U.S. Nuclear Regulatory Commission (NRC) officials are jeopardizing sensitive government secrets by processing and storing classified information on seven unauthorized systems, according to a new NRC Inspector General (IG) report.
“NRC has national security systems that were operating without the required authorizations to operate, contrary to federal and internal requirements,” the IG said. The problem developed because of unclear or confusing policies and procedures for operating national security systems.
As a result, the commission — which licenses, inspects and enforces regulations for commercial nuclear power plants and other uses of nuclear materials — violated Committee on National Security Standards (CNSS) rules requiring authorization for all national security systems.
Safeguarding U.S. nuclear power plants and materials against terrorist threats is a top priority for the CNSS regulations.
The IG also found NRC officials have no agency-wide inventory of the commission’s multiple systems for handling national security information. A national security system is any information system involving intelligence, cryptologic activities about national security, or command and control of military forces. (Nuclear Regulatory Commission Took Six Months And Three Tries To Produce Research Budget)
Failing to assess a system’s risks appropriately before using it could enable hackers to gain access to classified information, although the IG didn’t find any instances of that happening.
“For example, if a hard drive with classified information is put into a computer only authorized for unclassified information, there could be an information spill and the information may be vulnerable because the computer does not have the proper protections in place,” the IG said.
The IG attributed NRC’s failures to excessive bureaucracy, including poor coordination among multiple offices managing national security systems and unclear internal policy.
The IG recommended that NRC clarify its agency-wide policies and procedures governing national security information systems and create a complete inventory of all national security information systems.
Commission officials did not provide a response to the IG’s published findings.
Send tips to email@example.com.
Content created by The Daily Caller News Foundation is available without charge to any eligible news publisher that can provide a large audience. For licensing opportunities of our original content, please contact firstname.lastname@example.org.