ML19318C676
| ML19318C676 | |
| Person / Time | |
|---|---|
| Issue date: | 06/19/1980 |
| From: | NRC COMMISSION (OCM) |
| To: | |
| References | |
| REF-10CFR9.7 NUDOCS 8007020150 | |
| Download: ML19318C676 (89) | |
Text
9 f) g F@
g u
LL; J
b NRC 1
UNITED STATES OF AMERICA Iom.
Sh /80 2
NECLEAR REGULATORY COMMISSION
.?crkcr bfml 3'
t1 -
\\
4 PUBLIC MEETING e
5 BRIEFING ON REPORT ON POTENTIAL THREAT TO NUCLEAR ACTIVITIES 5
3 6
FROM INSIDERS R
7 AND
%l 8
BRIEFING ON DOE STUDY ON EFFECTIVENESS OF SECURITY CLEARANCES dd 9
bg 10 Nuclear Regulatory Commission y
Room 1130 j
11 1717 H Street, N.W.
Washington, D.C.
(
12 3
Thursday, June 19, 1980 j
13
=
The Commission met, pursuant to notice, at 10:0S a.m.
l 14 y
BEFORE:
2 15 JOHN F. AHEARNE, Chairman of the Commission d
I0
- ri RICHARD T. KENNEDY, Commissioner i
17 l JOSEPH M.
HENDRIE, Commissioner 5
18 5
STAFF PRESENT:
19 l k
J.
DAVIDSON 20 MS. S. MULLEN 21 R.
BURNETT n
THIS DOCUMENT CONTAINS k
J. DAVIS P00R QUALITY PAGES S 23 l
E. HANRAHAN 1
l 24 i l (
LEONARD BICKWIT, General Counsel l
25 l SAMUEL J. CHILK, Secretary Pages 1 - SC ALDERSON REPORTING COMPANY. INC.
A 4
Gm2 I
ALSO PRESENT:
2 G. WEISZ, DOE 3
J. TINNEY, DOE l -
4 M. DOWD, DOE
=
5 h
j 6
a w
a j
8 d
ci 9
Y 10 E
j 11 D
y 12 a
I I
l 14 2
15 j
16 as G
17 18 E"
k 19 l 20 21 22 l'
23 i
24 25!
l ALDERSON REPORTING COMPANY, INC.
l 2
4 "3
gRQq((Q{gQ{
1 l
f' CHAIRMAN AHEARNE:
The Commission meets this morning 2
to review and hear information that has been the subject of 3
('
interest for a number of years.
Approximately 18 months ago, 4
January of
'79, the Commission directed the staff to study the e
5 A
I m
insider threat to licensed nuclear activities.
8 6
e We now have a fairly substantial study.
We also have 7
other information that I believe we are going to hear about this E
8 n
N morning.
John?
9 z
MR. DAVIS:
Thank you, Mr. Chairman.
We are here with h
10 z
i 11 people from the Division of Safeguards, NMSS.
We will brief 'you on the insider study, SECY 82-84 d
12 z
['
13 Basically, we believe the study affirms the require-S ments of safeguards -- basically, we believe the study affirms E
14 a
the reasonableness of the current requirements for safeguards 2
15 against the insider, and adds more substance to our regulatory 16 n4 foundation.
g 37,
a b
18 We do not believe that the study will lead to a series E
of new regulatory actions.
Its findings will provide background j9 R
in current and future rulemaking.
Basically, it is confirmatory 20 of that which we have done so'far.
21 The study has a great deal of detail, in general.
I 22
(
w uld like to point out that it is derived from a very limited 23 I
population of incidents, especially in the area of sabotage.
24 In the report itself, these areas have been carefully 25 :
ALDERSON REPORTING COMPANY, INC.
4
- 'm4 I
identified for the reader.
NMSS has no plans for future formal I
2 insider studies at this time.
However, given the dynamic nature 3
of this situation to suggest that a single study is complete and
(
4 represents a static situation -- that would be somewhat misleading g
5 I would like to emphasize that we have a continuing a
6 effort within the division to reevaluate information as it becomes R
E 7
available to us that would affect any determinations we have j
8 made with regard to this subject.
d c
9 I will now turn this over to Bob Burnett.
10 CEAIRMAN AHEARNE:
Bob, before you start, I would like j
11 to mention that if, during the briefing either covering your 3
g 12 study or the DOE study, if questions arise which would require
(
(
g 13,
getting into classified answers, what I will propose at that time,
=
i' 14 if you or whoever is doing the talking identifies that that will 2
15 I require getting into classified material, we will put off the Y
f 16 answers to those questions until the end.
d 17 l Then we can have a closed session to address those U
l 18 i issues.
r i
G 19 l MR. BURNETT:
All right.
Today, we are here to brief 20 on a follow-on effort to the generic adversary characteristic 21 study presented over a year ago.
The briefing today examines the 22 potential threat to license nuclear facilities from an insider 23 '
perspective.
24 This effort proved to be somewhat more difficult than j
e 25 ;
the external effort, simply because the finding of an ample data i
ALDERSON REPORTING COMPANY,INC.
4 4
9m5 I
base to work from, incidents that occurred in analogous environ-2 ments to the stringent and strong internal security that now 3
exists at nuclear facilities.
(
4 It is again important to point out as John did that the 5
study supports the earlier Commission assessments on insider 0
threat.
I would like to call your attention to an area of R
- E 7
particular interest at this point.
That being the number of 4!
0l individuals involved in an insider theft.
d 9 I The results of this study reveal that the number of 5
g 10 conspirators range from two to twenty.
Of course, the quantity
=
II of cases in the higher number are highly limited.
In this case, N
I2 to a single case of twenty.
=
l 13 l CHAIRMAN \\HEARNE:
What is the next highest?
i m
5 I4 '
MR. BURNETT:
That will come out in the study.
It E
.j 15 ranges.the complete gamut.
x 3i I6 l CHAIRMAN AHEARNE:
19?
w N
I7 MR. BURNETT:
I think the next one was 18, then 16.
E w
I 18 g
COMMISSIONER KENNEDY:
Each one is one case?
c8 3
l9 l MR. BURNETT:
We have data on that that will come out.
n 20 COMMISSIONER KENNEDY:
I was looking at tha chart.
1 2I MR. BURNETT:
Okay.
We believe the fact that the 22 conspiracies vary in number supports the Commission's position t'
i 1
23l that protection against an insider theft should not be tailored 24 l to a specific number, but rather should respond to the general i
25l range of conspirators.
l l
ALDERSON REPORTING COMPANY. INC.
5 4
'm6 I
Also, the Commission requested to be brought up to date l'
2 on the DOE effort to study the role of security clearances and 3
personnel reliability programs in protecting against insider
(
4 threat.
Although not completed, Mr. George Weisz, Director of 5
j the Office of Safeguards and Security is here to breif us on e]
6 that effort.
R b
7 I would like to emphasize at this point a discussion Al 8
in this area often leads to classified questions and responses.
d 9
Any reference to numbers associated with any government threat zo 10 is classified.
If you believe we will go that way, we would E
11 respectfully request to close the meeting and limit.it to a 3
g 12 need to know.
O 5
13 I do want to're-emphasize that, John, because I find I
'l 14 l
=
that it is very difficult.
Ej 15 CHAIRMAN AHEARNE:
I understand.
That is why I made x
j 16 the previous remark.
W N
'7 MR. BURNETT:
Here today is Ms. Sally Mullen and Mr.
N 1
M Iu John Davids.a, who performed the study.
I will now turn it over 1
l9 l to Sally.
20 (Slide. )
21 !
MS. MULLEN:
The three objectives of the insider study 22 are shown here.
Data used in fulfilling these objectives were l
23 derived primarily from case histories of insider crime, both 24 analogs and expert opinion from other studies.
l 25; (Slide.)
i l
l ALDERSON REPORTING COMPANY, INC.
o 6
fm7 1
May I have the next vu-graph please?
Because the number l
2 of nuclear events involving insiders are so few, we have relied 3
on an analog approach based on the assumption that a study of
(
4 analogs can provide insight.
g Except for seven nuclear events, all data and opinions 5
e
]
6 are derived from analogous bases and experience.
We began our R
7 analysis with just over 200 cases of theft and sabotage, but it M
j 8
became clear almost immediately that not all of them were good d
z, analogs.
So, we began an evaluation process to determine which C
9 o
10 were the best.
E h
11 Our criteria for making this determination was the 3
(
12 degree to which the safeguard systems in place at the time of the 5
13 crime, approximate the safeguards requried of nuclear licensees.
~
m i
g 14 1 This determination was not based on a measure for measure com-l j
15 parison of nuclear and non-nuclear asfeguard systems.
=
16 d
Rather, we used the general components of a nuclear
^
l 6
17 i safeguard system as a base-line, evlauated each case, and 18 assigned an arbitrary analog value based on the relative complete-5
{
19 ;
ness and rigor with which the analogous system was designed.
n 20 After applying of safeguard criteria to every case, 21 including the nuclear vents, we were left with 122 cases.
Of 22 these 122, 45 cases occurred in what we considered a strong safe-t 23,
guards environment, and were assigned an arbitrary analog value 24 of two.
25 '
The remaining 77 cases occurred in a weaker safeguards l
ALDERSON REPORTING COMPANY. INC,
7 e
$m8 I
environment, and were assigned an analog value of one.
These 2
analog values, two and one, are important to remember because 3
John and his portion of the briefing will be referring to them.
(.
4 So, analog value two is a stronger environment; analog one is 5
g a weaker safeguard environment.
Vu-graph, please?
a 6
(Slide.)
R 7
From these 122 cases, we extracted data on a variety s
8 of characteristics of the insider adversary and put them into d
d 9
the four categories shown here, position related.
For example, 5
i 0
10 screening the perpetrator was subjected to prior to employment 11 and the amount of time he had been employed by the facility prior D
Y I2 to committing the crime; behavioral characteristics, such as 3
f/
13 motivation and dedication.
o l
14 I should emphasize here that these are the most c
15 subjective the of the characteristics we analyzed.
More often j
16 than not, they were based on our interpretation and knowledge of j
d d
17 l a case rather than an investigative record that said motivation:
I 5
18 blank.
E 19 The third type of adversary characteristic was resource n
20 characteristics such as equipment used and whether it was 21 available at the site of the ctime or whether it had to be 22 brought into the facility.
(
23f Finally, operational tactics, including plant opera-24 tional characteristics, including tactics and planning.
Back to 25f vu-graph three, please.
I ALDERSON REPORTING COMPANY, INC.
im9 1
(Slide.)
2 To add perspective to all of the case history informa-3 tion, we sought e> pert opinion on the inside adversary, himself;
(,
4 how he can best be defeated, and how he can best be detected.
=
5 Next vu-graph, please.
h
]
6 (Slide.)
R 7
Befor I go into the data sources for the study, you 4l 8
should be aware of a few limitations that affected the scope of d
c 9
the effort and of the data base.
First, we limited our data
,2 h
10 gathering to theft and sabotage cases only, since these two E
11 types of crime are those that of most concern to the nuclear m
N 12 industry.
~
[-
y 13 Secondly, we included only domestic crimes, for two I
l 14 '
reasons.
First, the relevance of foreign adversary actions to g
15 the domestic nuclear industry is uncertain; second, we knew less
=
j 16 about safeguards systems abroad.
W N
17 l CHAIRMAN AHEARNE:
In your nuclear cases, did you not
$u 3
18 have one foreign?
P h
19 MS. MULLEN:
Yes.
One of which was the Bradwell theft, n
20 one was a computer facility in South Africa, and one was a large 21 scale diversion in a military installation in South Korea.
22
(
The sabotage data base is considerably smaller than 23 -
the theft data base, for two reasons.
