Federal investigators — conducting covert surveillance and other secret operations — successfully breached security at two secure U.S. government facilities in Maryland and Colorado, one containing a nuclear research reactor.
“Our covert vulnerability testing identified security vulnerabilities,” warns a report from the Government Accountability Office (GAO), which sent undercover agents to two campuses of the National Institute of Standards and Technology (NIST), an agency of the U.S. Commerce Department.
The report adds, “Specifically, GAO agents gained unauthorized access to various areas of both NIST campuses.”
Investigators sought access to the facilities multiple times and each time were successful, according to an aide to the House Committee on Science, Space, and Technology, which was set to hold a hearing into the explosive report today.
“Lax physical security at NIST invites concerns about everything from petty vandalism and theft…to criminals or even terrorists stealing or releasing poisonous chemicals and other dangerous materials that are stored in NIST labs,” the aide said.
NIST labs house a number of dangerous chemicals and radioactive material used for research and testing that could be deadly in the wrong hands.
The agency tests and sets standards for everything from radiation detectors used by the Department of Homeland Security, ballistic-resistant body armor used by police departments, to proper radiation and exposure levels for mammograms, and it has recently been tasked with researching and recommending ways for federal agencies to recover from any cyberattack.
GAO agents shot videos of their clandestine activity. The House panel, which is now in possession of those videos, plans to show them to committee members and staff before the hearing, but not to the public.
The U.S. Commerce Department, under which NIST falls, has asked the committee, chaired by Rep. Lamar Smith, R-Texas, to treat the recorded material as “law enforcement sensitive,” which shields it from public view, and, for now, the committee is abiding by this request, according to the aide, though negotiations are underway to publish the material.
A Commerce Department spokesman acknowledged receiving the request, but declined to comment further to ABC News.
The committee aide said, “These risks threaten thousands of federal scientists and other federal workers, thousands of visitors with whom NIST works on a daily basis and the entire nearby communities.”
This is not the first security lapse at NIST, an agency that is home to the Atomic Clock and several Nobel Prize-winning scientists.
In 2015, a senior police lieutenant on the agency’s security force was convicted of attempting to manufacture methamphetamine in a NIST lab in Gaithersburg, Maryland. His failed effort resulted in an explosion that blew out windows and burned the officer.
A judge sentenced the man to more than three years in prison, according to court documents, referencing the popular TV series, “Breaking Bad,” in which a chemistry teacher decides to start making meth.
As Rep. Smith’s committee was investigating that 2015 breach, another incident occurred. An unauthorized individual wandered onto the Boulder, Colorado, campus into a sensitive area, according to a committee official.
But it’s not all bad news for NIST. Security has been improving since 2015, the GAO noted. The research agency has been working to educate its employees of the need for heightened security.
As part of its investigation, agents spoke to employees working in highly sensitive facilities, all of whom attend mandatory security training and “reported significantly fewer observations of colleagues not following NIST security policies,” the GAO report says.
But the report adds this ominous warning, “The remainder of NIST’s employees currently have no mandatory security training, and a higher percentage reported having observed a colleague not following NIST security policies.”