Weekly Highlights for June 30 – July 3, 2003
Office of Safeguards and Security Evaluations
(OA-10)
Sandia
National Laboratory – New Mexico Special Review: Data collection activities continued with interviews conducted at
Headquarters during the past two weeks.
Data collection activities at SNL-NM resume next week. The results of this special review are
likely to identify major issues with regard to security management at
SNL-NM. This review is being conducted
following interest expressed by Senator Grassley. Media Interest is expected.
OA-10 is reviewing the Department 25 Year Security Strategic
Plan. The results of this review will
be briefed to OA-1 on July 16.
Multiple
Integrated Laser Engagement System equipment:
The technical specifications and competing cost estimates for replacing
the existing MILES equipment used by OA-10 during force on force exercises were
reviewed. The results of this review
will be used to make purchasing decisions that are planned for later this summer.
RL/Hanford
and PNNL inspection activities: Topic personnel have reviewed the
comments from the technical editor on the draft PNNL and Hanford inspection
reports. Site comments have not been
received. A meeting is scheduled next
week with EM and SO to discuss the inspection results.
Corrective Actions Plans: The final LANL CAP was reviewed with a
response is being developed.
The OA-10 staff member detailed to
the Department of Homeland Security (DHS) is developing standard operating
procedures for the DOE desk at the DHS Emergency Operations Center.
Office of Cyber Security Evaluations
(OA-20)
Perimeter
Scanning Project: OA-20 in partnership
with the Office of the Chief Information Officer is conducting a special study
(Perimeter Scanning Project) to map out and characterize DOE’s network
perimeter. This effort is being
undertaken to establish a baseline understanding of the magnitude and make-up
of DOE computer systems exposed to the Internet in order to improve the
Department’s protection posture.
Testing has been completed for 38 DOE sites. Testing is currently ongoing at several additional sites.
Special
Study of the Security of Wireless Computer Networking: OA-20 has completed the draft special study
report to describe management and technical issues and improvement
recommendations as they relate to the security of wireless computer networking
devices within DOE. The draft report is
undergoing review by various Headquarters cyber security specialists.
Unannounced
Cyber Security Penetration Testing: OA
is developing an unannounced cyber security penetration testing capability to
supplement routine announced inspections.
OA-20 has established program documentation and draft agreements that
will serve as the basis for the unannounced penetration testing program. These documents are undergoing management
review. OA-20 anticipates the
commencement of unannounced testing during this summer. Managers at several DOE organizations have
volunteered as participants.
Annual
Independent Evaluation of Classified Information System Security: As assigned by the DOE Order 205.1, and as
required by the Federal Information Security Management Act (FISMA), OA is
preparing an annual evaluation of DOE’s classified information system security
program. An analysis of OA cyber
security inspection results over the last year is ongoing. An initial draft of the evaluation report is
anticipated in July.
Office of Emergency Management Oversight (OA-30)
Inspection
of the East Tennessee Technology Park:
Factual accuracy comments from the site have been incorporated into the
draft report. The final report will be
issued the week of July 3. Interim
corrective actions are to be submitted within 30 days, and a final corrective
action within 60 days, of the date of issuance.
Joint
Inspection of the Idaho National Engineering and Environmental Laboratory
(INEEL): OA-30 and OA-50 continue
planning for a joint inspection of INEEL.
A formal inspection plan was provided to line management on July 1. A site visit will be conducted to finalize
the tabletop performance test packages.
On-site data collection will occur as scheduled.
Emergency
Management Oversight Stakeholder Outreach:
The Office of Emergency Management Oversight will be meeting with the
State of New Mexico Emergency Management Director in Santa Fe, and
representatives of the State of Washington Office of Emergency Management, in
Richland, during the week of July 7.
These meetings are part of an established OA outreach effort to proactively
solicit feedback on the effectiveness of site program interfaces from state and
local emergency response communities.
Feedback from these meetings will be provided to DOE field management.
Office of Environment, Safety and Health
Evaluations (OA-50)
Sandia National
Laboratories – New Mexico Inspection:
The final report was transmitted to the site on April 7. NNSA has delegated the authority for
approval of SSO Corrective Action Plans to the SSO. A memorandum providing comments on the corrective action plan is
under development.
Y-12 National
Security Complex Inspection: The final
report was distributed on May 9. An
approved corrective action plan is due on July 7.
East Tennessee
Technology Park Inspection: The draft
report was provided to the site on May 22 for a 10-day review period to
provide written factual accuracy comments.
The site comments have been received and are under review and
consideration prior to issuance of the final report.
Suspect/Counterfeit
Items (S/CI) Special Study: The special
study is being conducted in two phases encompassing both the Department’s
headquarters and field elements of the S/CI program. The headquarters phase of the study continues. Onsite reviews at the Los Alamos National
Laboratory, Savannah River Site, Kansas City Plant, and River Protection
Project have been completed. Onsite
reviews at the Oak Ridge National Laboratory and Pantex Plant are scheduled for
July 7-10.
Idaho
National Engineering and Environmental Laboratory Inspection: The inspection plan has been issued.
Office of Safeguards and Security Evaluations
(OA-10)
Congressional
Briefing: Materials were prepared in
support of a meeting between OA-1 and Senator Shay.
CMPC
Special Reviews: The LLNL CMPC Special Review
report has been approved and is being distributed.
Corrective Action Plans: The response to the interim SRS CAP has been
approved and dispatched.
Office of Environment, Safety and Health
Evaluations (OA-50)
Comments
were provided to EH regarding the draft notice assigning responsibilities for
software quality assurance on June 1.
A meeting
was held with EH management on June 30 to discuss comments on the draft process
for identifying and processing information regarding S/CI.
A meeting
was held with EH management on July 3 to discuss the Department’s response to
the DNFSB regarding S/CI processes and the Temperform investigation.
Follow-up
activities, in response to a March 12, 2003, memorandum from the Inspector
General (IG-42) concerning safety issues at the Fernald Environmental
Management Project, have been completed.
The newly appointed Ohio Field Office Manager commissioned a panel of
experts to study the alleged issues and corrective actions were developed that
will be completed by July 31, 2003.
The
Director OA-50 along with the Deputy Director OA-20 and select staff met with a
General Council representative to discuss the upcoming deposition regarding the
Gaseous Diffusion Plants Investigation.