First, more complete and 24 meaningful data could not be identified or would be available to 25 ;
us.
Second, we excluded acts that did not obstruct productivity, ALDERCON REPORTING COMPANY, INC.
9 Sm10 y
endanger lives, or create serious property destruction.
2 Vu-graph.
3 (Slide.)
(
4 The major sources of data for the study, both analog 5
a g
cases'and nuclear events fall into the first two categories N
6 shown here:
U.S. Government agencies and private industry.
We R
7
{
contacted 32 federal agencies in the D.C.
area, requesting both j
8 case history information and expert opinion.
d6 9
i These agencies fall into a number of categories inclu-og 10 g
ding investigative agencies, such as the FBI; Air. Force Office G
11 6
of Special Investigations; regulatory agencies such as the d
12 g
Drug Enforcement Administration; intelligence agencies such as
/
d 13 3
NSA and CIA.
Finally, production agencies such as the Bureau of E
14 d
Engraving and Printing; and the Bureau of the Mint.
k 2
15 g
In the private sector, we interviewed.59 security
?
16 experts representing 30 different types of industries throughout i
17 I w
the country that we deem analogous to the nuclear industry, be-I 5
18 cause they were dealing with protection of high value and/or 19 l
high risk material.
20 The types of industries are money handlers; for 21 example, banks, race tracks, insurance companies'; material handlers such as metallurgical companies, drug manufacturers j
(.-
23 and distributors, chemical manufacturers, aerospace industry; 24 and money and material transporters such as specialized i
25 'I commodity carriers, and armored transport companies.
ALDERSON REPORTING COMPANY, INC.
10
! mil.
1 We also interviewed 31 other experts, including state i
2 and local law enforcement officials, U.S. district attorneys, 3
and security consultants.
In keeping with the Commission's
(
4 directive, we made use of about a dozen government sponsored 5
and private studies; and reviewed as background a host of other 6l documents, reports, and articles.
R 7
In no instance, did we recreate a case base solely on Kl 8
media reporting.
Now, if you have no questions about how, what, d
9 9
and why we did it, I would like to introduce John Davidson, who zo 10 will present the results of our adversary characteristics j
11 analysis.
3
{
12 MR. DAVIDSON:
Slide, please.
<5 13 (Slide.)
/
g m
14 I'm going to present the results of our analysis as E
2 15 it pertains to these five subjects: characterize the typical 5
j 16 insider thief, typical insider saboteur.
Then we will compare m
d 17 j the characteristics of insiders operating in the stonger environ-5 18 ment with the weaker safeguards environment.
5" 19 We will compare the characteristics of the single thief R
20 ;
versus the conspirator.
Lastly, we will com, pare the character-21 istics of the insider according to the position he held within 22 the organization.
Slide, please.
b 23 (Slide. )
I 24 i We examined 112 cases of insider theft involving 237, l
25 i insiders.
70 percent of the teft cases involved a single insider.
i ALDERSON REPORTING COMPANY. INC.
11 4
Om12 1
10 percent involved two insiders.
20 percent of the theft cases 2
involved three or more insiders.
3 Typically, the insider thief was motivated by greed,
(
4 indebtedness, and financial inducement.
These money related 5
motivations accounted for 74 percent of all the identified moti-
=
5 3
6 l vations.
R 7
The next most frequently occurring motivations were K
j 8
drug use and abuse, and personal loyalty.
The largest percent-d y
9 age --
i g
10 COMMISSIONER KENNEDY:
Personal loyalty in what 3
R 11 respect?
b I
I2 MR. DAVIDSON:
Personal loyalty with respect co the 5
13 l boss.
=
i I4 COMMISSIONER KENNEDY:
You mean the boss was one of I
g 15 the conspirators?
=
d I6 l MR. DAVIDSON:
Yes.
The largest percentage, 38: percent d
i 17l of the insider thefts occurred'during the six to ten year period z
}
18 of employment.
The next largest percentage, 27 percent of the P
g" 19 crimes occurred in the three to five year period of employment.
20 About 19 percent of the insider thefts occurred during the first 21 two years.
22 Approximately 80 percent of the insider thieves planned 23l their crimes well or moderately well.
24 Next, we looked at the role of the insider.
We define p
i i
25l the role of the insider as being either overt of covert.
By ALDERSON REPORTING COMPANY, INC.
Gm13 I
overt, we mean that the insider was able to perpetrate the crime 2
in the presence of others without arousing suspicion.
By covert, 3
we mean that he was unable to perpetrate the crime in the
(
4 presence of others without arousing suspicion.
5 Approximately 2/3rds of the insiders relied on covert
]
6 activity.
Lastly, in 87 percent of the cases, the equipment R
7 necessary to commit the crime was available at the site of the 4
0 theft.
Slide, please, d
9 (Slide. )
h 10 Before looking at the typical inside saboteur, I would
=
II like to re-emphasize that the analysis is based on a small data m
f I2 base.
Therefore, our findings about the inside s:sboteur should 4
(' l 13 be viewed: one, as clues rather than conclusions about inside l
14 l saboteur behavior; and two, a limited characterization, not I
h 15 a specification of the inside saboteur threat.
x d
I6 CHAIRMAN AHEARNE:
You are drcwing a distinction, M
f I7 '
John, between the data base you have for theft and the data base E
3 18 you have for saboteurs.
C8 19 MR. DAVIDSON:
Yes.
20 COMMISSIONER HENDRIE:
The tneft cases were 100-what?
2I MR. DAVIDSON:
112.
22 CHAIRMAN AHEARNE:
So, you have only ten saboteur
(_
23 cases?
24 MR. DAVIDSON:
Ten analogous saboteur cases.
We iden-25 tified an additional saboteur cases.
We found that the charac-i
}
I ALDERSON REPORTING COMPANY, INC.
13 j
4
!ml4 teristics of the insiders in those cases was very similar to the 1
2 ten analogous cases.
The only analogous sabotage cases -- we 3
had ten.
(
4 Eight of the ten analogous sabotage cases were committed 5
by a single insider.
One case, Surry, involved a conspiracy of a
b
]
6 two insiders.
In one case,.in arson-for-hire, occurring at a 4
7 facility that was judged a weak safeguards environment, four s
j 8i insiders were involved.
do 9
No single ~ motivation dominated the inside saboteur, io 5
10 as was the case with the insider thief.
The combined motivations E
j 11 of psychological or personal problems, disgruntlement and 3
y 12 revenge accounted for 54 percent of the identified motivations 5
('
y 13 for the saboteurs.
m l
14 The next most frequently occurring motivations were i
C 15 '
greed, ideology, a desire for recognition, and drug use.
j 16 Approximately 2/3rds of the inside saboteurs committed their s
i 17 I crimes in the first two years of employment.
Another 30 percent 5
18 acted in the three to five year period of employment.
The E
19 'i levels of planning exhibited by the inside saboteur tended to be X
20 lower than for the inside thief.
21 About 1/3rd of the cases -- in about 1/3rd of the 22 cases, the saboteur's actions could be characterized as spur of
(
23,
the moment acts executed against targets of opportunity.
24 Next, the saboteur relied on covert action 88 percent 25l of the. time to commit his crime.
In comparison, the inside thief I
i i
n ALDERSON REPORTING COMPANY. INC.
14 4
I resorted to covert action 67 percent of the time.
- Lastly, 2
equipment necessary to commit the sabotage was usually available
'cnd tl 3
at the site of the crime.
Slide, please.
b[.;2 4
(Slide. )
Next, we compare the characteristics of insiders 5
e 3'
6 oparating in the stonger safeguards environment, the analog R
7 two cmms; with the insiders operating in a weaker safeguards 8l environment, the analog one cases.
O"
~.
More conspriacies were observed in the stronger safe-9 10 { guards environment.
In 39 percent of the cases occurring in
=
II a strong environment, a conspiracy was formed.
While this a
Y I2 figure compares twith 23 precent of the cases in the weaker o
/
a 5
13 environment.
=
l 14 I More reliace was placed on non-routine access and
$[
15 covert action.
By non-routine action, we mean that the insider i
g 16 l circumvented or violated some type of access control, or gained W
l I7 access to the target that was not part of his normal job routine s
IO or duties.
=
8 i
I9 l In the stonger safeguards environment, 24 percent of g
20 the insiders resorted to non-routine access.
Half as many 2I insiders, 12 percent in the weaker environment used non-routine 22 51 percent of the crimes occurring in the strong environ-access.
(
23 l ment were committed in the six to ten year period.
Only 25 per-24l cent of the crimes occurring in the weaker environment were t
25 ;
committed in the same time period.
i
.i ALDERSON REPORTING COMPANY, INC.
I
15 fm16 I
Another way to look at it, in the first five years of l'
\\
n employment, 60 percent of the crimes in the weak environmenc 3
occurred while only 33 percent of the crimes in the stonger
(
4 environment were committed.
5 Lastly, in the stonger safeguards environment, 8 percent j
6 of the insiders were coerced or induced.
No insiders were R
b 7
unwitting participanto in the crime.
In the weaker environment, a
k 8
28 percent of the insiders were coerced or incuded, and 7 percent d
9'
]
were unwitting participants.
Slide, please.
o 10 (Slide.)
E
=
4 II Next, we compared selected characteristics of the single m
Y I2 thief versus the censpiracy.
We will examine each of these 5
13
/
- a characteristics in turn:
type of crime, target cont:fol, access,,
l 14 length of service, motiva' tion, role, and tactics.
Slide, please.
$.15 '
(Slide. )
=
a[
16 !
The single theif more often targetted money and us I7 information than the conspiracy.
The conspirators wanted to
=
IO steal material, and in most instances, once they got the material, i
E I
19 the turn around and fenced it for money.
g 20 !
Also, individuals higher in a facility's organizational 2I structure tended to act alone, while the operational types tended 22 to conspire more often.
23 !
The single thief relied primarily on routine access.
24 f This may be a reflection of the managerial involvement.
Conspi-25 racies, while using routine access, resorted to non-routine i
l ALDERSON REPORTING COMPANY, INC.
16
- m17 I
access more often to commit the crime.
Slide, please.
t 2
(Slide. )
3 Looking at length of service and motivation, over 30
(
4 percent of the crimes involving a single thief occurred in the a
5 first two years.
Conspiracies, less than 2 percent rarely 5
6 observed in the first two years.
R 7
In the six to ten year time period, 20 percent of the j
8 single insider crimes occurred, and over half of the conspiracy d
c}
9 crimes occurred.
z h
10 For motivations, the single thief was less often motiva-E j
11 ted by the desire for money.
The conspirators did want to get 3
y 12 money.
10 percent of the motivations for the single thief 3
J 13 fall within revenge, disgruntlement, psychological problems, r
g m
14 game playing, ideology, sex and marital problems.
y 15 No conspirators were motivated by revenge, disgruntle-x d
16 l ment, and so forth.
A i
6 17 j CHAIRMAN AHEARNE:
When you say crimes rarely occurred N
{
18 l in the first two years, your conspiracy, by definition, you c
19 have more than one person.
Are you saying in that that none 8
R l
20 of the people involved, or very few, almost never were there just 21 a few years?
22 MR. DAVIDSON:
Right.
Most of the conspirators were
{-
t 23 '
in there longer than two years.
24 CHAIRMAN AHEARNE:
All right.
That would sort of --
25!
usually, unless they came as a group, it would almost be neces-l l
i-ALDERSON REPORTING COMPANY, INC.
17 Em18 1
sary, wouldn't it, so they could gete.to know each other?
2 MR. DAVIDSON:
Exactly.
Slide, please.
3 (Slide.)
(
4 The single thief relied primarily on covert activity, g
while conspiracies also relied primarily on covert activity, 5
n 3
6 more overt activity was observed in conspiratorial crimes than R
- E 7
in the single thief crimes.
