[House Report 114-679] [From the U.S. Government Publishing Office] 114th Congress } { Report HOUSE OF REPRESENTATIVES 2d Session } { 114-679 ====================================================================== NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY CAMPUS SECURITY ACT _______ July 11, 2016.--Committed to the Committee of the Whole House on the State of the Union and ordered to be printed _______ Mr. Smith of Texas, from the Committee on Science, Space, and Technology, submitted the following R E P O R T together with MINORITY VIEWS [To accompany H.R. 5636] [Including cost estimate of the Congressional Budget Office] The Committee on Science, Space, and Technology, to whom was referred the bill (H.R. 5636) to increase the effectiveness of and accountability for maintaining the physical security of NIST facilities and the safety of the NIST workforce, having considered the same, report favorably thereon without amendment and recommend that the bill do pass. CONTENTS Page Committee Statement and Views.................................... 2 Section-by-Section............................................... 4 Committee Consideration.......................................... 5 Application of Law to the Legislative Branch..................... 5 Statement of Oversight Findings and Recommendations of the Committee...................................................... 5 Statement of General Performance Goals and Objectives............ 5 Duplication of Federal Programs.................................. 5 Disclosure of Directed Rule Makings.............................. 5 Federal Advisory Committee Act................................... 6 Unfunded Mandate Statement....................................... 6 Earmark Identification........................................... 6 Congressional Budget Office Cost Estimate........................ 6 Minority Views................................................... 7 Committee Statement and Views PURPOSE AND SUMMARY The purpose of the National Institute of Standards and Technology Campus Security Act is to increase effectiveness of and accountability for maintaining the physical security of National Institute of Standards and Technology (NIST) facilities and the safety of workers and nearby residents. Recent security incidents at both NIST campuses (Gaithersburg, MD and Boulder, CO) have included the explosion of an illegal meth lab, illicitly operated by a NIST police officer, at the Gaithersburg campus in July 2015 and the discovery and apprehension of an apparently deranged person within a secure Boulder laboratory at which hazardous chemicals were stored in April of this year. These significant security lapses threatened the safety and well-being of 3,400 NIST employees, 3,500 visiting professionals from industry, academia, and other government agencies, and hundreds of thousands of residents of nearby communities. This legislation directs the Secretary of Commerce's Office of Security to directly oversee the law enforcement and security programs at NIST through a new Director of Security for NIST (with no increase in FTEs). The Director of Security will be required to report on NIST security issues to the Under Secretary for Standards and Technology and to Congress. In addition, the legislation directs GAO to study and report on the performance of the NIST Police Services Group. BACKGROUND AND NEED FOR LEGISLATION Thousands of government and private sector scientists carry out sensitive research and testing at NIST campuses. The campuses themselves are located in populated communities. Safety and security concerns are exacerbated by storage, at both campuses, of significant quantities of dangerous radiological, chemical and biological materials which are used for testing and storage. Security of NIST facilities is the responsibility of the NIST Police Services Group, a stand-alone NIST police force for which the Department of Homeland Security has approved fairly broad law enforcement powers. In addition, screening at NIST campus vehicle entry points is handled by private contractors. Several security incidents have brought to light safety and security issues at NIST facilities. On June 3, 2015, the United States Nuclear Regulatory Commission issued an inspection report noting violations, and that specifically, ``for a period of time estimated to begin in the 1980s until October 2014, NIST failed to keep records showing the receipt, inventory (including location and unique identity), acquisition, transfer, and disposal of all special nuclear material in its possession.''\1\ Chairmen Smith and Loudermilk sent a letter to NIST Director Willie May requesting documents and information about the agency's handling of plutonium and any incidents that may have gone unreported. --------------------------------------------------------------------------- \1\NRC Inspection Report No. 07000398/2014001, available at: http:/ /pbadupws.nrc.gov/docs/ML1515/ML15154A692.pdf. --------------------------------------------------------------------------- In addition, on Saturday, July 18, 2015, a now former NIST senior security officer attempted to manufacture methamphetamine while on duty and on NIST property (Building 236 on the NIST Gaithersburg campus), which caused an explosion and fire that damaged government property. This individual had been recently serving as the acting Chief of Police for the NIST Police Services Group. In the immediate wake of the illegal meth lab incident, Chairman Smith formally requested that NIST brief Committee members in person and provide regular updates regarding NIST security. In September 2015, Chairman Smith sent a written request to NIST Director