"...our preliminary fact-findings reveal that contributing and direct causes of the security event include an inappropriate Y-12 cultural mind set, as well as a lapse of discipline and performance..."
At first the lesson seemed to be simple. If any part of your security system is broken fix it, or ask that it be fixed - in writing - until it is fixed or until you are granted an exception - in writing - releasing you from pursuit of the deliverable for which the tool was provided. In this case that lesson would be a little too simple.
In Part One of his pointed and pithy essay Catrantzos let's us in on a bit of a shocker. The NNSA itself held the contract with G4S and was responsible for operational oversight until after the failure, which is when they transferred the contract to the engineering company operating the site - Babcock and Wilcox, and only then sent them the letter blaming them for the security breach. With clients like these...
Part Two is even better. If you have ever failed an audit, watched helplessly as a program slid inexorably out of control, or been woken up by news of some catastrophic screw up by a member of your team, you will recognize the wisdom of Catrantzos' advice. If none of these things have ever happened to you then you must read his essay so that you are ready for the day when they do.
Image credit: Adam Brimer http://m.knoxnews.com/photos/2012/aug/03/245458/