2 8
Lastly, tactics.
The single thief --
dd 9
COMMISSIONER KENNEDY:
How do you define overt activity?
i 10 MR. DAVIDSON:
Overt activity is some activity that i
ll the insider could perform in the commission of a crime and not I
12 arouse suspicion.
You have a --
5
(
g 13 COMMISSIONER KENNEDY:
Okay.
8 i
f 14 MR. DAVIDSON:
The most frequently used tactics by 9
15 the single thief were falsified documents and document manipula-
,2
=
j 16 tion, guile, ruse, deceit, surreptitious removal, and abuse of d
I N
17 l trust.
N i
I
-w 18 The tactics used by the conspirator was very simi-E6 19 larly to the tactics used by the single thief.
g l
20 Next, we examine the characteristics according to the 21 type of target control held by the insider.
By target control, 22 we mean the level of organizational control exercised by the
,(,
23 '
insider over the theft of sabotage target.
We identified three i
24 levels of target control.
At the top --
25,
CHAIRMAN AHEARNE:
You need a new slide.
I ALDERSON REPORTING COMPANY, INC.
18 fm19 MR. DAVIDSON:
Yes, sir.
At the top is the policy j
/
maker /manader.
This insider is responsible for. determining or 2
implementing policy at the victim plant or facility.
He is 3
usually a supervisor over the target activity or site.
Could I
(
4 e
5 have the next slide please?
5 (Slide.)
8 6
e 7
Next, we have the operational type.
This insider is a non-supervisory line functionary whose job routine brings him 8
into contact with the target.
Lastly, we have the insider who 9
z h
10 exercises no organizational control over the target.
This is the z
no target control type of insider.
The operationul and policy j
jj b
maker / manager insiders relied on routine access to the target, J
12 3
- 94. percent and 80 percent of the time respectively.
7' 2
13
~
m a
The no target control trype used routine access only E
14 a
b 15 17 percent of the time, and relied exclusively on covert action.
U Policy m~aker/ manager more often used falsified documents and T
16 D
A g
j7 document manipulation, while the operational and no target a
b 18 control types relied to a much greater extent on surreptitious
=
5 activity, guile, ruse, and deciet.
Slide, please.
39 8n (Slide.)
20 While most insiders were self-initiated to commit 21 the crime, the operational type was coerced or induced 22 percent 22 f the time to commit the crime.
The policy maker / manager was 23 '
coerced or induced 11 percent of the time.
The no target control 24 i
L i
type was never induced, coerced, or an unwitting participant.
25 l
ALDERSON REPORTING COMPANY, INC.
19
- m20 1
Lastly, 72 percent of the policy makers / managers 2
planned their crimes well.
Approximately 44 percent of the 3
operational types planned their crimes well.
Only about 4 percent
(
4 of the no target control types planned their crimes thoroughly
=
5 and with precision.
E 3
6 This concludes my portion of the briefing.
Are there R
\\
R 7
questions?
}
8 CHAIRMAN AHEARNE:
No.
Thank you, John.
d d
9 MS. MULLEN:
This last portion of the briefing, I will i
h 10 be discussing security system vulnerabilities to the insider E
j 11 method as to detecting insider crime and preventing insider 3
g 12 crime.
May I have the first vu-graph please?
('
13 (Slide. )
u l
14 l For nearly every case in the data base, we identified 9
15 one or more generic weaknesses in the security system that j
16,
rendered it vulnerable to the insider adversary.
The five m
f 17,
vulnerabilities shown here are the ones that most frequently l
18 '
accounted for the success of the crimes we analyzed, and were 5
{
19 most often cited by government industry experts.
I think they n
20 are fairly self-explanatory, but I would like to say a couple i
21 of words about the last two bullets on the vu-graph.
22 Personnel security deficiencies, as we define them,
(-
1 23 !
include inadequate screening, insufficient behavioral observation, I
24 and poor management-employee relations.
25!
These three deficiencies contributed to the success of i
.I I
ALDERSON REPORTING COMPANY. INC.
20 Im21 y
about 15 percent of the test cases.
COMMISSIONER KENNEDY:
15 or 50?
3 MS. MULLEN:
15, but about 72 percent of the sabotage 4
cases.
I may give you an example or two just to elucidate.
We 5
had a case in which an armored transport company had hired a 3
0 truck guard.
R 8
7 7
He was undergoing a pre-employment screening check.
n k
0 Prior to the completion of that check, they allowed this man to d
I act as a custodian on an armored transport truck.
After he and h
10 his outside accomplice relieved the truck of about $250,000 worth z=
fII of its contents, they discovered he had a history a yard long h
12 of armed robbery.
S 13 I
(
j In the area of insufficient behavioral observation, we I4 had a case in which a sailor committed arson against a U.S.
2 15 air craft carrier in Norfolk.
The sailor was acting during an wx LSD flashback when he set fire to the ship.
It created S7 1/2 I
million worth of damage.
z i
18 When he was tried, it was determined not only was he a g"
19 drug user, but he was a drug seller.
He was selling LSD and 20 mescaline to his fellow sailors aboard ship.
21 Perhaps, if his supervisors had been a bit more obser-22
(
vant, they would have prevented that catastrophe.
23 CHAIRMAN AHEARNE:
Sally, one question.
You say 72 24 percent of the sabotage cases relate to personnel security 25l deficiencies.
I i
i j
ALDERSON REPORTING COMPANY, INC.
21
'fm22 I
MS. MULLEN:
Correct.
2 CHAIRMAN AHEARNE:
But you only have ten cases.
3 MS. MULLEN:
Right.
As John mentioned, i't is not a
(..
4 great data base.
=
5 CHAIRMAN AHEARNE:
It was the two that was bothering h
j 6
me.
R 7
(Laughter.)
Kl 8
MS. MULLEN:
Let me explain.
In addition to the ten dc 9
cases that rated an analog value of either two or one, we
,z h
10 incorporated for analytical purposes because in ten cases, there E
11 is not much to work with, u
f 12 Those additional 18 that John mentioned earlier, which, 3
13 while the safeguard systems in which they took place were not
(
5u l
14 l analogous, not sufficiently analogous to meet our criteria, the g
15 characteristics of the crime itself, and of the perpetrators a
d 16 did not vary from what we discove ed among the ten " analogous w
y 17 :
case."
{
18 Therefore, we are talking about 28 cases.
C8 19 CHAIRMAN AHEARNE:
I see.
All right.
20 MS. MULLEN:
Not just one of these vulnerabilities 21 were observed in every case.
There was usually at least two.
22
(
Okay.- For the last bullet, as opposed to improper use of exis-23 ting safeguards, procedures, and hardware, this last vulnerability 24 refers to deficiencies insafeguard system design.
25l The very inclusion of the case in our data base i
ALDERSON REPORTING COMPANY, INC.
22 1
implies a moderate to high degree of analogy to nuclear safe-m23 2
guards, but victimized facilities were occasionally rendered 3
vulnerable to insider crime, especially theft from want of just
(_
4 one or two safeguards measures.
=
5 Once again, an example might help.
We had a case in H
6 a drug manufacturing firm in which three employees were in
-k7 conspiracy to steal controlled substances,' about $250,000 worth, T.l 8
as a matter of fact.
Two of the conspirators worked in the d
d 9
controlled area packaging capsules.
At the end of their shift, 2'
h 10 they deposited some capsules in a cannister and put it aside.
I j
11 On the next shift, the conspirator, the co-conspirator, a
p 12 as a matter of fact, a son of one o'f the cther ones who was a x
1 3
('
13 janitor, entered the control area to clean up, took the cannister, 5"
l 14 put it in his vacuum cleaner, vacuumed the area and left.
1 2
15 There was no search of janitorial equipment.
Had there a
j 16 been, this diversion may have been detected more quickly, any-w I
17 i way.
The next vu-graph, please.
W l
E 18 l (Slide.)
.nd t2m E
- gn t3" 19 For each case in the data base, we tried to identify R
i 20 them in detection of the crime.
We are focussing here on the 21 initial means by which the crime was detected, not determination 22 of culpability, and categorize each method into as either related 23,
to or unrelated to security systems.
24 For example, an internal audit that detects a fraud
\\
l 25 ;
or embezzlement would clearly be related to site security; where-l l
ALDERSON REPORTING COMPANY, INC.
23 O'24 1
as a customer complaining about an abnormality in the sn pment of f
2 durgs would not be related to site security.
We derive several I
3 implications about the -- the role played by insiders is quite
(
4 significant in our data base.
5 For example, employees sometimes observed the crime j
6 in the act and reported it.
Sometimes they became aware of 7
something being just out of the ordinary or some suspicious Xl 8
behavior and reported it.
dd 9
Occasionally, they tipped off security anonymously.
10 In any event, it aapears that employees can enhance the detection 3l 11 capability of a facility and should be ancouraged to do so by U
g 12 management and security; perhaps by means of an intenseive secu-5
. I..
5 13 rity program or perhaps by means of an anonymous informant pro-i l
14 gram.
l 15 Quite a few diversion type crimes, especially thefts a
d of money, were detected while the perpetrator was absent from 16 as 6
17 the job, presumably because during his absence, he was unable to E
{
18 affect the cover-ups necessary for continuation of the crime.
s 1
19 During the course of the study, we discovered that 20 many banks require all amployees to take a continuous two-week 21 vacation once a year, during which time facility access is 22 temporarily denied.
b 23!
Quite a number of fraud and embezzlement schemes have
- l l
24 '
turned up during these mandatory vacations, perhaps it is some-25l thing our fuel cycle facilities would want to consider. Internal I
ALDERSON REPORTING COMPANY, INC.
24
!m25 1
audit of inventories were quite successful at detecting theft and 2
internal inspection by operational personnel were very effectiv'e 3
at detecting sabotage.
(.
4 According to the security experts we interviewed, when a
5 such strategies are unannounced, randomly conducted and more bj 6
frequently executed, they have proven even more effective in R
7 detecting insider crime.
%j 8
Outsider awareness refers to situations in which a d
d 9
non-employee reports an abnormality to law enforcement officials, i
h 10 or to the targetted facility.
As an example, we had a case in E
l 11 which an employee of a metallurgical company had been diverting u
(
12 small amounts of fine gold wire used in making micro-circuitry
=
( !
13 boards from the facility.
~
l s
i l
14 '
When she had acquired a sufficient amount in her 2
15 judgment, she melted it into a nugget and attempted to sell it w
l s
f 16 to a local jeweler.
Tt.is jeweler assayed the material before A
g 17 buying it, discovered it was almost pure gold, which is unusual.
w 1
s 5
18 He also knew that a number of the companies in the area used G
19 that high quality gold.
He called them until he was able to
)
X 20 match the name of the woman attempting to sell him the nugget, 21 and went to the employer.
That was the initial means by which 22 the crime was detected.
23 l Outsider awareness accounted for detection in over ten
.24 percent of the theft cases and suggests some implications for 25l the nuclear industry.
For. example, the customers ut our fuel ALDERSON REPORTING COMPANY, INC.
25 m26 1
cycle facilities and transportation licensees may help in insider 2
crime detection by being alert to any abnormalities associated 3
with shipments of the contents.
(
4 This would apply to university and test reactors, as e
5 well as to the Department of Energy.
It also argues in favor of b
6 strong working relationships between licensees and local law 7
enforcement agencies, since such relationships can provide the Al 8
channel for an outsider to report any abnormality or impropriety dd 9
he is aware of.
z h
10 One of our interviewees, a corporate security director j
11 of automobile manufacturing company, put it rather neatly in U
l 12 terms of -- as far as detection is concerned.