Willie May for documents and information. At the time, NIST did not immediately comply with Committee requests, asserting that it would release no information until local law enforcement authorities had completed their investigations and follow-up. Unsolicited information and statements from NIST employees appeared to show a culture of waste, fraud, abuse, and misconduct within NIST Police Services, encouraged by poor leadership and the absence of managerial oversight. For example, the senior security officer who caused the explosion also committed substantial time-and-attendance fraud by claiming hours that he did not work. The local law enforcement investigation ended with the individual sentenced to 41 months' confinement, 2 years supervised release, a $100.00 fine, and $4,750.10 in restitution to NIST. NIST senior management promised an internal review, but the Committee is unaware of any findings, recommendations, or changes from any internal review yet. On Saturday, April 16, 2016, an individual with no identification was found inside a secure building on the Boulder campus. Local firefighters and first responders were summoned due to concerns that the individual might have been exposed to chlorine gas stored in the building's ``clean'' room. The individual was transported to the local hospital, and the incident is currently part of an ongoing criminal investigation. Just as was the case for the earlier Gaithersburg incident, NIST has refused to provide the Committee with any information until the local law enforcement investigation and follow-up are concluded. Proper security is critical for the safety of the NIST campuses, its employees, visitors, and the surrounding communities. It is important not to jeopardize NIST's mission to promote U.S. innovation and industrial competitiveness, which enhances economic security. The recent incidents and their aftermath have created serious doubts about NIST and NIST Police Services Group capacity to assure safety and security. LEGISLATIVE HISTORY On March 16, 2016, the Research and Technology Subcommittee of the House Committee on Science, Space, and Technology held a hearing entitled, ``An Overview of the Budget Proposal for the National Institute of Standards and Technology for Fiscal Year 2017.'' The sole hearing witness was Dr. Willie E. May, Director, National Institute of Standards and Technology, and Under Secretary of Commerce for Standards and Technology. COMMITTEE VIEWS NIST campus security The Committee expects the Department of Commerce and NIST to increase accountability for maintaining the physical security of NIST facilities and the safety of NIST workers, visitors, and local residents. The Committee expects the Secretary of Commerce's Office of Security to directly manage law enforcement and security programs at NIST through an assigned Director of Security for NIST. This individual will be assigned without increasing the number of employees at the Department of Commerce or NIST. Director of security reports The Committee expects that the Director of Security for NIST will provide a security report on a quarterly basis for the first year, and then annually after that. The reports will be submitted to the Under Secretary for Standards and Technology and to the Committee on Science, Space, and Technology of the House of Representatives and the Committee on Commerce, Science, and Transportation in the Senate. Comptroller general report The Committee expects the U.S. Government Accountability Office (GAO) to use the direction and provisions in this legislation to conduct a study and issue a report on the security of NIST's campuses. The Committee expects that the GAO will work with the Committee to define the scope of the work required to assemble needed information about the capabilities and performance of the NIST Police Services Group and about potentially better alternatives, options, and possible recommendations for the current NIST security regime. Section-by-Section Section 1. Short title This section establishes the short title of the bill as the ``National Institute of Standards and Technology Campus Security Act.'' Section 2. NIST campus security This section requires the Secretary of Commerce's Office of Security to directly manage the law enforcement and security programs of the National Institute of Standards and Technology through an assigned Director of Security for the National Institute of Standards and Technology. This section will be implemented without increasing the amount of employees at the Department of Commerce or the National Institute of Standards and Technology. Also, this section requires the Director of Security to provide an activities and security report on a quarterly basis for the first year after the date of bill enactment, and on an annual basis thereafter. The report will be sent to the Under Secretary for Standards and Technology and to the Committee on Science, Space, and Technology of the House of Representatives and the Committee on Commerce, Science, and Transportation of the Senate. Further, this section directs the GAO to conduct a study evaluating the performance of the NIST Police Services Group and security contractors as well as provide recommendations on how NIST should move forward with security on its campuses and in its facilities to ensure that they are safe and protected. The GAO report will be due one year after enactment of the legislation, and the report will be sent to the Secretary of Commerce, and to the Committee on Science, Space, and Technology of the House of Representatives and the Committee on Commerce, Science, and Transportation in the Senate. Committee Consideration On July 7, 