A consortium of nonprofits that operates Los Alamos National Laboratory has shown improvement in the second year of its contract but fell short in some critical areas, such as goals tied to upcoming plutonium work and a lapse in cybersecurity that left some systems vulnerable to a widespread breach, federal officials said an annual report.
Triad National Security LLC, composed of the Battelle Memorial Institute, the Texas A&M University System and the University of California, received a “very good” assessment for 2020 compared to last year’s report card, which rated the contractor “good” and pointed to several serious deficiencies.
The new report is based on how well Triad met its goals set at the beginning of fiscal year 2020 and is used to determine how much the consortium will earn in bonus money.
Despite some criticisms, Triad will receive about $45.7 million in annual fees, or 88 percent of the maximum possible. That’s $10 million more than it got last year.
The National Nuclear Security Administration, a U.S. Department of Energy branch, conducts the yearly reports on Los Alamos and other national labs it oversees.
An agency spokesman said in an email Monday no one was available to comment on the report because of the federal holiday.
One critic said it was another yearly report that fails to hold a contractor to task.
“They’re always going to get most of the money,” said Greg Mello, executive director of the nonprofit Los Alamos Study Group. “The labs always get off easy. Every year the charade goes on.”
Serious performance issues led to steep deductions in bonus fees for the lab’s previous operator, Los Alamos National Security LLC. Triad took over operations in November 2018.
In the past, the Nuclear Security Administration had released full evaluations of contractors overseeing lab operations. Last year, the agency stopped releasing detailed reports and began issuing summaries instead, citing security concerns.
The summaries use broad language, including to describe problems.
For instance, this year’s report said Triad didn’t meet its goals for making “development pits,” or prototypes for the explosive plutonium centers in nuclear warheads. It didn’t describe how Triad fell short of making the five development pits outlined as a goal in the Energy Department’s 2020 budget request.
The White House, defense officials and some senators have pushed for the Los Alamos lab to produce 30 pits a year by 2026. Plans also call for Savannah River Site in South Carolina to make an additional 50 pits by 2030.
Jay Coghlan, executive director of the nonprofit Nuclear Watch New Mexico, said the report indicated the pit production goals are unrealistic, given the lab can’t even meet the targets for making practice pits.
“The incoming Biden administration should take a hard look at planned expanded plutonium pit production before billions of taxpayers’ dollars are wasted, and more radioactive wastes and contamination are produced,” Coghlan said.
The report noted Triad encountered challenges in cybersecurity and had “improper access controls.”
That appears to be in reference to the extensive cyberattack in December on federal agencies, including the Energy Department and Los Alamos and Sandia labs.
Hackers spread malware through the SolarWinds information technology software to as many as 17,000 users. Energy Department officials said only the agency’s business systems were affected and not critical systems used in the nuclear weapons program.
Still, it left federal officials to wonder how vulnerable agencies might be to future cyberattacks.
The report also noted a breach in a glovebox — a sealed compartment used to handle radioactive materials — delayed progress on certain operations. The worst safety incident last year occurred in June when a worker tore a protective glove, causing enough airborne radiation to require 15 people to be tested, the report said.
The worker who ripped the glove was the only one to test positive for radiation exposure.
Other criticisms of Triad in the report include the following:
- The contractor did not always bring all resources to bear to develop well-defined technical solutions that stand up to scrutiny.
- It did not always identify legacy issues before they turned into security and maintenance issues.
- It inconsistently delivered signature-ready documents across the organization.
- It did not meet four of the six small-business goals and struggled with some small-business relationships.
- Its quality control methods were not completely effective, but it has made improvements.
The report praised Triad for its handling of critical work amid the COVID-19 crisis that required about 85 percent of employees to work remotely.
Mello said COVID-19 is bound to set back the lab in its pursuit of plutonium pit production. Workers forced to quarantine have highly specialized skills, making them difficult to replace when they’re self-isolating, he said.
The pandemic compounds existing challenges, such as modernizing the lab’s aging plutonium facility and dealing with safety issues such as the glovebox breach, Mello said.
“The problems just build on each other,” he said.