Certainty of 4
( j 13 detection is the best deterrent.
l 14 A study I will talk about in a few minutes done at 15 the University of Minnesota, shoved that companies where f
16 employees thought there was a significant probability of being w
i 17 j caught if they. stole, less theft was found.
Vu-graph, please.
18 (Slide. )
G 19 In assessing prevention and effectiveness, we looked at 20 a number of different techniques now in use in industry and 21 governmentm relying heavily on expert opinion and owner studies.
22 Based on this information and on some empirical data from our A
23 cases, we derived some implications about the strategies shown.
24 As for screening, our data suggests that it is an 25l effective theft control strategy.
Most of the experts we inter-ALDERSON REPORTING COMPANY, INC.
j 26 j
'm27 1
viewed strongly advocated its use.
Its effectiveness arises from 2
several factors.
First, it is generally accepted that a poten-3 tial adversary may be deterred from even applying for a job at
(
4 a facility that employs good screening.
=
5 Secondly, it. conveys to prospective employees as well as to bj 6
those that were eventually hired that the organization is R
7 concerned with assuring a btgh degree of integrity among the Mj 8
work force.
Third, good screening appenrs to correlate with d
9 reduced conspiracy formation.
10 How far the insider th2Ves in our data base who E
j 11 underwent good screening, that is screening based on a full u
g 12 I field background investigation or its equivalent, about 60 percent 3
13 act alone, 40 percent acted in conspiracy with other insiders.
(
g a
l 14 May I have the next vu-graph, please?
Y (Slide. )
2 15 l U
d This table, representing what I just mentioned, also 16 w
d 17 suggests that screening must be good to make a difference.
For E
5 18 any level of screening less.than good, as we defined it, the 5"
19 results are nearly the same.
More conspiracy formation.
I 20 COMMISSIONER KENNEDY:
How did you define " good"?
21 MS. MULLEN:
We defined good as the full field back-22 ground investigation, as the government conducts it or its s
23 !
equivalent in the private industry; which admittedly is usually 24 not quite as stringent, but as close as industry can ccme to it.
25f CHAIRMAN AHEARNE:
I have a little difficulty with the i
i t
I ALDERSON REPORTING COMPANY, INC.
27
!m28 1
caption:
Screening versus insider group size.
2 MS. MULLEN:
Well, I will tell you.
This vu-graph 3
has been changed so many times, I think we just -- what this
(
4 means is that given that the screening level was --
5 CHAIRMAN AHEARNE:
The two columns, I think I under-l 6
stand.
It is the insider group size.
7 MS. MULLEN:
That was our term for the number of X
j 8
insiders involved in a crime.
d d
9 CHAIRMAN AHEARNE:
Right, but that does not seem to i
h 10 be versus.
E MS. MULLEN:
Originally, we had a column that said '
l 11 u
y 12 insider group size, one insider, two insiders, more than two 5
(
5 13 insiders.
It has been changed many times.
u 3
14 CHA?# NAN AHEARNE:
I see.
2 15 MS. MULLEN:
It is not very reflective.
U 16 CHAIRMAN AHEARNE:
This is really screening versus d
vi g
17 the probability of theft, conspiracy.
5 18 MS. MULLEN:
Yes.
What this is is that of all the 5
19 insiders in our data base who underwent good screening, only R
20 39 percent of the time were they involved in conspiracy.
This 21 was the actual percentage of time that they were involved in 22 conspiracy.
7 w
23 ;
That, thet, we estimate that the probability of an 24 even larger data baca would be about the same, about 60/40;
's 25[
whereas, you can see on any of these lesser level, including
_ ALDERSON REPORTI,NG COMPANY, INC.,
i
28
'm29 1
none, there is exactly the opposite proportion, and no difference 2
among them, or very little difference among them.
3 CHAIRMA" AHEARNE:
Do you have a similar chart for
(
4 screening level versus probability of theft?
=
5 MS. MULLEN:
Screening level -- this is theft.
5
]
6 CHAIRMAN AHEARNE:
This is probability of conspiracy.
R d
7 MS. MULLEN:
Okay.
X 8
CHAIRMAN AHEARNE:
In other words --
d
~
d 9
MS. MULLEN:
No we don't have, no.
10 MR. BURNETT:
Could we derive that from our data i
11 base?
D f
11 MS. MULLEN:
No, because we don't have the overall
(
13 population of insiders.
I don't think we could do it without j
l 14 that.
All of these people actually committed theft.
15 CHAIRMAN AHEARNE:
I notice.
g 16 MS. MULLEN:
Am I missing something?
us 17 CHAIRMAN AHEARNE:
I was asking the question.
I did E
18 not know how much additional data you might have.
O 19 MS. MULLEN:
Oh, I see.
No, we do not have information 20 on the entire population of insiders in every facility from which nd t3 21 a case was derived.
c g
22 23 24 s
25 ALDERSON REPORTING COMPANY. INC.
i
NRC,
29 POrkcr 6-19-80 Tcp3 4 1
This, by the way, represents 169 insiders.
In addition COnnolly 2
to these findings -- may I have the other vu-graph back, please?
3 (Slide.)
(
4 In addition to these data findings, the study of a
5 employees conducted by the University of Minnesota revealed a El 6
etrong correlation between employee screening and reduced rates R
7 of theft.
In this study nearl.y 5,000 employees of 35 firms in the a
j 8
Minneapolis area responded anonymously to a questionnaire about d
d 9
theft in the workplace, including:
Have you ever stolen from your i
h 10 employer?
Are you now stealing?
And so forth.
z3 g
11 The personnel officers of each company were interviewed u
g 12 to determine company screening policy and theft rates.
In general, s
13 the companies that most thoroughly investigated both occupational 5
(,
uj 14 and personal history characteristics, potential employees tended 5'
2 15 to nave lower thef t rates than companies whose investigations were f
16 more cursory.
a 6
17 l This study is of particular interest because it does 5
18 incorporate thefts admitted by employees but never detected by E*
19 their employers.
20 With respect to government clearances which would assure 21 that a good level of screening as we defined it for the study 22 at least, we found the following:
a) clearance cannot be expected 23, to provide full assurance of future trustworthiness because any 24 l number of factors, can impair stability and reliability af ter hire.
I 25 It can, however, reduce the likelihood of infiltration by criminal l
ALDERSON REPORTING COMPANY, INC.
c2 30 j
or terrorist elaments and lessen the chances th'.t a f acility will 2
be -- hire persons who misrepresent their d.dentities or backgrounds 3
or persons with histories of relative criminality or emotional in-([
4 stability.
e 5
I might add that several of our interviewees whose compan -
b
]
6 ies are under contract to the federal government remarked that Rg 7
government clearances offer a greater assurance of successful X
j 8
screening than privately conducted investigations which are con-dd 9
strained by state laws.
They seem to got a warm feeling knowing i
h 10 that the government was taking care of their clearances for them.
3 5
ij To be effective, a clearance program should be based on
<U d
12 relatively fine and applicable criteria.
All of the motivations E
we used in the study are based on government criteria.
Behavioral 13
(
3u g
14 observations such as used in the Department of Defense and by the 2
15 Department of Energy appear to pick up where screening leaves up D.-
16 by providing a post-employment means of recognizing and dealing W
g 17 with instability in employees.
E l
5 18 l By so doing, behavioral observation can increase employee c*
19 reliability after hire, but for such a program to be effective, R
20 three elements seem to be necessary.
First, employees' baseline 21 stable behavior should be identified at the time of hire for 22 comparison at a later time.
N i
23 l Second, supervisory personnel must be properly trained 24 to recognize aberrant behavior.
And third, criteria for determining 25l unreliability should be unambiguous and equitably applied.
i i
i ALDERSON REPORTING COMPANY, INC.
e3 31 1
Less information was available to us on the subject of 2
Psychological evaluations.
Many industries do not employ this 3
technique because of Privacy Act considerations.
However, the 4
technique is widely used in the intelligence community and in major
(
5 police departments and is incorporated in the personal assurance 5
6 program in the Department of Energy.
R 7
Generally we concluded psychological assessments can be X
j 8
an effective adjunct to screening and behavioral observation if dd 9
they are designed and evaluated by professionals.
Great care must i
h 10 be taken to prevent their misuse and to mitigate the potentially 3j 11l demoralizing impact on personnel.
12 l j
We then found that the use of any of these techniques we 13 have just described does not obviate the need for strict procedural
(
5 l
14 controls, because employee malevolence is largely controlled by 2
15 the operational management and the quality of the safeguard system; f
16 that is, the degree to which employees are afforded the opportunity w
g 17 and knowledge needed to commit theft and sabotage, and the degree N
E 18 to which the environment discourages and detects theft and 5"
19 s abotage.
20 Good rapport between management, security and employees 21 is a crucial aspect of good security according to most of the 22 experts we interviewed.
They believe strongly that management
(
23 should undertake an agg.assive effort to improve relations with 24 the work force, provide support and direction to their security 25 elements, and foster in their employees an informed, healtny ALDERSON REPORTING COMPANY, INC.
- =, - -
If8 e 4' j
attitude toward security, primarily through a thorough security 2
educational program.
3 On the subj ect of management-security relations, we
(
4 found that a security organization that is treated as a non-profit-e 5
making but necessary evil by management is likely to be a weak 5
6 one, because this corporate attitude inevitably permeates the Rg 7
rank and file.
A j
8 We also found that the most effective security force is dd 9
one that is allowed to operate with some degree of independence of z
h 10 operational management.
z h
11
~
Internal inspections we found to be a good means of U
g 12 detecting sabotage.
They are also, it seems, quite successful at x
(^
2 13 preventing an attempted sabotage from reaching culmination.
5 l
14 Internal inspections accounted for most of the cases in 2
15 which an act of sabotage was discovered in time to avoid serious 5
f 16 damage.
Por example, we had several cases of aircraft and ship W
4 y
17 j sabotage in which the actual act had taken place, the cutting s
5 18 of the wires or the fouling up of the gears.
During a pre-deploy-
~
l 19 < ment inspection check these things were discovered.
R 20 Our final finding about security is an integrated safe-21 guards program, supported by management:and applied uniformly to 22 l all personnel, including the safeguards staff itself, this integrity
(
l 23 '
is vital to nuclear security.
24 That concludes the briefing.
If you have any questions, s
25 I would be happy.to field them.
4
-i i
^
l ALDERSON REPORTING COMPANY, INC.
.: 5 33 j!
CHAIRMAN AHEARNE:
Were you going to go on to DOE?
2 MR. BURNETT:
Yes, sir.
We can go on to DOE at this 3
time.
(
4 COMMISSIONER HENL21E:
Before you move on, I think your a
5 conclusion -- perhaps you could elaborate a little on it -- was E
6 that generally speaking, the level of security requirements now --
7 that we are now implementing is adequate in view of therresQ1ts 8
of the study, and as I understand it, you are not recommending do 9
at least any notable changes in those requirements.
i h
10 MR. BURNETT:
I could expand on that a little bit.
3l 11 Remember, we did analogous cases, not exactly the same.
We did a
d 12 not find cases that were exactly the.same.
The degree of internal 3
Protection that we now require is very high.
We have the two-man 13 5
E 14 rule.
If you remember in the dissertation, the two-man rule and a
h I
i 15 exit searches, though not referred to directly, had a strong effect f
16, on the conspiracy and whether it was successful or not.
- Also, w
d 17 we do require strong liaison with the LEAA.
5 18 We also are evaluating our facilities from a black hat E*
8 19 l principle.
We are now identifying security deficiencies which l
20l were another major problem.
21 I Also, when the system is not employed regularly and 1
22 l things are allowed to change from day to day, that is exploited 23l by the opposition.
Our inspection program assures a more rigorous 24 l adherence to those programs, i
25 Also, we do have integrated security, management and i
ALDERSON REPORTING COMPANY, INC.
