National lab’s mismanagement of property put sensitive information and tech at risk, watchdog states
The Brookhaven National Laboratory improperly managed its sensitive information, technology and other property, putting it at risk for potential unauthorized access, according to a new report from the Department of Energy Office of Inspector General.
The Energy IG found that the Long Island, N.Y. laboratory did not classify high-risk or sensitive property, including its information technology equipment, leaving it vulnerable to “loss, theft, or misuse of technologies, technical data, and information. The report, published Wednesday, points to the Department of Energy’s Brookhaven Site Office (BSHO) as responsible for property management and oversight at the lab.
Brookhaven National Laboratory (BNL) was not fully compliant with the department’s property management regulations, 41 Code of Federal Regulations [CFR] 108, by not classifying sensitive and high-risk materials as such, the report states. The lab did not correctly classify export-controlled items with these categories either.
The IG conducted the audit from January 2022 through July 2023.
The report stated: “By not classifying, accounting for and dispositioning its sensitive and high-risk property, BNL is at risk for potential adverse impact on public health and safety, the environment, national security interests and proliferation concerns. Proper classification of both sensitive and high-risk property is important to ensure that only authorized individuals have access to it. Unauthorized access could lead to loss, theft or misuse of technologies, technical data and information.”
BNL’s potential vulnerabilities are also non-compliant with 41 CFR 109, a regulation that requires contractors to establish and maintain a program that manages property efficiently.
The laboratory did not indicate that 11,198 out of 17,264 items were sensitive, as required by federal regulations, which accounted for $75 million of its 2021 total inventory value, according to the report. On top of that, it failed to classify $183 million in export-controlled, high-risk property — items that included lasers, radioactive magnets, chemical equipment and centrifugal separators — as such.
Export-control requirements regulate the way technologies are transmitted or transported to foreign countries. These guardrails are for items such as technology with memory capabilities, explosives, hazardous property and proliferation-sensitive property.
“By not properly classifying property as sensitive and high-risk, not all applicable sensitive and high-risk property was included in BNL’s physical inventory verification process,” the report stated. “41 CFR 109 requires 100 percent annual physical inventory verification of high-risk and sensitive property.”
“These requirements are intended to protect U.S. economic interest and foreign policy goals, as well as to prevent the acquisition of technologies, technical data and information by parties hostile to the U.S.,” the report states.
The Energy IG reported discussing the oversight issues with BHSO, which said that “BNL’s requisition process has procedures to identify export-controlled property.”
To remedy the vulnerabilities, the IG gave two recommendations to BHSO, suggesting to direct the lab to follow 41 CFR 109 requirements and assess the adequacy of BNL’s property management program. The watchdog also recommended that the acting director from the Office of Asset Management review and update its guidance to ensure compliance with 41 CFR 109.
BHSO agreed with each of the recommendations given by OIG.
