Office of Safeguards and Security Evaluations
(OA-10)
Sandia
National Laboratory – New Mexico Special Review: Data collection activities continue with new issues and concerns
being identified. The results of this
special review are likely to identify major issues with regard to security
management at SNL-NM. This review is
being conducted following interest expressed by Senator Grassley. Media Interest is expected.
The OA-10 staff member detailed to
the Department of Homeland Security (DHS) is developing standard operating
procedures for the DOE desk at the DHS Emergency Operations Center.
Classified
Matter Protection and Control Special Reviews:
The Lawrence Livermore National Laboratory CMPC Special Review report
was finalized last week and is awaiting management review and approval.
RL/Hanford
and PNNL inspection activities: The draft inspection reports for
both PNNL and Hanford were mailed.
Corrective Action Plans: The response to the interim Savannah River
Site CAP is awaiting management review and approval.
Office of Cyber Security Evaluations
(OA-20)
Perimeter
Scanning Project: OA-20 personnel in
partnership with the Office of the Chief Information Officer are conducting a
special study (Perimeter Scanning Project) to map out and characterize DOE’s
network perimeter. This effort is being
undertaken to establish a baseline understanding of the magnitude and make-up
of DOE computer systems exposed to the Internet in order to improve the
Department’s protection posture.
Testing has been completed for 38 DOE sites. Testing is currently ongoing at several additional sites.
Special
Study of the Security of Wireless Computer Networking: OA-20 staff have completed the draft of a
special study report to describe management and technical issues, and
improvement recommendations as they relate to the security of wireless computer
networking devices within DOE. The
draft report is undergoing internal management review. Subsequently, the final daft report will be
circulated within DOE for comment prior to publication.
Unannounced
Cyber Security Penetration Testing: OA
is developing an unannounced cyber security penetration testing capability to
supplement routine announced inspections.
OA-20 has established program documentation and draft agreements that
will serve as the basis for the unannounced penetration testing program. These documents are undergoing management
review. OA-20 anticipates the
commencement of unannounced testing during this summer. Managers at several DOE organizations have
volunteered as participants.
Annual
Independent Evaluation of Classified Information System Security: As assigned by the DOE Order 205.1, and as
required by the Federal Information Security Management Act (FISMA), OA is
preparing an annual evaluation of DOE’s classified information system security
program. An analysis of OA cyber
security inspection results over the last year is ongoing. An initial draft of the evaluation report is
anticipated in July.
Office of Emergency Management Oversight (OA-30)
Inspection
of the East Tennessee Technology Park:
Factual accuracy comments from the site have been incorporated into the
draft report. The final report will be
issued early next week.
Inspection
of the Idaho National Engineering and Environmental Laboratory (INEEL): OA-30 and OA-50 continue planning for a
joint inspection of INEEL. INEEL
planning and inspection scoping discussions are being held routinely with the
Office of Nuclear Energy, Science and Technology, the Idaho Operations Office,
and with Bechtel BWXT Idaho. The onsite
scoping visit was completed on June 3-5.
Stakeholder input was solicited from site labor organizations, the Snake
River Alliance, the Citizens Advisory Board, the Shoshone-Bannock Tribes, the
State of Idaho Bureau of Disaster Services, and the State of Idaho INEEL
Oversight Program. A site visit will be
conducted to finalize the tabletop performance test packages.
Consideration
of Emergency Management Program Special Reviews: OA-30 is evaluating options to conduct inspections focused on
emergency management program elements, long-standing performance weakness, or
areas of special interest. OA-30 staff
is developing three alternatives for OA management consideration.
Office of Environment, Safety and Health
Evaluations (OA-50)
Sandia National
Laboratories – New Mexico Inspection:
The final report was transmitted to the site on April 7. NNSA has delegated the authority for
approval of Sandia Site Office Corrective Action Plans to the site office. An approved corrective action plan was
transmitted to OA on June 11 and is currently being reviewed.
Y-12 National
Security Complex Inspection: The final
report was distributed on May 9. An
approved corrective action plan is due on July 7.
East Tennessee
Technology Park Inspection: The draft
report was provided to the site on May 22 for a 10-day review period to
provide written factual accuracy comments.
The site comments have been received and are under review and
consideration prior to issuance of the final report.
Suspect/Counterfeit
Items (S/CI) Special Study: The special
study is being conducted in two phases encompassing both the Department’s
headquarters and field elements of the S/CI program. The headquarters phase of the study continues. Onsite reviews at the Los Alamos National
Laboratory and Savannah River Site were completed and visits to the Kansas City
Plant and River Protection Project site are ongoing.
Idaho
National Engineering and Environmental Laboratory Inspection – The inspection
plan is being developed.
Office of Safeguards and Security Evaluations
(OA-10)
Composite
Adversary Team Training: CAT training
was conducted at NTS this week.