Tuesday, March 22, 2005

Expensive lessons: The story behind falsified vault records at Los Alamos

Expensive lessons: The story behind falsified vault records at Los Alamos By DIANA HEIL The New Mexican

A former supervisor of two vault keepers at Los Alamos National Laboratory says the confusion over computer disks last summer boils down to two untrained workers who took shortcuts and got scared when officials asked why the disks were missing.

“These people are not malicious at all,” Todd Kauppila, a fired supervisor, said in an interview Monday. “I know the people that did that, and they’re both very good people.”

All but the most essential work at the nuclear-weapons lab stopped in July after the disks, believed to contain secret information, could not be located. An FBI investigation later determined the disks never existed.

Last week, some members of Congress wondered if criminal charges were in order after hearing that the seven-month shutdown at Los Alamos National Laboratory might have cost as much as $367 million.

Three workers were fired — Kauppila and the unnamed vault keepers. But no one’s going to jail. The FBI concluded no criminal activity was involved.

The acts that led up to the security incident seem, on the surface, to be small departures from the rules. Twelve bar codes were entered into the lab’s tracking system, but only 10 disks were created. Workers signed the inventory sheet without checking the vault to make sure the same number of disks were in there. And soon enough, Los Alamos had a crisis on its hands.

Repeated attempts to contact the fired workers, both of Española Valley, have been unsuccessful. But lab Director Pete Nanos has said the confusion was caused by people not following the rules as well as records custodians being pressured by other employees to ignore security regulations.

The fired vault custodians, in their 50s, had earlier worked as secretaries at the lab. One had a few months of experience handling classified material and probably didn’t understand the rules, Kauppila said. The other worker was an alternate vault custodian, according to Kauppila, who said he believes she was put in the position without proper training.

Kauppila said the lab is much more diligent about training employees in security procedures now than it was then.

In June 2000, the U.S. Department of Energy set up an accountability system for computer disks and hard drives that contain secret information. Each piece must be tracked individually. The
requirements were a reaction to missing hard drives at Los Alamos and the investigation into employee Wen Ho Lee.

Three years later, when the lab prepared removable zip disks containing secret information for a slide show, lab records listed 12 disks. But FBI and Energy Department investigators concluded the bar codes were put into the records before the devices were created.

This was just the first mistake. After the slide show, the disks were stored in a safe without the custodians verifying each disk against the inventory list, according to a report on the investigation.

In July 2004, a lab worker discovered that two disks listed in the inventory could not be located. Los Alamos searched 2,006 vaults, rooms and safes but turned up nothing, except more problems. Computer hard drives had been moved to a building against proper accounting procedures and a large amount of material was not properly tracked. As a result of widespread security weaknesses, Nanos suspended all classified work on July 14 and then-Energy Secretary Spencer Abraham ordered other labs to do the same.

Other labs went quickly back to work, but Los Alamos, dealing with security and safety incidents, shut down all activities except for the most essential. Some activities did not restart until last month.

While the search for the missing disks was on, workers didn’t admit to their mistakes. “These two vault custodians were terrified they made a mistake and were terrified to say anything,” Kauppila said.

Kauppila said neither he nor John Horne — both punished in connection with the security incident — were accused of falsifying the inventory sheet or of failing to verify the inventory. “I had no responsibility to do that,” he said.

Horne, a lab technician working on secret nuclear weapons experiments, created the disks but he has told reporters that he didn’t realize how many bar codes the custodian entered into the accountability database. Kauppila was Horne’s supervisor.

After being investigated by the FBI, Horne got his job back.

Kauppila was fired Sept. 23, though he said he doesn’t understand why. He believes he was a scapegoat and has filed a formal grievance with the lab to clear his name.

It is great to hear Todd Kauppila come forth with the truth of this situation. I certainly hope the two unnamed vault keepers file grievances routed to arbitration before their time limit is over. I am pleased Kauppila has already done so.I hope they will consult a knowledgeable attorney about their situation.
While Nanos is busy holding LANL employees accountable, it is important that employees use whatever means they have to hold LANL management accountable. What is good for the goose is good for the gander, as they say. These workers have a good case.
LANL did not have a consistant policy on vault rules and vault worker training until after this embarassing event occurred. It is not the fault of the vault workers or their supervisor, Mr. Kauppila, that LANL did not have a consistent policy in place and had not trained its employees to that policy.
This is a fact that can and will be demonstrated in a legal process. I hope the people who know the two vault workers will support them in fighting back as Mr. Kauppila has done.
We don't have to be terrorized by the bizarre people who are now running LANL.
The posting from the New Mexican will probably generate another spate of email describing how poor a job everyone does at LANL, how incompetent and self-serving everyone is, etc.

