PDF(PDF provides a complete and accurate display of this text.)Tip?
114th Congress } { Report
HOUSE OF REPRESENTATIVES
2d Session } { 114-679
======================================================================
NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY CAMPUS SECURITY ACT
_______
July 11, 2016.--Committed to the Committee of the Whole House on the
State of the Union and ordered to be printed
_______
Mr. Smith of Texas, from the Committee on Science, Space, and
Technology, submitted the following
R E P O R T
together with
MINORITY VIEWS
[To accompany H.R. 5636]
[Including cost estimate of the Congressional Budget Office]
The Committee on Science, Space, and Technology, to whom
was referred the bill (H.R. 5636) to increase the effectiveness
of and accountability for maintaining the physical security of
NIST facilities and the safety of the NIST workforce, having
considered the same, report favorably thereon without amendment
and recommend that the bill do pass.
CONTENTS
Page
Committee Statement and Views.................................... 2
Section-by-Section............................................... 4
Committee Consideration.......................................... 5
Application of Law to the Legislative Branch..................... 5
Statement of Oversight Findings and Recommendations of the
Committee...................................................... 5
Statement of General Performance Goals and Objectives............ 5
Duplication of Federal Programs.................................. 5
Disclosure of Directed Rule Makings.............................. 5
Federal Advisory Committee Act................................... 6
Unfunded Mandate Statement....................................... 6
Earmark Identification........................................... 6
Congressional Budget Office Cost Estimate........................ 6
Minority Views................................................... 7
Committee Statement and Views
PURPOSE AND SUMMARY
The purpose of the National Institute of Standards and
Technology Campus Security Act is to increase effectiveness of
and accountability for maintaining the physical security of
National Institute of Standards and Technology (NIST)
facilities and the safety of workers and nearby residents.
Recent security incidents at both NIST campuses (Gaithersburg,
MD and Boulder, CO) have included the explosion of an illegal
meth lab, illicitly operated by a NIST police officer, at the
Gaithersburg campus in July 2015 and the discovery and
apprehension of an apparently deranged person within a secure
Boulder laboratory at which hazardous chemicals were stored in
April of this year. These significant security lapses
threatened the safety and well-being of 3,400 NIST employees,
3,500 visiting professionals from industry, academia, and other
government agencies, and hundreds of thousands of residents of
nearby communities.
This legislation directs the Secretary of Commerce's Office
of Security to directly oversee the law enforcement and
security programs at NIST through a new Director of Security
for NIST (with no increase in FTEs). The Director of Security
will be required to report on NIST security issues to the Under
Secretary for Standards and Technology and to Congress. In
addition, the legislation directs GAO to study and report on
the performance of the NIST Police Services Group.
BACKGROUND AND NEED FOR LEGISLATION
Thousands of government and private sector scientists carry
out sensitive research and testing at NIST campuses. The
campuses themselves are located in populated communities.
Safety and security concerns are exacerbated by storage, at
both campuses, of significant quantities of dangerous
radiological, chemical and biological materials which are used
for testing and storage.
Security of NIST facilities is the responsibility of the
NIST Police Services Group, a stand-alone NIST police force for
which the Department of Homeland Security has approved fairly
broad law enforcement powers. In addition, screening at NIST
campus vehicle entry points is handled by private contractors.
Several security incidents have brought to light safety and
security issues at NIST facilities.
On June 3, 2015, the United States Nuclear Regulatory
Commission issued an inspection report noting violations, and
that specifically, ``for a period of time estimated to begin in
the 1980s until October 2014, NIST failed to keep records
showing the receipt, inventory (including location and unique
identity), acquisition, transfer, and disposal of all special
nuclear material in its possession.''\1\ Chairmen Smith and
Loudermilk sent a letter to NIST Director Willie May requesting
documents and information about the agency's handling of
plutonium and any incidents that may have gone unreported.
---------------------------------------------------------------------------
\1\NRC Inspection Report No. 07000398/2014001, available at: http:/
/pbadupws.nrc.gov/docs/ML1515/ML15154A692.pdf.
---------------------------------------------------------------------------
In addition, on Saturday, July 18, 2015, a now former NIST
senior security officer attempted to manufacture
methamphetamine while on duty and on NIST property (Building
236 on the NIST Gaithersburg campus), which caused an explosion
and fire that damaged government property. This individual had
been recently serving as the acting Chief of Police for the
NIST Police Services Group.
In the immediate wake of the illegal meth lab incident,
Chairman Smith formally requested that NIST brief Committee
members in person and provide regular updates regarding NIST
security. In September 2015, Chairman Smith sent a written
request to NIST Director Willie May for documents and
information. At the time, NIST did not immediately comply with
Committee requests, asserting that it would release no
information until local law enforcement authorities had
completed their investigations and follow-up.