34 cc 6' 1
CPerations.
We require that security groups be represented at a 2
high~ level while yet maintaining an independent status in reporting 3
to that high level.
So it was the staff's opinion that looking
(
4 at the numbers, the numbers, that 20 percent involved three or a
5 more was both analog one and both analog two where only analog 5
6 two is most analogous to our situation, although not equal.
I Rg 7
guess we are looking at it in balance.
A]
8 Although we want to assess some of the findings of this, dn 9
the importance of the clearance, which people should have that i
h 10 l extra level of security, like maybe the guards, we have instituted El 11 a study in that area.
As you know, the DOE program already require 5 D
d 12 clearances at the mixed f acilities.
Should we have at least that E
13 l at the private facilities that have access to material?
That has ad i
(
j l
14 been recommended to the Commission already.
2 15 l So guess to sum it up, much of what she found we alread'r g
16 ! have in place, and the area that is new, maybe looking MC&A when w
i y
17 l the people are off, when there is not a chance of covering tracks, N
18 we are exploring.
We do not have a firm finding on that.
I think E*
19 we have a very firm position.
I think we have a very good report R
20 to sustain our position.
21 No immediate action is required, and we will coatinue 22 to look at it, look at new data and come back to the Commission
!(
23 with increases that we think are necessary.
24 CHAIRMAN AHEARNE:
Sally, John, thank you very much.
Very 25 ; good.
i i
ALDERSON REPORTING COMPANY. INC.
35
.c 7 1
MR. BURNETT:
Mr. George Weisz, Director of Safeguard
(
2 Security, DOE.
3 CHAIRMAN AHEARNE:
Good morning.
{
4 MR. WEISZ:
This is my first appearance'here since I've e
5 been at DOE, and I want to note that.
It is a pleasure to be here hj 6
this morning.
R 7
I want to restrict my comments, at least initially, to Al 8
the Battelle study which we commissioned about two years ago, and d
d 9
flowing from that there are a number of conclusions that we have Y
10 made.
I have with me Marty Dowd, who is the Director of Division El 11 of Security in my office, and Dr. Joe Tinney, who is the Director D
y 12 of Division of Pharmacy and Analysis.
Individually and together l
13 l they will bail me out if we get into any depth that I cannot
(
o l
14 answer, but feel free to ask any questions during my statement, C
15 which I would like to introduce for the record, and afterwards I f
16 believe it would be helpful if I read a brief statement for the w
y 17 i record concerning the study which had the title, "The Role of 5
5 18 Security Clearances and Personnel Reliability Programs in Protect-
=H" 19 ing Against Insider Threats."
R 20 This study and its relationship to a broader DOE review 21 of measures to defer potential adversaries or influence their 22 actions by denying sanctioned access to malevolence or detecting
(
23 i those employees who have decided to undertake criminal activities.
i i
24l And so that is the topic that I am going to address.
d 25i
'2he objective of the Battelle study was to conduct a i
ALDERSON REPORTING COMPANY. INC.
i
te 8 I
selective review of historical data on employee clearance and i /
2 reliability programs within the government and private sectors.
3 Particular attention was given to examining the rationale for
{
4 clearance and analyzing the structure and effecuiveness of selected 5
existing clearance procedures.
j 6
An important sub-objective was to determine the extent E
7 to which clearance procedures as presently used in government and 2
g 8
private industry are adaptable to the task of assessing insider d
ei 9
threats.
This :is but one of a number of ar-tivities designed to 2'
h 10 give us a better understanding of what actions we should take to El 11 minimize the threats from potential insider adversaries.
u j
12 I might note that perhaps the terms of reference for
=
13 this study tying the clearance program to the insider threat was l
14 not a happy one.
The clearance program was developed, at least in
$i 2
15 the nuclear world in this country, curing the AEC days, and in E
f 16 many of its manifestations it is.still the old clearance system, ei i
17 whereas the insider threat is a perception of potential malevolence 18 to nuclear weapons and nuclear materials.
E" 19 It is of relatively recent vintage, and a considerable X
20 amount of attention has been paid to the insider threat, but it 21 is only recently that we and our colleagues in the NRC, the NRC 22 staff have begun to address this topic in, hopefully, a scientific
(
23 and trethodical fashion.
.24 The data sources that were utilized in this study are l
25l listed in the reference section of the Battelle report.
Copies of i
l 1
ALDERSON REPORTING COMPANY, INC.
. ~.
37 c9 this bibliography are being provided you with this statement which 1
we will distribute at the end of our presentation.
In addition, information concerning the ongoing DOE clearance program was also 3
obtained through conversations with DOE security personnel at
()
headquarters and in the field.
5 In the early stages of the study a greater than antici-l 6
g pated amount of time was spent in reviewing the objective, scope 7
g and procedures of current DOE security clearance and personnel l
8 d
assurance program.
6 9
]
In DOE the program governing the access to weapons,2for 8
10 example -- that is from a safety point of view -- is called the g
11 D
Personngl Assurance Program.
In the Department of Defense a
(
12 y
similar program is referred to as the Personnel Reliability Program
{~
5 13 But essentially, the two concepts are synonymous.
As a result, j
14 all relevant parts of these programs were not addressed or consider-t 2
15 s
ed during the study.
g 16 d
For example, the report did not address the inherent i
17 !
U I deterrence value of the clearance process, and I will say more 18
~
g about this later.
However, it is our view that this process has 19 a very definite deterrence value.
For example, individuals who 20 have information of a substantial derogatory nature in their back-ground may be reluctant to apply foe a position which requires a i
DOE clearance.
23 '
We know, for example, in some areas where there are a 24
/
k-number of industries and corporations doing generally the same kind 25,j i
- ALDERSON REPORTING COMPANY, INC.
38 c 10 I
of work that the unions do not refer to the DOE contractors 2
individuals in cases where an individual worker may have something 3
in his background which is de::ogatory or which potentially might
{
preclude him getting a clearance --
4 5
COMMISSIONER KENNEDY:
The unions make this kind of a j
6 differentiation?
g b
7 MR. WEISZ:
In some cases.
Obviously an individual --
K j
8 it should be noted that the statistics in the Battelle study d
I reflect only those cases which pro;.eeded as f ar as a Personnel 10 Security Board hearing and adr inistrative review processing under
=
f, II provisions of 10 CFR Part 710.
u fI The limited data available to us indicates that approxi-3 13
(
{
mately 30 percent of the background investigations reflect some E
14 g
derogatory information and that currently about 20 percent would h:
g 15 reflect substantially derogatory information.
=:
f I0 Iy One of our operations officers recently noticed a f
II I marked increase in the number of cases containing substantially
'e II derogatory information, and one of the other officers has had to
=
19 l 8
i conduct interviews recentiv in about 20 percent af the cases; 20l n
that is, after the FBI or Office of Personnel Management investigates 21 an individual and submits its findings to the DOE -- and we have 2
g decentralized these programs to the field offices by and large --
s 23 '. then it is up to the analysis section of our field office, Office 24 liof Security and Safeguards, to analyze the information.
And it 25 is during the analysis that in 20 percent of the cases some i
l l
ALDERSON REPORTING COMPANY, INC.
gy c 11,
I derogatory information is found.
2 That individual is called in for an interview under the 3
aegis of due process to give the individual a chance to explain 4
why certain information has been developed, and gives the individual
(}
=
5 a chance to explain.
And in many cases the information the indi-E
]
6 vidual supplies satisfies the analyst and the office, and the 7
clearance is granted.
M]
8 Since statistics are not available which reflect the d
d 9
number of individuals who withdraw from the clearance process after i
h 10 being notified that they will be interviewed or withdraw after the 5
5 11 interview or withdraw after receiving a notification letter telling y
12 them that a hearing has been scheduled, a numerical or statistical 5
13 evaluation of the effectiveness of the process in deterring potential l
14 adversaries is of questionable value.
E 2
15 These factors must be considered in any analysis of the f
16 value of the clearance process.
It is not my intention here to M
l 17 l bury the Battelle study, but it is a fact that the study went only 5
5 18 so f ar and did not draw certain conclusions and inferences.
Eb 19 One of the vulnerabilities of the study is it did not R
20 focus on the deterrent value of the screening process or the 21 clearance process.
In addition, the personnel clearance and reli-22 ability programs were evaluated apart from the context or environ-(
23 ' ment in which they operate as a component of our overall safeguards i
l 24 l and security system.
Of course, these programs cannot and should k
25l not be relied on to provide complete assurance in deterring or i
I ALDERSON REPORTING COMPANY. INC.
40 4
1 detecting insider threats, just as no other component of the t
2 total system if removed from the system and evaluated on its own 3
can be, expected to be completely effective.
{
4 While many safeguards and security features are necessary
=
5 in a system, none by itself may be viewed as sufficient.
But on H
]
6 the other hand, each component of the system must have an objective 7
and must fulfill that objective.
But it is the totality of the 8
product from each and every one of the components of a safeguards d
ed 4 d 9
and security system that is meaningful.
z eg 5 h 10 In the study, Battelle viewed personnel security programs i5l 11 on the assumption that past behavior is indicative of future D
ti 12 behavior and that the program is structured primarily to detect 13 individuals whose loyalty might have been questionable.
l 14 Based on this assumption, the foll0 wing statement was 5
2 15 made in the summary of the report.
"It is not argued that the g
16 f security clearance programs are of no use in reliability or loyalty ut l
t[
17 l screening in general.
Instead it is suggested that as they are 18 presently structured, clearances should not necessarily be expected
=
19 to protect against insider threats."
1 20 Further, the report suggested that, "It is doubtful that 21 clearances represent predictive systems which classify people with 22 more than minimum accuracy."
\\
23 Thus, Battelle suggested that personnel security clearances 24 l as presently structured should not be counted upon to protect
(.
25.~ against insiders.
i i
ALDERSON REPORTING COMPANY, INC.
- c 13 41 1
I want to point out that while DOE does not rely on the 2
clearance process exclusively, it remains an integral and important 3
Part of our overall safeguards and security system.
(
4 CHAIRMAN AREARNE:
The way that they have phrased that
=
5 statement, "as presently structured," was that a caveat to point 5l 6
out their, conclusion only went so far as the system they studied, R
R 7
or was it a lead into an additional recommendation for restructuring X
j 8
of the system?
d d
9 MR. WEISZ:
I would regard it as the latter, that they i
h 10 examined the clearance system as it has functioned in DOE and in 3l 11 government agencies during the past 30 years -- 30 plus years --
3 y
12 and they found a correlation to our current concern to our insider 5
13 threat, but were unable to link the clearance program directly
(
5=
l 14 with the insider threat as a major way of dealing with the insider
$j 15 threat.
z g
16 They did say accordingly that both the clearance system w
g 17 and the personnel assurance system sh6uld be redesigned, and we U
18 are at the stage now where we have, given the same institute,
=
19, Battelle, a-follow-on study, and we have a third study which will 20 form the data base along with this very professional and very 21, important study by the NRC staff that was just briefed to you l
22 I gentlemen.
And we are going to take our time before we monkey with x.
23 - the present:. system which,we believe has worked very effectively 24 in the DOE'.
25 In fact, I will introduce for the record two studies that ALDERSON REPORTING COMPANY. INC.
1
42
- .c 14 1
I have brought with me, one that we have commissioned the Land
(_.
2 Corporation to do.
The title is more or less "The Malevolent 3
Intentions of Potential Adversaries to Nuclear Weapons" -
" Nuclear
(
4 Material," which we are certainly going to -- it is going to go
\\)
5 to a number of government agencies, as well as a recent unclassifiei l
6 study conducted by the Interagency Security Committee of the U.S.