The turmoil over the CREM and safety episodes reminds me of all the turmoil whenever there is an airplane crash. Somehow what gets lost in all the reporting is how many flights/year do not crash and how many lives are not lost.

I agree that generating more barcodes than media was not good to do, and I agree that AS SOON as this became known someone should have stepped up and explained what happened. It's really easy to say this now (armchair quarterback), but maybe we should all consider that folks can be really afraid to do what's right because of the work environment. And if it is really correct that there was no labwide policy on how to handle CREM, then it's only right to ask Nanos to take partial responsibility for that and for the atmosphere of fear. And the DOE should also shoulder some responsibility for not funding the many requests for extending the Red network. Those who can rant and rave about how irresponsible the DX folks were must either never make any mistakes or don't know they are making mistakes. Both are very dangerous character flaws for people with Q clearances.

From what I have read in various postings to the blog, there are very few, if any, who have stood up and said that the laser accident could somehow be excused. However, again, how many different types of activities/day are accident free? Are we upset because there was an accident with a laser, are we upset because the accident involved a student, are we upset because the accident damaged the student's vision, are we upset with an attempted cover-up (this is merely water fountain gossip), etc.? How many other accidents have occured since the laser accident that have resulted in an injury but have never been publicized? When the director says there have been 322 injuries but the OSHA report lists 257, what do we believe?

The "do we work safely or don't we" issue has been resolved by Brad Holian's data which Nanos has ignored because he is unable to explain the discrepancy between what actually happens and what he says happens at LANL. The same can be said for security issues. Probably hundreds of activities happen every day that could result in another security incident but do not. What does that say? Are we self-serving, incompetent, and money-hungry, or are we just normal people trying to do difficult work under an intolerable DOE/NNSA/LANL bureacracy?
My favorite headline from the Onion:

"How many more people have to die before no one ever dies again?"
1. There was a poorly designed process in place.
2. People weren’t following the poorly designed process in place.
3. People then lied about not following the poorly designed process in place.
4. People falsified documents to cover their lies about not following the poorly designed process in place.

Todd shouldn’t wonder about why he got fired if these people worked for Todd like the article says. Further, I know I would be on the first plane back from the middle of a vacation if my supervisor had called me with such a security issue; I wouldn’t want to go through what WHL went through! I can appreciate Todd’s obvious compassion for these two people in the article, but based upon the facts, these people should be happy they aren’t going to prison.

I think the point lost in all this is that security should be the most important priority followed closely by safety in anything that is done at this lab. If the project cannot be done securely or safely, then it shouldn’t be done at all. Otherwise, what is the purpose of developing the next big thing to protect us from terrorists if we can keep it from being used against us in the future?

Supposedly, as the article states, the director shut the lab down after the initial search for the disks turned up more problems with removable media. Sounds justified to me now as all I had heard in the past was that the lab was shut down over two missing disks and a safety incident. So is the cost of shutting down the lab all due to Nanos? Maybe some of it but, we must realize that the cause of this shutdown was a community effort. How many people at the lab have been complaining about the CREM processes but not really doing anything about it?

Sure, security can be a real bitch. It can be tedious. It can take time away from other things you would rather be doing. It must be done though. Not only must it be done, it must constantly be improved. Seems like the “improvements” here only happen after an incident. There needs to be a vehicle in place that facilitates constant improvement. A good way to start is by encouraging people “not to be too terrified to tell the truth” when there is a problem.

