2016. As a result, DOE’s Office of Enforcement visited the Pantex Plant to review the incidents and found that the classified information disposal procedures pertaining to the incidents “are deficient in both clarity and completeness.”
“One procedure described a specific method of disposal, while another procedure provided no guidance regarding disposal,” the letter said. The technicians that work with the classified information said during the review that they rely on “tribal knowledge” for some work activities when procedures are not specific enough. This year’s security incident involved new employees who, despite reviewing classified information disposal procedures, made an incorrect decision due to lack of clear guidance, the letter said.
Another problem, the Office of Enforcement found, is that employees may not remember the initial information security and classification training they receive by the time they receive their security clearance and begin performing work involving classified matter. This process may take up to 18 months, the letter said.
The letter said CNS management attention is needed to establish clear procedures to prevent such security incidents. It also recommended management consider providing refresher courses in case of a long time lapse between employees’ initial training and actual classified information security activities.
The letter said DOE is not pursuing further enforcement activity against CNS but will continue to monitor the contractor’s efforts to improve security performance at Pantex.
