The Latest Cyber Attack Exposed What A Dangerous Mess DOE Is

As the post-mortem on the SolarWinds cyber-attack proceeds apace, the standard fingerpointing and recriminations are underway right on schedule. Much of the initial press attention focused on the targeting of the Department of Energy’s nuclear weapons division.

Public information is flimsy, of course, and further speculation is of limited value. But the attack does shine the spotlight on a highly unusual federal organization.

In the late 1990s, the Department of Energy found itself beset by a massive security breach at Los Alamos, one of its prestigious weapons labs. A multi-voluminous report resulting from a bipartisan congressional investigation concluded: “The People’s Republic of China has stolen design information on the United States’s most advanced thermonuclear weapons.” President Bill Clinton’s Foreign Intelligence Advisory Board reached a similar conclusion: “The Department of Energy is a dysfunctional bureaucracy that has proven it is incapable of reforming itself.”

The solution was to establish the National Nuclear Security Administration, a new “semi-autonomous” agency within the Department of Energy that would take over all of the DOE’s nuclear weapons-related functions and impose stricter security protocols. The civilian half of the department, meanwhile, could focus on “energy” proper.

It was to be a classic, textbook case of comparative advantage and specialization. Well, at least in theory.

In practice, however, the Department of Energy is essentially the Los Angeles of bureaucratic sprawl. There are 17 national laboratories, each with its own lab director. The DOE maintains sites in Nevada, Kentucky, Tennessee, South Carolina, Washington, New Mexico, and Kansas City. The Federal Energy Regulatory Commission — statutorily independent — also falls under the DOE umbrella, as does the Energy Information Administration and the four Power Marketing Administrations.

And then, there’s the NNSA. To begin with, it’s important to note that “semi-autonomous” is an inherently nebulous term. In essence, the NNSA does its own thing, which can get it into trouble. Furthermore, while it does officially report to the Department of Defense, it doesn’t seem to like it very much.

Further complicating matters is the Naval Reactors division within NNSA. “NR,” as it is known, handles the propulsion program that powers submarines and aircraft carriers. The law states that the head of NR reports “through” the NNSA administrator to the Secretary of Energy, to whom he or she has “direct access,” but also explicitly states the NNSA administrator has no authority over Naval Reactors, which also reports to the Navy.

In other words, the DOE consists of dozens of little and not-so-little civilian entities and a giant quasi-military branch, which operates “semi-autonomously” from it but also reports to another cabinet department – except for one critical program, which operates on its own but also reports to another department. Clear as mud.

The truth is that DOE’s grotesque organizational chart is hopelessly crisscrossed with solid lines, dotted lines, and wavy curves. Its antiquated IT systems are an open joke, from chitchat in the cafeteria to snickering in the executive suites as conference calls and video sessions fail to launch.

One explanation for its dysfunction? With so many people in charge, conceivably nobody is.

Irony abounds. In 2018, then-Secretary Rick Perry established the DOE’s Office of Cybersecurity, Energy Security, and Emergency Response. Its first assistant secretary, Karen Evans, was replaced in February 2020 without explanation. Her successor was then replaced in November. A bold idea consumed by political infighting.

Additionally, there are unique challenges posed by the National Laboratories. While they are all government-owned, all but one is contractor-operated. They see themselves as universities subject to academic freedom and open to international collaboration.

Laudable efforts by the Trump administration to tighten issues concerning foreign nationals have met resistance. Increasingly, labs are also conducting work for non-government entities, even as the DOE’s conflict of interest policy could certainly use some work.

With such high stakes and important material under its purview, the Department of Energy should be far more than a travel agency for senior appointees with security clearances. Yet the cumbersome structure of the department lends itself to bureaucratic food fights and petty feudalism. Unfortunately, it will likely take more than a mere crisis to fix it.

Tristan Abbey is President of Comarus Analytics LLC. He previously served at the National Security Council and the Senate Committee on Energy and Natural Resources. Follow him on Twitter @TristanAbbey.

Copyright © 2020 The Federalist, a wholly independent division of FDRLST Media, All Rights Reserved.

Read More

Tristan Abbey