Just my two cents.
Does it surprise you!!
Now wait a minute here... Todd is the supervisor of the two custodians, and blames their "mistakes" on poor, and lack of, training and understanding of their jobs. This is the job of supervisors, to make sure that their employees understand their positions, through training and OJT. He should be fired again... And the custodians, who were secretaries; they likely saw the custodian job as advancement. They took the promotion, without the responsibility; like Todd did it seems. This is a chronic problem at LANL, supervisors (and employees) who want the money without accountability. I once worked for a Group Leader, later Division Leader, who took responsibility for nothing, nada. When I asked him why he was a Group Leader, since he didn't want any responsibility, he said; "because as Group Leader, I can do whatever I want to do". With this lovely attitude, he was of course promoted to Division Leader, where he was even more destructive.
Does this sound familiar? I suspect that he can't be identified by this description, as this kind of management behavior is far too typical. This must stop!! Those who take the bucks musn't be allowed to pass the buck...
As to Todd and the custodians, they likely feel unfairly treated, as does Cremers, because they saw the same kind of problems all around them. But, you have to stop somewhere; or it just goes on and on; as it has for far too long.
The sad part is that the problems weren't dealt with, including some top management terminations, after the Lee case, the "hard drive" case and the Efren Martinez case.
And no, I don't believe that Nanos is accountable for Todd's failings. Todd is... I do believe that Nanos is responsible for not replacing top management during 2003, and getting some results on these matters. For that reason, I'd get rid of Pete. He wasted 1 1/2 years... when he should have been cleaning house.
To 9:59
I think there is a mistake in the New Mexican article. Normally CREM or other classified media custodians are clerks who work in the Group Office and provide their service to all group members. I don't think Todd was their supervisor.

I have never known anyone who thought that being a media custodian was a promotion, nor have I known anyone who got a salary increase for taking on additional duties.
Fire the Admiral since he is Todd's boss too. Or, Todd should have immediately blamed madame Nanos since he who blames first wins!
There is a very sizeable segment of employees at lanl that are in denial and never accept responsibility for there actions or inactions. I see it every day. They always pass the buck and make excuses instead of stepping up to the plate. This has been tolerated by management for years so they are at fault as well. Everyone gets glowing performance appraisals and little certificates so how can it by my fault? This has got to stop and in honesty I think that is where we are heading.
The DX-3 vault has been nothing but a revolving door of custodians in the last 10 years. It has not been the same since and has not provided the service it once used to. Half trained custodians, it wasn't opened to group members all the time, the group office huffed and puffed everytime they had to open it for a staff member. But it really boils down to poor or lack of management.

This last custodian that was fired was thrown into this job because her job finished at DARHT. They had to place her somewhere. The vault needed a custodian. This job was not her choice. The second person fired was continually pulled in to help the main custodian (even though she was a technician doing other duties) though there were many capable people in the group office to help (they were too busy or didn't want to do it I don't know).

The prior custodian left as quickly as possible, didn't train her replacment or leave any notes, etc., as to what she had done or an exit inventory that we know about (isn't that required). So you take a person that has never even touched a classified document, never attended a "required" CDC class, or opened a repository and make her the vault custodian and then take a technician off her job two days a week to train and try to create a "flawless custodian."

I can tell you that in the last 15 years I have found POBs open, classified documents laying on copiers, computers unlocked processing classified, classified discussions around people that should not be hearing it. But I dealt with it, reprimanded those that needed to be, took safes away when the situation warranted it, held security meetings immediately to nip it in the bud. But no one got security infractions and no one got fired. The problems were fixed on the spot. Never to see them repeated again.

But there are lots of things that have added up to the grave situation we are in now including poor management, lack of CDC security training (since Mary Lyerly retired the CDC training has never been the same), oversight of the importance of the vault custodian duties and classified processing, especially in DX-3.

One person used to be the security officer, vault custodian, safety officer, classified document custodian, key custodian, she was called your Group Secretary. Now the lab pays three or four different people to do each of these jobs and look at the situation were in. You'd think the place would be better run with a single person to dedicate to each task.