7 intelligence community, which was commissioned in 1978 and was X
j 8
completed this year.
d d
9 CHAIRMAN AHEARNE:
Unclassified study?
i h
10 MR. WEISZ:
Unclassified.
j 11 CHAIRMAN AHEARNE:
Fine.
U d
12 MR. WEISZ:
It is based on 5,000 case histories.
It 3o 13 lists the sources of information, the number of cases that came
{_
l 14 up, background investigations came up with derogatory information.
2 15 I think it is 1,200 out of 5,004 cases, many of which were later f
16 resolved.
The statistics are very much statistics that the A
g 17, Battelle study cites, and I believe it will be useful for the 5
5 18 staff as well as for the Commissioners, and we will make that c"
19 study available.
R 20 CHAIRMAN AHEARNE:
Fine.
21 MR. WEISZ:
As well as the Rand stucf.
22 CHAIRMAN AHEARNE:
Thank you.
\\
23 MR. WEISZ:
Does that answer your question?
24 I CHAIRMAN AHEARNE:
Yes.
25 i MR. WEISZ:
Turning to the personnel reliability or i
ALDERSON REPORTING COMPANY. INC.
g c 15 y
personnel assurance programs, the report concluded that these 2
conceptually provide a better logic and strategy-for assessing 3
employee liability which potentially affords information oriented to the detection of insider threats.
Thus, a personnel reliability
(
4 g
program would be expected to provide greater protection than a j
6 clearance program against insider threats.
7 It was suggested that a personnel reliability program 8
structure involving clearance techniques and continuous observation N
form a reliable basis for the development of a protective system 9
i h
10 with regard to insider threats.
El 11 COMMISSIONER KENNEDY:
When you speak of insider threats u
d 12 are you applying the conclusions and data generally; that is, to 3
h 13 not only questions of theft by insiders but also potential sabotage?
O l
14 MR. WEISZ:
The whole spectrum.
2 15 COMMISSIONER KENNEDY:
Okay.
D.-
16 MR. WEISZ:
The entire spectrum of potential malevolence A
6 17 to the nuclear weapons and nuclear material, as well as classified 5
i 18 information, but excluding espionage and such.
E 19 COMMISSIONER KENNEDY:
Excludes espionage?
R 20 MR. WEISZ:
In a way, yes.
It is dealt with as an 21 external threat, although we could spin out scenarios where an 22 external threat through penetration or someone alresdy on the
('
I inside would be a threat from the inside, but that is a highly 23 i
24 l esoteric topic.
I would like to avoid that.
I 25 ;
COMMISSIONER KENNEDY:
All right.
l i.
ALDERSON REPORTING COMPANY. INC.
- c 16 44 1
MR. WEISZ:
The recommendations deserve further consider-2 ation.
Battelle did not compara derogatory information criteria 3
and characteristics of profiles of insider adversaries.
We believe
(
4 that such a comparison would support a number of the criteria as a
5 being relevant.
And you saw a number of these profiles of charac-
]
6 teristics spelled out in the NRC study.
R R
7 The work being conducted as part of our ongoing study j
8 should provide some recommendations in this regard.
d c
9 To minimize the potential insider threat and to ensure z
h 10 that clearance criteria for access to special nuclear material E
g 11 are focused specifically on this threat, the Department of Energy D
g 12 is now moving forward with the second study that I mentioned
~
13 before:
to assess the adequacy of current criteria and procedures l
14 for access to SNM.
A copy of the task statement for this effort 2
15 will be provided with the statement for your information.
f 16 Following the completion of this study, a third research w
p 17 j project is planned to identify and evaluate possible modifications l
18 i of our pre-entry personnel screening procedures.
In addition, 3
g 19 j since no pre-entry screening system can be relied on to accurately l
20 ! predict behavior changes brought about by future events, my office 21 will be undertaking a program to design, develop, test and evaluate 22 a complementary post-entry behavior criteria system to detect or i
23, deter potential insider adversaries from conducting malevolent 24 j actions, either singly, in combination, or in collusion with 25l outsiders.
h ALDERSON REPORTING COMPANY. INC.
UW~
.c 17 1
CHAIRMAN AHEARNE:
That would be something different than 2
or in addition to the existing program.
3 MR. WEISZ:
I referred to this parenthetically a few
(
4 minutes ago, that af ter we have conducted this third study -- and e
5 in f act, we have a number of ideas for exploring in depth -- in h
j 6
the aggregate the threat to our facilities, weapons, materials R
7 from whatever province, that we might develop a system based on Ml 8
this new knowledge but not throwing out our experience over the d
c 9
last 30-plus years.
But at the moment we have not made the judgment
,z h
10 that we need to change our present system.
j 11 I might add at this point that the Battelle study, as D
y 12 you will recall, talks about the lack of basis to~ predict human 5
13 behavior, particularly in the long run; that is, the clearance is
(
g a
l 14 simply a ticket of admission.
How the individual will adjust 15 to life, both professionally and personally, over the course of f
16 the next several years is unpredictable.
We may count on the sun s
6 17 l to rise and set every' day, but we cannot count on an individual w
L2 3
18 behaving predictably, and this includes, I believe, all of us E
19 in this room over a period -- downstrean in years.
20 COMMISSIONER KENNEDY:
That is true of any specific 21I case.
22 i MR. WEISZ:
Yes.
23 COMMISSIONER KENNEDY:
Is Battelle saying it is also i
24 true of the universe?
I would think not.
I had always assumed t
25 : that there were some statistical correlations.
That means, of l
1 ALDERSON REPORTING COMPANY, INC.
46 13 18
- j course, the one individual may be any place on that spectrum.
2 There, in fact, is a correlation.
3 MR. WEISZ:
Were you to prevail in this argument,. were
(
4 you to pin down Battelle and make that point, they would then, I e
5 believe, go to the secondary defense which is you have to choose 5
6 your context, that predicting an individual in one context does Rg 7
not assure that he would act in another context.
Xl 8
I think they cite the example of a man reacting to a dc 9
woman at a cocktail party.
He probably would react the same way i
h 10 at another cocktail party a day later, but not necessarily react El 11 the same way to a woman supervisor in a work situation.
U g
12 So you have to take the Battelle study with a certain
(
13 amount of -- I will not finish that sentence.
l 14 (Laughter.)
2 15 We will provide the NRC prior notice of any significant 5
i d
16 l change we make, I can assure you of that'.
w i
17 In summary, it is our view that the Battelle study i
i M
18 ' partially satisfied'its objectives.
It did not adequately address I
19 the contribution of a personnel security clearance program, the R
20 effectiveness of an integrated safeguard system, but it did pro-21 vide valuable information and identified a number of promising I
22 l paths to pursue for possible benefit.
(
23,
I have a summary here which I will speak to only in l
24 < part.
A clearance in DOE, and I believe in the government, is only i
25, one element of a system developed and used to protect against i
ALDERSON REPORTING COMPAN Y, INC.
~
c 19 47 y
malevolence, including insider threats.
We use the clearance 2
in combination with electronic and other hardware, as well as with 3
administrative and systems procedures.
4 The two-man rule was mentioned by Mr. Burnette as an
(
a 5
important element, but we have vaults, alarms, material control bj 6
and accountability programs, administrative procedures, coded 7
badges, cards, portal monitors, searchers, and so forth to make N
j 8, up a total safeguard security system.
dg 9
We believe that people do not or individuals do not i
h 10 apply for clearance.
An employer or a government agency puts an El 11 individual in for a clearance, and it is usually after a preliminary D
d 12 determination was made that the individual will prove suitable E
for employment, and therefore will have no problem in gaining 13
(
8 l
14 j a clearance.
E 2
15 In short, a great many people are never introduced for E
D:
16 a clearance -- a good percentage will withdraw their request:fdr d
6 17 i employment, and the need for clearance will vanish.
w b
18 The personal interview will discourage some; people, E
19 and on the whole it is a builtin deterrent to this program.
R 20 The rest of it -- the rest of the summary I've talked 21 to, and so at this point we would be happy to respond to questions.
22 CHAIRMAN AHEARNE:
Do you see at the moment, or is it
. k" 23 too early, the outlines of changes that you might be making?
24 MR. WEISZ:
Marty, Mr. Dowd?
(
.l MR. DOWD:
I think, Mr. Ahearne, that the preliminary 25 ALDERSON REPORTING COMPANY, INC.
48 e 20 1
view at least is that we, would like to try for a separation of 2
criteria which we use in our processing, so that there might be 3
perhaps two separate sets of criteria on judging whether people
(
4 are suitable for employment and in the area of access to classified a
5 information, and another for the people who only require access to 5
]
6 special nuclear material processing in one way or another in the R
7 fuel cycle, and there is some good reason for this.
X 8
As far as the personnel security clearance criteria, d
d 9
which has been under constant scrutiny but also has worked pretty i
h 10 well for us in the last thirty-odd years -- as far as that is 3j 11 concerned, we feel that to subject that total criteria to a barrage D
g 12 of potential -- I guess a potential barrage of criticism or picking
-c 5
(
g 13 tearing apart, if you will, through public comment on what it is u
-l 14 we do in evaluating people such as to loyalty and suitability or E
2 15 access to highly sensitive information.
It might be a very danger-l f
16 ous thing to do.
That is being considered as an important factor l
17 ' in the maintenance of our major activity:
nuclear weapons N
18 development.
E 19 We think there is a very good likelihood that there k
20 should be a reparate set of criteria for people not requiring 21 access to sensitive policies or programs.
22 CHAIRMAN AHEARNE:
Which you then correlate to a
(
23 l separate clearance.
24l MR. DOWD:
Yes, yes, essentially so.
(
25 '
Furthermore, it can be f airly readily understood, and I l
i ALDERSON REPORTING COMPANY. INC.
G 21 49 am sure staff and Commissioners of NRC know as well as we do that j
Pe P e cequiring access to special nuclear material do not neces-l
(
2 sarily fit into the same mold as those who have to -- have hands-on 3
access to nuclear weapons.
So there are different suitability
(
4 criteria is what I am saying.
.a 5
5 CHAIRMAN AHEARNE:
Would it be accurate to conclude in l
6l your separation the primary result would be keeping the criteria 7
for the access to the weapons material the same, and then softening 8
N the criteria for the non-weapons?
9 I
MR. DOWD:
Yes, essentially yes.
h 10 z
MR. WEISZ:
If I may add to that, we have not adopted jj U
the personnel assurance program to have access to SNM.
That program d
12 E
- i. tied for the most part to Nevada and Albuquerque, the weapons
(
=
13 L4 E.:
14 Program.
CHAI M AHEARNE:
Joe?
!5 COMMISSIONER HENDRIE:
No, I have nothing.
16 l
- d l
g j7 ]
CHAIRMAN AHEARNE:
Thank you very much for coming.
I 18 appreciate your reports and the offer to keep us abreast.
It is E
obviously a very important relationship.
j9 R
MR. BURNETT:
It is our plan to further evaluate this 20 data, and if we think it is necessary, app:oach the Commission 23 with visu11s.
22 N
CHAIRMAN AHEARNE:
John, anything else?
23 MR. DAVIS:
No.
24
(
25 l CHAIRMAN AHEARNE:
John, thank you very much.
It was i
ALDERSON REPORTING COMPANY. INC.
50
- 22 I
a very complete effort from all the people who worked on it.
We i
2 appreciate it.
3 That closas this portion of the meeting.
4 (Whereupon, at 11:25 a.m., the meeting was adjourned. )
(}
=
5 h
5 6
x 2
7 x]
8 0
ci 9
10 E
j 11 u
p 12 E:
13 g
3 u
l 14 a
2 15 ;
5 i
t{
16 us 6
17 18 19 R
20 21 '
22
(
23,
i 24 I I
\\.