Unsolicited information and statements from NIST employees
appeared to show a culture of waste, fraud, abuse, and
misconduct within NIST Police Services, encouraged by poor
leadership and the absence of managerial oversight. For
example, the senior security officer who caused the explosion
also committed substantial time-and-attendance fraud by
claiming hours that he did not work.
The local law enforcement investigation ended with the
individual sentenced to 41 months' confinement, 2 years
supervised release, a $100.00 fine, and $4,750.10 in
restitution to NIST. NIST senior management promised an
internal review, but the Committee is unaware of any findings,
recommendations, or changes from any internal review yet.
On Saturday, April 16, 2016, an individual with no
identification was found inside a secure building on the
Boulder campus. Local firefighters and first responders were
summoned due to concerns that the individual might have been
exposed to chlorine gas stored in the building's ``clean''
room. The individual was transported to the local hospital, and
the incident is currently part of an ongoing criminal
investigation. Just as was the case for the earlier
Gaithersburg incident, NIST has refused to provide the
Committee with any information until the local law enforcement
investigation and follow-up are concluded.
Proper security is critical for the safety of the NIST
campuses, its employees, visitors, and the surrounding
communities. It is important not to jeopardize NIST's mission
to promote U.S. innovation and industrial competitiveness,
which enhances economic security. The recent incidents and
their aftermath have created serious doubts about NIST and NIST
Police Services Group capacity to assure safety and security.
LEGISLATIVE HISTORY
On March 16, 2016, the Research and Technology Subcommittee
of the House Committee on Science, Space, and Technology held a
hearing entitled, ``An Overview of the Budget Proposal for the
National Institute of Standards and Technology for Fiscal Year
2017.'' The sole hearing witness was Dr. Willie E. May,
Director, National Institute of Standards and Technology, and
Under Secretary of Commerce for Standards and Technology.
COMMITTEE VIEWS
NIST campus security
The Committee expects the Department of Commerce and NIST
to increase accountability for maintaining the physical
security of NIST facilities and the safety of NIST workers,
visitors, and local residents.
The Committee expects the Secretary of Commerce's Office of
Security to directly manage law enforcement and security
programs at NIST through an assigned Director of Security for
NIST. This individual will be assigned without increasing the
number of employees at the Department of Commerce or NIST.
Director of security reports
The Committee expects that the Director of Security for
NIST will provide a security report on a quarterly basis for
the first year, and then annually after that. The reports will
be submitted to the Under Secretary for Standards and
Technology and to the Committee on Science, Space, and
Technology of the House of Representatives and the Committee on
Commerce, Science, and Transportation in the Senate.
Comptroller general report
The Committee expects the U.S. Government Accountability
Office (GAO) to use the direction and provisions in this
legislation to conduct a study and issue a report on the
security of NIST's campuses. The Committee expects that the GAO
will work with the Committee to define the scope of the work
required to assemble needed information about the capabilities
and performance of the NIST Police Services Group and about
potentially better alternatives, options, and possible
recommendations for the current NIST security regime.
Section-by-Section
Section 1. Short title
This section establishes the short title of the bill as the
``National Institute of Standards and Technology Campus
Security Act.''
Section 2. NIST campus security
This section requires the Secretary of Commerce's Office of
Security to directly manage the law enforcement and security
programs of the National Institute of Standards and Technology
through an assigned Director of Security for the National
Institute of Standards and Technology.
This section will be implemented without increasing the
amount of employees at the Department of Commerce or the
National Institute of Standards and Technology.
Also, this section requires the Director of Security to
provide an activities and security report on a quarterly basis
for the first year after the date of bill enactment, and on an
annual basis thereafter. The report will be sent to the Under
Secretary for Standards and Technology and to the Committee on
Science, Space, and Technology of the House of Representatives
and the Committee on Commerce, Science, and Transportation of
the Senate.
Further, this section directs the GAO to conduct a study
evaluating the performance of the NIST Police Services Group
and security contractors as well as provide recommendations on
how NIST should move forward with security on its campuses and
in its facilities to ensure that they are safe and protected.
The GAO report will be due one year after enactment of the
legislation, and the report will be sent to the Secretary of
Commerce, and to the Committee on Science, Space, and
Technology of the House of Representatives and the Committee on
Commerce, Science, and Transportation in the Senate.
Committee Consideration
On July 7, 2016, the Committee met in open session and
ordered reported favorably the bill, H.R. 5636, by voice vote,
a quorum being present.