Lots of turnover in a division/group office makes for lots of issues dropped in cracks. My division and group is seeing the affects of this. Again, I repeat, it all boils down to poor or lack of management.
One cannot follow a procedure that does not exist. The clerks in the DX Div. case followed the custom ( procedure) when they gave the bar codes to John Horne. There was no official procedure for what to do when not all bar codes were used. John did what he thought was right and shredded them, not realizing that this would cause a problem for the clerks.
These bar codes turned up missing in several audits. The audits were not conducted by the two clerks or Mr. Kauppila. It is the auditors who should have reported the disks missing, not Mr. Kauppila or the clerks.
Yet, apparently the auditors were not disciplined or fired. In fact it was Mr. Kauppila and John Horne who figured out what had actually happened.
Security procedures are made by S-Division and employees are trained to them. However there were no rules about how to hold CREM in a vault and no one could be trained to no-existant training.
Bottom line is someone should have had common sense and they did not. Either Hornde or maybe Kappulia should have informed the custodians that "Hey here is a heads up. I did not use 2 of the Bar Codes". Or if I was a custodian I would not wait for an auditor to show up to do an audit. You can bet your behind that I would be checking and auditing what I am responsible for myself. Especially CREM. Its not rocket science here folks. Perhaps being a custodian is not the most glamorous job but it beats flipping burgers. But then again thats the whole problem.
The procedure is to bar code CREM as you create CREM. Or as quickly within 24 hours as you can. That is how we have been doing it in DX-3. That is how I have been doing it in DX-3 for many years. That has been known for a very long time.

You get as many bar codes as you need from S-Division (I would take 20 at a time), you DO NOT enter them in your accountability system until you USE them and are affixed to a piece of CREM. We held on to bar codes with dear life as we hated to go down town to pick up more and never disposed of any. They would always be used.

The custodian's first mistake was entering the bar codes in the media tracker without them being affixed to CREM, thus causing this entire mess. If the bar codes aren't on CREM they are meaningless. But entered in a media tracker, it's a different story. Period.

Kauppila and Horne had absolutely NOTHING to do with the falsified inventory. It was not their job, they did not conduct nor did they sign the inventory. They were not CDCs. Stop associating them with that part of this mess. They were only owner's of CREM and/or classified documents and had access to a safe.
Ok fine I stand corrected. I send my apologies to Horne and Kappila. Then it was proper to fire the custodians as they screwed up.
Unfortunately all of LANL is managed by and to the lowest level of incompetence. Don't want to step on anyones toes. Everyones a nice person. Need to take off because of the kids - OK, Need to be interrupted all day with personal phone calls - OK Need to send jokes and media files to all my friends at LANL - OK Need to take off again because my 3rd cousin had a ticket. Its called WORK and to be blunt there are quite a few people that do not have a work ethic are astute and aware of there surrondings and guess what? Stuff like this happens.
Dear 2:50PM Poster,

