Dana Romanoff/Getty Images(BOULDER, Colo.) — Federal investigators conducting covert surveillance and other secret operations successfully breached security at two secure U.S. government facilities in Maryland and Colorado, according to a new government report. One of the facilities contained a nuclear research reactor.
“Our covert vulnerability testing identified security vulnerabilities,” warns a report from the Government Accountability Office (GAO), which sent undercover agents to two campuses of the National Institute of Standards and Technology (NIST), an agency of the U.S. Commerce Department.
The report adds, “Specifically, GAO agents gained unauthorized access to various areas of both NIST campuses.”
Investigators sought access to the facilities multiple times, and each time were successful, according to an aide on the House Committee on Science, Space and Technology, which is holding a hearing Wednesday on the report. The public report was provided to reporters in advance of the hearing.
“Lax physical security at NIST invites concerns about everything from petty vandalism and theft … to criminals or even terrorists stealing or releasing poisonous chemicals and other dangerous materials that are stored in NIST labs,” the aide said.
NIST labs house a number of dangerous chemicals and radioactive materials used for research and testing that could be deadly in the wrong hands.
The agency tests and sets standards for everything from radiation detectors used by the Department of Homeland Security, to ballistic-resistant body armor used by police departments, to proper radiation and exposure levels for mammograms. It has recently been tasked with researching and recommending ways for federal agencies to recover from any cyberattack.
GAO agents shot videos of their clandestine activity. The House panel, which is now in possession of those videos, plans to show them to committee members and staff before the hearing, but not to the public.
The U.S. Commerce Department, under which NIST falls, has asked the committee, chaired by Rep. Lamar Smith, R-Texas, to treat the recorded material as “law enforcement sensitive,” which shields it from public view. For now, the committee is abiding by this request, though negotiations are underway to publish the material, according to the aide.
A Commerce Department spokesman acknowledged receiving the request, but declined to comment further to ABC News.
The committee aide said, “These risks threaten thousands of federal scientists and other federal workers, thousands of visitors with whom NIST works on a daily basis and the entire nearby communities.”
Serious security lapses not new
This is not the first security lapse at NIST, an agency that is home to the atomic clock and several Nobel Prize-winning scientists.
In 2015, a senior police lieutenant on the agency’s security force was convicted of attempting to manufacture methamphetamine in a NIST lab in Gaithersburg, Maryland. His failed effort resulted in an explosion that blew out windows and burned the officer.
A judge sentenced the man to more than three years in prison, according to court documents, referencing the popular TV series, Breaking Bad, in which a chemistry teacher decides to start making meth.
As Smith’s committee was investigating that 2015 breach, another incident occurred. An unauthorized individual wandered onto the Boulder, Colorado, campus into a sensitive area, according to a committee official.
NIST has seen some security improvements
But it’s not all bad news for NIST. Security has been improving since 2015, the GAO noted. The research agency has been working to educate its employees about the need for heightened security.
As part of its investigation, agents spoke to employees working in highly sensitive facilities, all of whom attend mandatory security training and “reported significantly fewer observations of colleagues not following NIST security policies,” the GAO report reads.
But the report adds this ominous warning: “The remainder of NIST’s employees currently have no mandatory security training, and a higher percentage reported having observed a colleague not following NIST security policies.”
Copyright © 2017, ABC Radio. All rights reserved.