25l i
ALDERSON REPORTING COMPANY. INC.
e#
This is to certify that the attached proceedings before the
(
NUCLEAR REGULATORY COMMISSION l
in the matter of: PUBLIC MEETING - BRIEDINF ON REPORT ON POTENTIAL THREAT T NUCLEAR ACTIVITIES FROM INVIDERS AND BRIEFING ON DOE STUDY EFFECTIVENESS OF' SECURITY CLEARANCES Date of Proceeding:
June 19, 1980 1
Docket Number:
l Place of Proceeding:
Washington, D. C.
were held as herein appears, and that this is the original transcript thereof for the file of the Commission.
l David S. Parker l
Official Reporter (Typed)
(
3 4_ )... - TC Official Reporter (Signature) l l
1
-s k
The Hole of Security Clearances and Personnel Reliability Progrums in Protecting Against Insider Threats A Battelle Study Statement By Mr. George Weisz Director Office of Safeguards and Security, DOE June 19,1980 i
1 Thank you, Mr. Chainnan.
I want to express my appreciation for this opportunity to participate in this morning'ssessionandtodiscusstheresultsofastudythatwasconductedhoc 1,
the Department of Energy by the Battelle Human Affairs Research Centers.
I am accompanied by Mr. Martin Dowd, Director, Division of Security, and Dr. Joseph Tinney, Director, Division of Policy and,. Analysis.
4 I believe it would be helpfbl if I first read a brief statement for the recod ooncerning this study and its relationship to a broader DOE review of measures to deter potential adversaries, or influence their actions, by denying sanctioned access to potential malevolents or detecting those employees who have decided to undertake crkninal activities.
I will then be happy to answer any questions you may have concerning this study or other related DOE activities.
The objective of the Battelle study was to conduct a selective review of historical data on employee clearance and reliability programs within the government and private sectors. ~ Particular attention was given to examining the rationale for
2 clearances and analyzing the structure and effectiveness of selected existing clearance procedures. An important sub-objective was to determine the extent to
(
which clearance procedures, as presently used in government and private industry, are adaptable to the task of assessing " insider threats." This is but one of a number of activities designed to give us a better understanding of what actions we should take to minimize the threats from potential insider adversaries.
The data sources that were utilized in this study are listed in the reference section of the Battelle report. Copies of this bibliography are being provided with this statement for your use. In addition, information concerning the ongoing DOE clearance program was also obtained.through conversations with DOS security personnel at Headquarters and in the field.
(
Intheearlystagesof'thesbdy,agreaterthananticipatedamountoftime was spent in reviewing the objectives, scope, and procedures of the current DOE security clearance and personnel assurance programs. As a result, all relevant parts of these programs were not< addressed or considered during the study. For' example, the report did not address the inherent deterrence value of the clearance process. However, it is our view that this process has a deterrence value. For example, individuals that have information of a sub-stantially derogatory nature in their background may be reluctant to apply for a position which requires a DOE clearance.
It should be noted that the statistics in the Battelle study reflect only those
(
cases which proceeded as far as a Personnel Security Board and began Administra-tive Review processing under the provisions of 10 CFR Part 710. The limited
l 3
data available to us indicates that approximately 30 percent of the background investigations reflect some derogatory information and that, currently, about 20 perce-would reflect substantially derogatory information. One of our Operations Offices recently noticed a marked increase in the number of cases containing substantially derogatory information and another office had to conduct interviews in about 20 percent of the full field investigations processed in FY 1979. Here, again, these figures do not represent those requests for clearance which were withdrawn prior to the convening of a Personnel Security Board.
Since statistics are not available which reflect the number of individuals who withdraw from the clearance process after being notified that they will be interviewed, withdraw after the interview, or withdraw after receiving a
(
notification letter of a. hearing, a numscical or statistical evaluation of the effectiveness of the process in deterring potential adversaries is of
~
quest 1onable value. These factors must be considered in any analysis of the value of the clearance process.
In addition, the personnel clearance and reliability programs were evaluated apart from the context or environment in which they operate as a component of an overall security system. Of course, these programs cannot and should not be relied on to provide complete assurance in deterring or detecting insider threats-just as no other component, removed from the system and evaluated on its own, can be expected to be completely effective. While many safeguards and security features are necessary, none by itself may be viewed as sufficient.
(
In this study, Battelle viewed personnel security clearance programs as being l
based on the assumption that past behavior is indicative of future behavior l
l
i 4
and that the program is stmetured primarily to detect individuals whose loyalty might have been questionable. Based on this assumption, the following statement 1
was made in the summary of the report 1
"It is not argued that security clearance programs are of no use in I
reliability or loyalty screening in general. Instead, it is suggested that, as they are presently structured, clearances should not necessarily be expected to protect against insider threats."
s Further, Battelle suggested in the report that "...it is doubtful that I
clearances represent predictive systems which classify people with more than mi ni = = accuracy. " Thus, Battelle suggested that personnel security clearances, as presently stmetured, should not be counted upon to protect against insk, der
(
threats. While DOE does not rely on the clearance process exclusively, it m ina an integral and important part of our overall safeguards and security a
system.
A....,.
In regard to personnel reliability programs, the report concluded that these conceptually provide a better logic and strategy for assessing employee relia-bility which potentially affords information oriented to the detection of insider threats. Thus, a personnel reliability program would be expected to provide greater protection than a clearance program against insider threats.
It was suggested that a personnel reliability program stmeture, involving
(
olearance techniques and continuous observation, forms a reliable basis for the development of a protective system with regard to insider threats.
s 9
9
5 While we believe that these recornmendations deserve further consideration, Battelle did not compare derogatory information criteria to characteristics I
profiles of insider adversaries. We believe that such a comparison would support a number of the criteria as being relevant. The work being conducted as part of our ongoing studies should provide some recommendations in this regard.
In this regard, we have been asked by the NRC 's staff, if DOE has decided to make any changes in its personnel clearance or reliability programs as a result of this study. No immediate changes are being made. However, based on,the findings of this study, recent NRC research, and our desire to further explore these issues, some follow-on work has been initiated.
r.
To minimize the potential insider threat and to ensure that clearance criteria
\\
for access to SNM are focused specifically on this threat, DOE fa now moving forward with a second study to assess the adequacy of current criteria and procedures for SNM access. A copy of the task statement for this effort is fbeing provided with this statement for your infomation. Following the com-
' '.5 5.
pletion of this study, a third research project is planned to id'entify and evaluate possible modifications of our pre-entry personnel screening procedures.
In addition, since no pre-entry screening system can be relied on to accurately predict behavior changes brought about by future events, my Office will be undertaking a program to design, develop, test, and evaluate a complementary post-entry behavior criteria system to detect or deter potential insider
(
adversaries from conducting malevolent actions either singly, in combination, or in collusion with outsiders. Finally, in FY 1981, we will be initiating a comprehensive examination of insider characteristics, motivations, intentions, l
6 capabilities, and activities.
!he purpose / this effort is to provide DOE decision-makers with a better understanding of potential insider adversaries and the types of activities they can be expected to undertake. This informa-tion will also be utilized in devising various countermeasures to discourage or successfbily deal with such threats, and will hopefbily serve as a companion to the NRC insider study.
We will, of course, provide prior notice to NRC of any substantive changes in our personnel security program that may result from these studies.
i In sumary, it is our view that the Battelle study partially satisfied its objectives. While it did not adequately address the contribution of a personnel security clearance program to the effectiveness of an integrated safeguards system, it did provide valuable information and identified a number of prm ising paths to pursue for their possible benefit. I hope this brief review has provided you with a better appreciation of the DOE's perspective concerning this study and its results.
At this time, along with Mr. Dowd and Dr. Tinney, I will be happy to answer any specific questions that you might have concerning this study or other DOS activities in this area.
If necessary, we will provide a written response to any questions you may have that we are unable to answer at this time.
Thank you, Mr. Chaiman, and members of the Commission.
(
Are there any questions?
~
.. =.dlTsam-dt6V y,
^Y41.
m 62 4$
r.:
~,}
BIBLIOCRAPHY AND REF N NCES u
1:
i Bechtoldt, Harold
(
1951
" Selection" in S. S. Stevens (Ed.) Handbook of Experimental Psychology.
New York:
John Wiley.
E
=
Bennett, Carl A.
1977
" Current Technical Issues in International Safeguards," Vienna:
International Atomic Energy Agincy.
Bennett, Carl A.
1973 Some Effects of False Positives.
Proceedings of the 14th Annual Meetings, Institute of Nuclear Materials Management, (number 3, Fall):110-125.
Volume 2 I
Bennett, Carl A., W. M. Murphey and Theodore Sherr a
1975 societal Risk Aporoach to Safeguards Design and Evaluation.
Washington, D.C.:
ERDA (Safeguards and Security Systems).
Christy, R. L. and J. E. Rasmussen
.1963
" Human Reliability Impl1 cations of the U.S. Navy's Experience' in Screening and Selection Procedures," American Journal of Psychiatry, 120(December):540-547.
Cronbach, Lee J. and Goldine Glesser 1965 P ychological Tests and Personnel Decisions.
Urbana, Illinois:
University of Illinois Presa.
Department of the Air Force 1978 "AF Regulation 35-99; Personnel Reliability Program."
Headquarters U.S. Air Force.
Washington, D.C.:
Department of Defense 1977
" Industrial Security Manual for Safeguarding Classified Infor-mation DOD 5220.22-M." Washington, D.C.:
Department of Defense (Defense Logistics Agency).
k Dunnette, Marvin and Wayne Kirchaer 1956 Psychology Applied to Industry.
New York: Appleton-Century-Crofts.
Dunnette, Man ;.n and Walter,Borman 1979
" Personnel Selection and Classificacion Systems,"
Annual Review of Psychology, 30:477-525.
63 Energy Research and Development Administration 1976 "ERDA Manual Appendix 0560: Pror,rar to Prevent Accidental or Unauthorized Nuclear Explosive Detonations Handbook."
Washington, D.C.:
ERDA (Division of Military Applications).
1967 "ERDA Manual Appendix 2301:
Personnel Security Handbook."
Washington, D.C.:
ERDA (Division of Security).
Federal Personnel Manual 1970 " Chapter 736:
Investigations." Washington, D.C.:
Civil Setvice Commission.
1973 " Chapter 732:
Personnel Security Program." Washington, D.C.:
Civil Service Commission.
Gaughran, Paul 1973 'A Review of the AEC Security Trogram.
Washington, D.C.:
If.S.
Atomic Energy Commission.
Harrison, Danial P.
9 t
o 1976 Social Forecasting Methodology.
New York:
Russell Sage Foundation.
Humphreys, Lloyd G.
4 1977 " Predictability of Employes Thefc:
Importance of the Base Race," Journal of Applied Psychology, 12,(4):514-516.
2 rendall, Richard J.
1978 "Tascimony of Wisconsin Electyic Power Company," Bafore the Hearing Board of the U.S. Nuclear Regulatory Commission, in the matter of Am-nd=mc of 10 CFR Parts 11, 50, and 70.
j Lyon. Harvey E.
i 1978 "A Review of the Department of Energy Personnel Clearance Program," Testimony before the Hearing Board of the U.S. Nuclear Regulatory comunission, in the matter of Amendment of 10 CFR Parts 11, 50, and 70.
Meehl, Paul E.* and Albert Rosen 1955
" Antecedent Probability and the Efficiency of Psychometric r
Signs, Patterns or Cutting Scores," Psychological Bulletin, 5_2,(3):
{
194-216.
2 Perry, Ronald W..
1976
" Attitude Scales as Behavior Estimation Devices," Jgtrnal of Social Psychology, 100:137-142.
l l
~
- - -c _ ::w.m.nce.:.ss.g;yggg
=
l i'
64 Perry, Ronald W., D. F. Gillespie and R. E. Lotz 1976 "At t1&d4"=1 Variables as Estimates of Behavior:
A h oracical F-4"= tion of the Attitude-Action Controversy," European Journal of Social Psychology, 6_(2):227-245.