From your statement, "Bottom line is someone should have had common sense and they did not" I deduce that you do not do classified computing. It is an oxymoron to use common sense and classified computing in the same sentence. Several months ago one of our sys admins helped me with a printer on our classified network. To test the printer, the sys admin printed a configuration file which contained information readily available on the yellow network. When I picked up the paper to throw in the recycle bin, I was told that I could not do that because anything printed on the secure starts as secure and must be declassified by an ADC or shredded. Then I was told that was not the case if I copied something from the screen. The copy could be tossed unless it was truly classified! These are DOE rules, and common sense is not part of DOE rules. Neither is logic nor an understanding that it is just as wrong to overclassify as to underclassify.
Man, 355 hit it on the head.
I've had a worthless admin for over a year. Can you imagine it was considered rude of me to interrupt the personal calls focused on planning the kids’ birthday parties or the weekend camping trips?
Unfortunately, while the admin "worked" for me, I had no authority over her to hold her accountable to do work. My GL let it slide because the admin is a protected class from northern NM. "Can't upset the person, she may file a grievance."
Lucky for me, I was able to get rid of her through the contingent worker project.
She was really upset that I didn't hire her for her own job. Go figure!
I can only hope the new hire has some inkling of work ethic.
To the 11:57 post. Thanks for the insight to the DX-3 problems. Your description sounds like the real thing, the LANL we know and love. Where the "shit jobs" are given to those, like displaced admin folks, who will take any job. This is the "brown runs down" style of management a LANL, where DOE mandates are handed off to someone who is unqualified, and/or, untrained, just to be able to meet the DOE requirements; but with no interest in getting the job done right. The "bad boy" LANL style; "you can make me do it, but you can't make me do it right". Sandia Lab, on the other hand, is famous for cheerful compliance with DOE orders; as long as they get paid they do what's asked.
That, in my experience with LANL is how the safety and security side have been handled since the DOE started pushing them. Give the "accountability" to some hapless grunt, and call it covered. DOE are seen as a bunch of idiots anyway, but you have to humor them.
As a LANL employee referred to the LAOO once as; "a bunch of D students".
How do you change this? By holding management absolutely accountable for screw ups at the bottom. That is the only way to make them care. Rip up the whole management chain when the bottom screws up. This has never happened at LANL, until this time. Whatever we might think of Nanos, and I don't like the guy, he did it.
The question I have for the 11:57 post is, did the message get through, at DX-3 and the rest of the Lab? God, I hope so... If it didn't we just kissed off $357 mil for nothing...
LANL has never had accountability in my experience, and without it you just get a culture of alibis. DARHT 's second axis just slipped, yet again; four more years. Pit production slips, and slips, and the number to be produced keep dropping. Who the hell is responsible; anyone? It isn't just safety and security; its the deliverables.
Meanwhile LANL keeps adding to the overhead, with "senior advisors" and "office directors". Bradbury would puke if he saw this mess.
Some Facts: (1) The DX vault WAS a revolving door with multiple custodians leaving is recent years. (2) Todd WAS the supervisor of one of the custodians. (3) These people all lacked sufficient training. (4) Management in DX has always been clueless. (5) The upper management at LANL owns much of the responsibility for this issue for not having a genuine red network or rational lab-wide security protocals. Sadly, we still have neither.
4:34 is right - Those types of instances happen on a daily basis. I had a Tec recent high school graduate contractor working for me performing computer desktop support. He "knew everything computing". I figured out real quick when I came on board he did not know shit. The organization had computing problems constantly. Then I found out that he would BS people regarding computing problems on a daily basis. Unfortunately since we were mainly an administrative organization these were his peers so they did not now any better. Got on his ass about that. Gets better - He then started playing loud RAP music in the computer room. Would filter to next door offices, down the hall etc...I asked him to lower the tunes. He did not. I then told him he could not listen to anymore music at work period. Boy, he then when to the Excutive Admin in our group and complained. She came down and read me the riot act saying its his right to play music, I am discrminating etc...I said bullshit. He is not allowed to play music in my computer operations room period. His days were numbered as far as I was concerned but I had to leave on travel. When I came back I found that he left and went to work for CCN-2. The Executive Admin shortly thereafter went on disability and never returned. The odd thing about it all is that upper management actually got on my case because those 2 plus a bunch of there peers stated that I was rude and unfriendy. Management actually got on my ass about it. I stood my ground and fortunately I had a great immediate supervisor that stuck up for me.
4:44 PM asks a very good question about what was actually accomplished since last July. Is there really a system in place that not only protects CREM but all classified matter? Is it easy to use and verify? Does it finally take advantage of technology available to use barcodes properly? Does it properly train personnel, and give them the tools to do the job so that they will feel comfortable with their accountability?

The same question must be asked about safety. This issue is much more important than the security accounting problems discovered last July. Have all the serious safety problems said to have been found after the laser incident been resolved? Were substantial changes to safety procedures found to be necessary, and if so were the changes made shown to be effective? Does the record show improvement during the last eight months? Were there any surprising near misses or serious accidents since then?

I hope that Lab management would see fit to formally answer these questions.
7:05 - Still sounds like excuses. Look, how hard is it to have a set of barcodes. Someone else already said you do not account for it until it is placed on CREM media. You have a logbook or computerized inventory system. You label it, the person that labels it makes sure its in the countability system. How much training does a person need.
Ok folks, lets's be fair..you get what you pay for...

Most administrative folks I work with are hard working, dedicated, and conscientous. They do their training and perform their jobs to the best of their abilities and their training...

