The season's most intriguing puzzle is how Russian spies managed to install a bug in a seventh-floor conference room at the State Department down the hall from the secretary of state's office. Now a sorry answer is emerging: The Russian penetration of our diplomatic inner sanctum may be partly the result of bureaucratic delay by top State Department officials.

Internal State Department documents show that more than a year ago, the department's Bureau of Diplomatic Security tried to issue new access-control rules that would have prevented visitors from wandering the building unescorted. But implementation of these rules was blocked by senior officials, including the widely respected undersecretary of state for political affairs, Thomas Pickering.

To appreciate the access-control fiasco, you need to understand that, until several months ago, visitors were free to roam State's headquarters on C Street after clearing an initial security check-in at the front door. Officially, visitors were supposed to go directly to the specific office where they had an appointment and then leave. But in practice, once a scheduled meeting was over, a visiting Russian, Indian or Egyptian diplomat could stop off at the cafeteria for a cup of coffee, say, or drop by the office of another U.S. official. Or perhaps he could duck into an empty seventh-floor conference room, install a specially constructed piece of wood molding and dart out, with no one the wiser.

The first effort to tighten these loosey-goosey access rules came in a "Department Notice" dated Nov. 17, 1998. It mandated that "All visitors, with the exception of active U.S. Government (USG) agency personnel who display proper photo identification, shall be escorted at all times."

But this notice was withdrawn just six days later. No reason was given, but I'm told it was because of objections from Pickering and other senior Foreign Service officers. Among their complaints was that having to escort visitors out of the building would be a nuisance.

Pickering said yesterday he'd objected to the policy initially because it hadn't gone through appropriate channels. "I found out when I came to work and was handed a piece of paper," he recalled. "The security people had a notion you could just give orders," and hadn't thought carefully about how the policy would be implemented. State's philosophy had always been "open corridors and closed offices," he said.

The Bureau of Diplomatic Security relaunched its access-control plan on Aug. 6--which officials say was probably after the Russians had planted their bug. The FBI monitored the Russian operation for several months and then, on Dec. 8, arrested a Russian operative named Stanislav Borisovich Gusev outside the department.

The access-control issue is important, because some investigators now suspect that unescorted vistors may have installed the Russian bug. They speculate that if the Russians had a real mole inside State they would have used that person to plant a bug in a more sensitive area than the conference room. The room they bugged hosted some pretty tedious meetings, and one CIA veteran jokes that he feels sorry for the Russian case officer who had to listen to all the tapes.

The scary fact about the State Department bugging isn't that it produced a hemhorrage of secrets (which it probably didn't). It's that it illustrates a lack of consensus at State about security procedures. Indeed, this tale--pieced together with help from my fellow Post columnist Mike Causey--is a classic study of how bureaucracies can work at cross purposes.

The simple fact is that the mandarins at State have never much liked the security people, viewing them as gumshoes and right-wing zealots. The security types have reciprocrated, deriding senior diplomats as "The Black Dragons." In this environment, it has been hard for the two sides to cooperate.

The danger of this mentality is that it could get Foreign Service officers killed. After the 1983 U.S. Embassy bombing in Beirut and other terrorist attacks, Congress passed the Diplomatic Security Act of 1986. It called for a range of tough new measures to make our embassies and diplomatic headquarters safer. But many of these recommendations were never carried out, officials say, because of foot-dragging by top Foreign Service officers.

After last year's terrorist bombings of U.S. embassies in Africa, the security officers tried again. They hired a consulting firm, Booz-Allen and Hamilton, to conduct an outside audit. That confidential report, completed Oct. 18, recommended that State "elevate the role of the Bureau of Diplomatic Security" and take other steps to respond to terrorist and counterintelligence threats. Pickering said his office helped carry out some recommendations of the study but opposes others.

We're an open society, so it was characteristically American that until a few months ago, a visitor could roam the corridors of the State Department. You can't do that at Microsoft or Sun Microsystems. But hey, those are high-tech companies, whereas the State Department just has national-security secrets.

Maybe we should thank the Russians. It took their clever little bug, disguised as a section of chair railing, to remind our diplomats and security officials that they're all playing on the same team.