Post, Richard and A. A. Kingsbury 1970 Securiev Aamin4stration.
Springfield, 7114 M s:
Charles Thomas.
i t
Rosenbaum, Richard 1976 " Predictability of Employee Thefe Using Weighted Application Blanks," Journal of Applied Psychology, g(1):94-98.
.i.
- *.'. :. n e Truman, Harry S.
V?.:. :
- . 7, 1955 Year of Decisions (Memoirs, Volume 1),GardenCity,New}ork:
Doubleday and Company.
1956 Years of Trial and Hope (Memoirs, Volume 2), Garden City.
New York:
Doubleday and Company.
1961 Public Papers of the Presidents of the United States (Harry. J.
I Truman, Apr11.12 to December 31, 1945).
Washington, D.C.:
Government Pripting Office.
W111 rich, Mason and Theodore Taylor 1974 Nuclear Theft:
Risks and Safeguards.
Cambridge, Massachusegts:
'j R=114"ger.
e j
j f.* '.
k N,. '
e,.
a.
a l
f
\\ Ji '-
e e i,,
?.', sl,.
~,
(
()
ATTACifMI3T A
\\
I're-!.nl rv Screenin. Techni g u (or S:'I Access f
ObiertIve.
T1.e pio pose of t his study is to carefully examine the current sts.tc. of 1.noe1,. 1;c ir.cideats related to insider threats vn upon t his.na,l: is, tu
, and based Q t uc'urity clearances, and to suggest possible changes in clearanc
[
critcYfa and procedures vhich would enhance the effectiveness of pre-pnp I
personnel :tereening in mitigating against insider threats to special nuclear mat erial (f*M).
This study will utilizu the $vailable research products, findings, etc.
of other f ederal agencies in this area to the greatest possible e'xtent and incofporate and expand upon such findings in developing suggestions for the clearance program as conducted within the U.S. Department of
- Energy.
Task 1.
for granting security clearances, focusing upon the effectiven these criteria in screening out individuals likely to misuse special nuclear materials (SNM).
This task will involve completion of the following subtasks:
A.
Review of the statistical and theoretical literature on the design of security cicarances, and develop a model which describes the assumptions and operations upon which security I
clearance strategies are based.
B.
Within the scope of the model developed above, review studies of past incidents where a cleared person (or persons) mishandled SNH.
To the extent t hat such analyses are meaningful within the context of insider threats to SNM, other analogous crimes perpctrated by insiders (particularly cleared personnel) will also be incit 'ed in the historical review.
An incident will be considered me,ningful if it approximates conditions similar to an SNM setting; e.g., the material compromised is very valuable from a monetary standpoint and the retting involves physical comparable to that used in conncetion with DOE programs. se The objective of this review is to isolate and categorize (where the information is available) the likely motivations of the employee involved in the incident.
The review will examine existing literature on relevant incidents as well as case data on incidents where available.
In addition to the professional literature, the genetal sources of information to be tapped will include:
1
(
1.
The study of nuclear and analogous insider crimes conducted by the Nuclear Regulatory Commission (Ms. Sallig q
)
Mullen);
1 f
I i
I e
)
(
(. I 2
2.
The z..tf er.uarib. cu:: mary event IJst published by the Nuclear Rc;*,ulatory Lv: niew f un; 3.
Inlor: nation on security incidents in the nuclear weapons progr:4m li. t he Department of Encrgy, Of fice of Military Applientions (availabic through Mr. bbrty Dowd);
4.
Review of known r.ccurity incidents occurring during the Fbnhattan Project (1942-1946);
S., Rcview of known security incidents occurring during thh early ycurs of the Atomic Energy Commission (particularly the Truman and Eisenhower Administrations); and 6.
The studies of adversary motivations (particularly the employee - perpetrator) conducted by the Rand Corpotac[on (Mr. Brian Jenkins).
7.
Review of whatever else is available.
The revdews of all the above listed sources are contingent upon j
the timely availability, completeness, and relevance of the materials.
The review itself will contain the most relevant inc1 dents gleaned from the sources.
C.
Based upon the review of historical incidents, define the range of possibic motivations and/or objectives for a c1 cared person to be involved in security infractions related to SNM.
Examing these motivations in light of the criteria used in granting the clearance at the time of the infraction.
D.
Using the model developed in Subtask A and the range of motivations and/or objectives outlined in Subtasks"B and C, evaluate the relevance and likely effectiveness of current clearance criteria for the problem of minimizing insider threats to SNM.
Task 2.
Based upon the results of Task ID, develop suggestions for revising clearance criteria and/or procedures which would enhance the effectiveness of clearances as a screen against possible insider threats to SNM.
This task will be coordinated with the ongoing efforts within DOE-OSS to review and revise clearance criteria (Mr. Barry Dalinsky).
This task will address the following subtasks:
A.
Examine and critique the possible role and utility of existing hardwarc--polygraphy, stress analyzers, CSR, etc.--in supple, menting or enhancing the ef fectiveness of security clearances in connection with insider threats to SNM.
3 r-
- -. -.,.~~.,, -, - -. -
.~
(.
( i 3
11 I'xaulne t h. prvd ;e t is.n lop,1c upon which s.turity clearances arc ban,ed and c:. : ins-ant! critiquc t hc. possibic role and utility of p syc holo,' f e a l L e.-: t i n.- (personality inventorics) in supplementing or enhancing the effcetivencr.s of cicarances in connection with mitigating insider threats to SNM.
C.
Identif y nc> technology and/or procedurcs which would supplement or enhance the effectiveness of security clearances in connection with insider threats to S!!M.
D.
Identify a composite strategy for enhancing the effectiven' ass of security clearances with regard to insider threats to SNH which includes:
1.
any suggested changes in criteria for clearance; a
2.
any suggested procedural changes; and 3.
any new elements (psychological" testing, etc.) which should be included.
E.
Devise a preliminary statement of the type of research program -
necessary to institute and support the improvements or new procedures described above.
i o
6 6
Y
0 6
b 9
(
STUDY OF THE POTENTIAL THREAT TO LICENSED NUCLEAR' ACTIVITIES l
FROM INSIDERS i
i 1
i i
1
4 I
OBJECTIVES Determine insider adversary characteristics Examine security system vulnerabilities exploited Assess Detection / prevention method
~
i effectiveness i
l l
l
3 m
l l
APPROACH
~
1 l
l l
Study of analogs l
Case histories 4
Adversary characteristics Expert opinion l
i I
T
.l n
1 1
e ADVERSARY CHARACTERISTICS I
Position-related e
Behavioral i,
e Resource 1
Operational I
1 i
i I
I LIMITATIONS 1
Theft and sabotage only Dom ~estic crimes only i
Small sabotage data base 4
i
i SOURCES e
US Government agencies (32) l
- Private Industry 59 Security experts 30 Industries
- Other experts (31)
. Open-source literature l
l l
i
SUBJECTS TO BE ADDRESSED
~
Typical insider thief
- Typical insider saboteur
- Strong vs weaker safeguards environment L
l e Single thief vs theft conspiracy i
l e Characteristics according to job position
~
I I
i
~
CHARACTERISTICS OF TYPICAL INSIDER THIEVES
. Acted alone l
. Motivated by greed, indebtedness and financial inducement e Acted later in period of employment Planned well or moderately well l
e i
i e Relied on covert action e Used equipment available on site I
CHARACTERISTICS OF TYPICAL INSIDER SABOTEURS
-l Acted alone Motivated by psychological problems, l
disgruntlement, and revenge i
Acted within two years of being hired Acted on impulse Relied on covert action j
l Used equipment available on site I
l 1
i
CHARACTERISTICS OF INSIDERS;iN A STRONG SAFEGUARDS ENVIRONMENT 4
- More conspiracies formed e More reliance on non-routine access / covert action Acted later in period of employment e Fewer coerced or induced i
1
TYPICAL SINGLE THIEF VS-TYPICAL THEFT CONSPIRACY
.l Type of crime i
Target control Access Length of service l
Motivation Role i
e i
l Tactics l
i i
l
SINGLE THIEF THEFT CONSPIRACY TYPE OF CRIME:
MONEY AND INFORMATION MATERIAL THEFTS THEFTS TARGET CONTROL:
MORE POLICYMAKER/
MORE OPERATIONAL M ANAGER INVOLVEMENT INVOLVEMENT 1
ACCESS:
MORE USE OF ROUTINE MORE USE OF NON-ACCESS ROUTINE ACCESS 1
1 I
l SINGLE THIEF THEFT CONSPIRACY LENGTH OF SERVICE:
OVER 30% OF CRIMES CRIMES RARELY OCCURRED OCCURRED llN FIRST IN FIRST TWO YEARS TWO YEARS 20% OF CRIMES OCCURRED OVER HALF OF CRIMES IN 6-10 YEAR TIME PERIOD OCCURRED IN 6-10 YEAR PERIOD i
MOTIVATIONS:
LESS OFTEN MOTIVATED MORE OFTEN MOTIVATED l
BY DESIRE FOR MONEY BY DESIRE FOR MONEY 10% OF MOTIVATIONS NO CONSPIRAClES SGR NT EMENT, Bf R VENGE, l
PSYCHOLOGICAL DISGRUNTLEMENT, ETC.
PROBLEMS,1 GAME PLAYING lDEOLOGY, i
SEX AND MARITAL i
PROBLEMS
SINGLE THIEF THEFT CONSPIRACY ROLE:
PRIMARY RELIANCE ON MORE OVERT AQTIVITY COVERT ACTIVITY THAN SINGLE THIEF TACTICS MOST OFTEN USED FALSIFIED SIMILAR TO THOSE USED DOCUMENTS AND BY SINGLE THIEF MANIPULATION, GUILE, RUSE AND DECElT, SURREPTITIOUS REMOVAL, AND ABUSE OF TRUST j
i i
1 i
4 0
TARGET CONTROL VS BEHAVIOR OPERATIONAL & POLICY / MANAGEMENT o
Relied on routine access and covert action Insider with NO TARGET CONTROL violated access controls and relied exclusively on covert action 4
POLICY / MANAGEMENT employed tactics o
involving manipulation of procedures l
and resources l
OPERATIONAL & NO TARGET CONTROL l~
insiders employed tactics involving subterfuge
\\
TARGET CONTROL VS BEEIAVIOR' (Cont)
- OPERATIONAL coerced or induced 22% of the time POLICY / MANAGEMENT coerced or induced 11% of the time NO TARGET CONTROL type never induced, l
coerced, or an unwitting' participant
~
i i
e POLICY / MANAGEMENT planned l
extensively OPERATIONAL planned moderately to extensively NO TARGET CONTROL type planning was low to moderate
l DETECTION METHODS e Related/ unrelated to site security systems eimplications for Nuclear l Safeguards
- Employee involvement
- Perpetrator absence
- Audits / inventories / inspections J
- Outsider awareness l
~
PREVENTION METHODS 4
e Screening / clearances e Behavioral observation ei Psychological assessment
- Procedural controls
- Management / security /
l employee rapport l
- Internal inspections e Integrated safeguards program i
~
SECURITY SYSTEM VULNERABILITIES-TO THE INSIDER Inconsistent application of security procedures i
Failure to separate and rotate duties Excessive trust due to longevity or l
position Personnel security deficiencies System design deficiencies i
l
SCREENING VS INSIDER GROUP SIZE: THEFT SCREENING LEVEL PROBABILITY OF CONSPIRACY GOOD
.39 l
FAIR
.63 l
POOR
.70 NONE
.67 l
l 4
6 6 *