So what is the conclusion? The "system" let them down. There is a reason that folks have left classified custodian jobs like rats leaving a sinking ship--the rules keep changing and have become much too complex, training is onerous, and punishment is draconian--who in their right mind would take on such a situation at the rates we pay these folks?
I think most administrative folks at the lab make a pretty decent living. The same jobs in the area pay 30 - 40% less. They accepted the job. If they don;t like it then look for another one. If no one else at the lab will hire them, then leave. Thats the way the "system" is supposed to work.
4:34 captured a situation that is so common in the Lab that it pretty much passes for normal business anymore. I recently experienced three giggly teenybopper girls huddled around a pc while web-surfing at the front desk of a service organization. They ignored me while I waited for service...I'm not a protected class. I was only four feet away. I didn't dare break in to their "work" for fear of being considered rude. After several minutes an "adult" came from an office down the hall. He asked the girls to attend to my needs. They became indignant upon finding that I didn't have the correct form..."need to go back to your office, get on the Lab's web page and print out form 'so-and-so'" as one of them demonstrated on that very pc. It never occured to her to be helpful and print the form for me then and there. It would have saved me a round-trip back to my office. Thanks S-Div for your demonstrated lack of professionalism! HR and SUP are not far behind in the lack of professional discipline and office decorum.

7:06 has it right...CCN-2 is a collection of protected-class phonies...part of the "stealth overhead".
Thats one of the main problems the overhead at the lab is so HIGH. Once your are infiltrated with poor performers and employees that have no work ethic you need to hire more more people to do a one person job or to cover there screwups. Then on top of that you have supposed supervisors and managers that have no balls to deal with these individuals. Its really a sick situation.
During the "structured series study" in 1986 I noticed disinterest by lab management in valuing support series personnel by defining criteria of "professionalism" which could have inculcated a sense of responsibility and integrity, but would have the consequence of creating implicit job security obligations to a class of employees the Lab at the time wanted to treat as declarable surplus when it was convenient. Had the Lab done that then, the CREM problem might not have happened because there would be a support career series in the safeguard and proper accounting for classified material. When I was in the military, you weren't able to read highly classified special category material, a category in which SRD falls, without being let in a vault and it either handed to you by a custodian in a reading room or signed out on a hand receipt. If the custodian didn't get it back or your hand receipt wasn't cancelled, ou didn't leave the facility until the material was found.

When I worked at the Lab, I was flabbergasted by how porous the document security system was. The report library had the best security but I would take stuff from safes in the group office and no one would miss it for days, perhaps weeks. At no time ever was there a request to inspect the contents of my briefcase, even when I was leaving the SCIF. The security briefing I received when being inducted as a Lab employee was laughable in its lack of vital content.

The inability or unwillingness of the Lab to treat its support personnel as a class of professionals has lead to these regretable security violations because with the sense of professionalism comes appropriate training. A security professional does not create n+2 barcodes for n Zip disks because the barcodes are not created unless the material is in the hands of the security professional. Everyone in the business knows that doing such a thing will result in a security FUBAR. In the Lab I was something else but in the Army I was a document security professional with full awareness of the consequences of falsely creating traces to classified documents (or disks) that didn't exist.

So some 20 years after I worked at LANL, it seems that no one has a grasp of document security, there is no meaningful security training, there is no way of inculcating a sense of responsiblity for material that if disclosed could result in grave damage to the United States, and I can anticipate more problems if this kind of bureaucratic negligence is sustained.

The sense of responsibily must exist across employee ranks. No staff member is justified in having a tantrum because security requirements delay access to a needed report.
With regard to the post at 11:21, We used to have a system exactly like what you described. You can thank witch Hazel for dismantling it. We have never recovered from her stupidity.
As for the barcodes they are not created, they exist on rolls by the thousands. That is why it is against policy to enter them into the accountability system before they are used. As things exist now a slip on the keyboard can enter a number that is still on a roll somewhere but has not yet been used. That scenario has not been addressed and is another reason why Nanos should be fired for not properly instituting a system that is workable. All of his chest pounding about how much better things are now is nothing but lies. The technology exists to create the media and the barcode at the same time as well as electronically coding the media to match the barcode. These types of systems can be puchased, the lab just refuses to do it. People make mistakes. Even all of the ones who write in here and claim that it would never happen to them because they are so much smarter that everyone else. I guarantee that none of you are above an error that could lead to catastrophic results. That is why we should use available technology rather than relying only on procedures. This problem requires a two pronged approach and that has not been done.