2016, the Committee met in open session and ordered reported favorably the bill, H.R. 5636, by voice vote, a quorum being present. Application of Law to the Legislative Branch Section 102(b)(3) of Public Law 104-1 requires a description of the application of this bill to the legislative branch where the bill relates to the terms and conditions of employment or access to public services and accommodations. This bill directs the Secretary of Commerce's Office of Security to oversee directly the law enforcement and security programs at NIST through a new Director of Security for NIST. As such this bill does not relate to employment or access to public services and accommodations. Statement of Oversight Findings and Recommendations of the Committee In compliance with clause 3(c)(1) of rule XIII and clause (2)(b)(1) of rule X of the Rules of the House of Representatives, the Committee's oversight findings and recommendations are reflected in the descriptive portions of this report. Statement of General Performance Goals and Objectives H.R. 5636, the NIST Campus Security Act, would increase the effectiveness of and accountability for maintaining the physical security of NIST facilities and the safety of the NIST workforce. Duplication of Federal Programs No provision of H.R. 5636 establishes or reauthorizes a program of the Federal Government known to be duplicative of another Federal program, a program that was included in any report from the Government Accountability Office to Congress pursuant to section 21 of Public Law 111-139, or a program related to a program identified in the most recent Catalog of Federal Domestic Assistance. Disclosure of Directed Rule Makings The Committee estimates that enacting H.R. 5636 does not direct the completion of any specific rule makings within the meaning of 5 U.S.C. 551. Federal Advisory Committee Act The Committee finds that the legislation does not establish or authorize the establishment of an advisory committee within the definition of 5 U.S.C. App., Section 5(b). Unfunded Mandate Statement Section 423 of the Congressional Budget and Impoundment Control Act (as amended by Section 101(a)(2) of the Unfunded Mandate Reform Act, P.L. 104-4) requires a statement as to whether the provisions of the reported include unfunded mandates. In compliance with this requirement the Committee has received a letter from the Congressional Budget Office included herein. Earmark Identification H.R. 5636 does not include any congressional earmarks, limited tax benefits, or limited tariff benefits as defined in clause 9 of Rule XXI. New Budget Authority and Tax Expenditures Clause 3(c)(2) of rule XIII of the Rules of the House of Representatives is inapplicable because this legislation does not provide new budgetary authority or increased tax expenditures. Congressional Budget Office Cost Estimate With respect to the requirements of clause 3(c)(3) of rule XIII of the Rules of the House of Representatives, an estimate and comparison prepared by the Director of Congressional Budget Office under section 402 of the Congressional Budget Act of 1974 was not submitted to the Committee before the filing of the report. MINORITY VIEWS There have been two high-profile security incidents at NIST facilities in the last year. Those incidents have raised legitimate oversight questions for the Committee. They also prompted the Director of NIST to convene an ad hoc panel of security experts to make recommendations for improved policies, procedures, and management of security at NIST. The expert panel made many significant recommendations. As a result, the NIST Director developed an action plan to immediately implement many of the recommendations while initiating more in-depth studies of other recommendations. We view these as very positive steps on the part of the agency. We agree with the Majority that the GAO may have an important role in the process of strengthening security at NIST. However, we are puzzled about the timing and nature of this particular legislation. First, the legislation was rushed through without regular order and without any vetting. We received critical comments from the subject matter experts at NIST and GAO only the evening before the markup, giving Democratic Members no time to prepare appropriate amendments. Further, none of the expert feedback was incorporated into the Majority's bill. Second, with the Director's action plan underway, it may be more sensible for us to wait a year and then ask GAO to analyze the status of NIST's efforts, or at least to work with NIST and GAO to develop a scope of work that would be most helpful in the short-term. Asking them to carry out another broad review just months after a similar review was carried out by a panel of independent security experts seems duplicative, and could unnecessarily delay important changes to NIST security policies. Finally, the Chairman already sent a joint request to GAO along with the Chairman of the Senate Committee on Commerce, Science, and Transportation for a similarly scoped review of NIST security. We should take the opportunity to work with GAO and NIST to appropriately focus the review that is already in the queue at GAO. Based on all of those points, we are unsure as to the purpose or efficacy of this legislation at this time. It is in the interest of this Committee, and in the interest of the taxpayer, that we make the best and most efficient use of the experts at GAO rather than sending them a duplicative ad minimally useful mandate. Finally, we object to the Committee micromanaging staffing at the agency, especially in a way that could undermine the very purpose of the legislation. Eddie Bernice Johnson. [all]