Application of Law to the Legislative Branch
Section 102(b)(3) of Public Law 104-1 requires a
description of the application of this bill to the legislative
branch where the bill relates to the terms and conditions of
employment or access to public services and accommodations.
This bill directs the Secretary of Commerce's Office of
Security to oversee directly the law enforcement and security
programs at NIST through a new Director of Security for NIST.
As such this bill does not relate to employment or access to
public services and accommodations.
Statement of Oversight Findings and Recommendations of the Committee
In compliance with clause 3(c)(1) of rule XIII and clause
(2)(b)(1) of rule X of the Rules of the House of
Representatives, the Committee's oversight findings and
recommendations are reflected in the descriptive portions of
this report.
Statement of General Performance Goals and Objectives
H.R. 5636, the NIST Campus Security Act, would increase the
effectiveness of and accountability for maintaining the
physical security of NIST facilities and the safety of the NIST
workforce.
Duplication of Federal Programs
No provision of H.R. 5636 establishes or reauthorizes a
program of the Federal Government known to be duplicative of
another Federal program, a program that was included in any
report from the Government Accountability Office to Congress
pursuant to section 21 of Public Law 111-139, or a program
related to a program identified in the most recent Catalog of
Federal Domestic Assistance.
Disclosure of Directed Rule Makings
The Committee estimates that enacting H.R. 5636 does not
direct the completion of any specific rule makings within the
meaning of 5 U.S.C. 551.
Federal Advisory Committee Act
The Committee finds that the legislation does not establish
or authorize the establishment of an advisory committee within
the definition of 5 U.S.C. App., Section 5(b).
Unfunded Mandate Statement
Section 423 of the Congressional Budget and Impoundment
Control Act (as amended by Section 101(a)(2) of the Unfunded
Mandate Reform Act, P.L. 104-4) requires a statement as to
whether the provisions of the reported include unfunded
mandates. In compliance with this requirement the Committee has
received a letter from the Congressional Budget Office included
herein.
Earmark Identification
H.R. 5636 does not include any congressional earmarks,
limited tax benefits, or limited tariff benefits as defined in
clause 9 of Rule XXI.
New Budget Authority and Tax Expenditures
Clause 3(c)(2) of rule XIII of the Rules of the House of
Representatives is inapplicable because this legislation does
not provide new budgetary authority or increased tax
expenditures.
Congressional Budget Office Cost Estimate
With respect to the requirements of clause 3(c)(3) of rule
XIII of the Rules of the House of Representatives, an estimate
and comparison prepared by the Director of Congressional Budget
Office under section 402 of the Congressional Budget Act of
1974 was not submitted to the Committee before the filing of
the report.
MINORITY VIEWS
There have been two high-profile security incidents at NIST
facilities in the last year. Those incidents have raised
legitimate oversight questions for the Committee. They also
prompted the Director of NIST to convene an ad hoc panel of
security experts to make recommendations for improved policies,
procedures, and management of security at NIST. The expert
panel made many significant recommendations. As a result, the
NIST Director developed an action plan to immediately implement
many of the recommendations while initiating more in-depth
studies of other recommendations. We view these as very
positive steps on the part of the agency.
We agree with the Majority that the GAO may have an
important role in the process of strengthening security at
NIST. However, we are puzzled about the timing and nature of
this particular legislation. First, the legislation was rushed
through without regular order and without any vetting. We
received critical comments from the subject matter experts at
NIST and GAO only the evening before the markup, giving
Democratic Members no time to prepare appropriate amendments.
Further, none of the expert feedback was incorporated into the
Majority's bill. Second, with the Director's action plan
underway, it may be more sensible for us to wait a year and
then ask GAO to analyze the status of NIST's efforts, or at
least to work with NIST and GAO to develop a scope of work that
would be most helpful in the short-term. Asking them to carry
out another broad review just months after a similar review was
carried out by a panel of independent security experts seems
duplicative, and could unnecessarily delay important changes to
NIST security policies. Finally, the Chairman already sent a
joint request to GAO along with the Chairman of the Senate
Committee on Commerce, Science, and Transportation for a
similarly scoped review of NIST security. We should take the
opportunity to work with GAO and NIST to appropriately focus
the review that is already in the queue at GAO.
Based on all of those points, we are unsure as to the
purpose or efficacy of this legislation at this time. It is in
the interest of this Committee, and in the interest of the
taxpayer, that we make the best and most efficient use of the
experts at GAO rather than sending them a duplicative ad
minimally useful mandate. Finally, we object to the Committee
micromanaging staffing at the agency, especially in a way that
could undermine the very purpose of the legislation.
Eddie Bernice Johnson.
[all]