In an era where Fed-Ex can track any one of millions of packages anywhere on earth the fact that LANL can't do it in 43 square miles is a sin. This sin rests at the feet of Nanos who, as a former admiral, should have understood that it is his responsibility to assess all of the systems on his "ship" and insure the most critical ones are functional. Instead he ignored these important and obvious flaws and chose to attack LANL employees to shift the focus from his gross negligence.
This system is still fatally flawed. I pity the next person who gets screwed because LANL policies are not adequate to protect workers or media. I've read a lot of posts about how people aren't following the policies here. That is pure Bull. The policies are so poorly written and ambiguous that if you call for clarification you'll get ten different answers from ten different people. It's like calling the IRS for help. So, just because two people didn't act properly it doesn't mean that everyone else is doing the same.
To the poster at 11:21pm, you seem to be equating SRD with SCI material in
terms of their classification and handling. They are not the same. SCI
materials are "compartmentalized", and are very carefully tracked. In most
cases, SCI materials are also at the Top Secret level. Secret RD, on the other
hand, is not "compartmentalized" to a select group of people for access. In fact,
anyone with a DOE Q badge can access SRD. BTW, It was Top Secret/SCI material that
CIA Director John Deutsch kept on his private home computer which was hooked
to the internet -- a very bad idea! Sandy Berger, the former National Security
Advisor, snook out of the National Archives SCIF with Top Secret/SCI materials
stuffed in his pants. He also lost some of these TS/SCI documents. I've never
heard of a single case of LANL losing highly classified Top Secret/SCI materials.

In terms of handling, I have visited other classified agencies outside of the
DOE sphere and can tell you that it is NOT normal to bar code and inventory
media at the Secret level. If this was instituted at a national level, much of
the work within the Intel and DOD communities would come to a screeching halt!
It would just not be practical. The fact is, DOE (and Congress) are holding
the Labs to a standard that is not enforced anywhere else within the Federal
Government. The fact that DOE, UC, and Nanos never bother to mention this little
fact to our harshest critics is unfathomable.

If DOE and the Congress insist on continuing with extremely strict inventory
rules at the Labs, then our only hope is to drastically increase the size of
our SRD Red Network so that there is zero possibility of anyone ever losing or
miss-handling SRD media. If that is what DOE really wants, then where is the
money for it? The initial $20 million that LANL got for growing our Red Net was
only a drop in the bucket towards the true costs. In fact, if DOE wants to
stick with its tight inventory rules, then it should be a made a new policy that
all Q-cleared employees who work behind the fence must have a Red Net workstation
in their office. It will also be necessary to drastically spread out the Red
Network to all the outlying areas and to most other offices, presentation rooms,
etc., that lay behind the fence. Doing so will cost well over $200 million.

If this is what the DOE wants, then I have a solution for them. Why not cancel
the RFP competition and continue to let UC run the Lab. By doing so, they will
save nearly $200 million per year in LANL operating fees and yearly pension
costs. They can then start investing that $200 million per year in efforts
to build out the Red Network. What would DOE rather have? A safe, completely
networked SRD environment? Or would they rather blow $200 million per year on
private contractors who will, for cost efficiency reasons, probably do very
little to drastically expand out the Red Network. Which will it be, DOE?
What is your true agenda in this matter?

And, where, pray tell, are those three classified disks that DOE reported missing
from their local DOE/ABQ offices last summer? We found ours. Why can't you
find yours? Your classified tracking system must be broken. Either that, or
some "buttheads" and "cowboys" must be lurking within the walls of DOE.
Just gotta reply to 4:38. When I went through my orientation several years ago, two "new hires" were playing phone games and text messaging others.
I thought, as a new UC employee, this is a required meeting during normal work hours. What gives with this @#$%.
Then I went to my group and saw similar behavior by many of the new generation of kids being hired.
I thought that when you transition into your first real job, you'd understand what the world of work is supposed to be different.
Guess not.
Its really something. Quite a good number of the younger generation have no clue as to what real work is. For some its all fun and games and thats where there priorities are.
Another dirty little secret of security at LANL is that security rules are not applied equally to all, but are used selectively to support bad managers.
I have seen abuse of security rules at LANL, and agree with the writers who says the system is seriously flawed, totally underfunded, and if you ask for a clarification of a security issue you will very likely get 10 different answers.
The system is not well thought out, has flaws and due to the hazard of handling classified material the admin with the least clout and often training and experience gets the job and gets fired if she(it is rarely a male) makes a mistake, that is, unless she has somehow become a "friend" of management. We won't go into how one becomes a "friend" of management.
So I have seen security infractions punished by firing or being removed from one's job and other worse security infractions totally ignored depending on who committed them.
No doubt there are some admins with a poor worth ethic, but I have known quite a few TSMs with a poor work ethic as well and numerous TSMs who are rude, vicious, and overbearing with admins. This behavior isn't related to membership in a structured series or not. It is related to personal integrity and I agree that LANL doesn't do enough to filter out these vicious and/or lazy people. But let's not blame any specific group for these very human traits.
I have seen admins ( almost always women) fired on trumped up charges because they insisted on following security rules to a TSM who felt that he/she should be able to do things any way he/she wanted.
I have seen two people make the same security error, one will be seriously punished and washed out of his/her job, the other will not be punished at all.
I have personally turned people in for security problems during Nanos's big security purge. Nothing happened to the ones I turned in because they were managers and managers protect each other, also some of their favorites.
Nanos required that every group pick one person who was "untrustworthy" and to keep that person out of secure work. In most cases the untrustworthiness was determined more by personal relationships than by security standards. The scapegoat was very likely to be a female admin, often an older person.
There are so many problems at LANL that it is hard to know where to start in fixing them. First, I think managers should not decide the punishment or lack thereof in their supervision group. Perhaps a person in S-div should do it.
Second, the security rules should be gone over with a fine tooth comb for areas not covered and inconsistancies. Third, the vault or CREM custodian should not be the scapegoat for all the lab's problems. Go for those with management responsibility for the problem. In many cases this is S-div. Also, spend the money, for goodness sake, for a workable system, computer or otherwise, and training for the CREM and vault custodians. Then protect them from scapegoating.
No matter how good the admin salaries are at LANL, no amount of money is enough to compensate for being abused on a regular basis.
From the 10:15am post..

+++ Nanos required that every group pick one person who was "untrustworthy"
and to keep that person out of secure work. +++

Say what? I've never heard any thing like this. This sounds like one
from the deepest bowels of the rumor mill.

+++...unless she has somehow become a "friend" of management. We won't go into
how one becomes a "friend" of management.> +++

I think we all no what you are implying here. It is a pretty outrageous
thing to suggest.

+++ LANL doesn't do enough to filter out these vicious and/or lazy people.+++

And, I suppose, you wouldn't put yourself in that category, now, would you?

+++ I have personally turned people in for security problems during Nanos's
big security purge. Nothing happened to the ones I turned in because they
were managers and managers protect each other+++

I suspect you enjoy turning in your "bosses" just a little too much.

Look, there are some valid points with this last post, but this person
is disturbed and completely over the top. Whoever you are, I suggest
you seek some professional counciling to help you get better. You
seem to have a persecution complex that needs to be address. Seriously,
seek some help, lady. You need it. You'll feel far better about those
around you when you get the help you deserve.
I wouldn't want the person on a council, but counseling would be appropriate :)
To the 11:28 AM poster,

You had better believe the 10:15 AM poster! That's exactly what Nanos instructed his staff to do. Read Director's Instruction DI04-014, regarding evaluating each and every employee as to their degree of "trustworthiness" in accomplishing Levels 1, 2 or 3 (highest hazard) work. The list of people who were not deemed trustworthy was due to Nanos on 10/29/04. This DI was issued with no notice to employees, with significant impacts to their job status. Our Group Leader advised us that this could impact our employment condition and that we should have a representative with us during these one-on-one meetings.

Our Directorate handed each and every employee a paper stating what level of work they were deemed trustworthy to work. No guidance was given throughout management as to how to implement this, leading to the same conditions for unfairness as the '95 RIF for putting whomever they wished on this list.

Yes, grievances have been filed, but who knows about them? The lack of notice alone qualified this action as an Unfair Labor Practice, but the deadline for filing that is long past.

And yes, each and every group was expected to participate in this exercise. Where have you been?!
Post a Comment

<< Home

This page is powered by Blogger. Isn't yours?