Office of Safeguards and Security Evaluations
(OA-10)
Sandia
National Laboratory – New Mexico Special Review: Data collection activities at SNL-NM are continuing. The results of this special review are
likely to identify major issues with regard to security management at
SNL-NM. This review is being conducted
at the request of the NNSA Administrator following interest expressed by
Senator Grassley.
Department 25 Year Security Strategic Plan: OA-10 is reviewing the Department’s 25 Year
Security Strategic Plan. The results of
this review will be briefed to OA-1 on July 16.
One OA-10 staff member, detailed
to the Department of Homeland Security (DHS), is developing standard operating
procedures for the DOE desk at the DHS Emergency Operations Center. Currently the staff member is awaiting
comments and input from SO.
RL/Hanford
and PNNL inspection activities: Site comments for the draft PNNL
and Hanford inspection reports have been received and are being reviewed.
ANL-E inspection activities: The interim CAP for the CH-ANL-E inspection
has been reviewed. A response is being
developed.
LANL inspection activities: The final LANL CAP has been reviewed. A response is being developed.
Classified
Matter Protection and Control Review: A
CMPC special review is in progress at Nevada.
The draft report is planned for completion next week.
Office of Cyber Security Evaluations
(OA-20)
Perimeter
Scanning Project: OA-20, in partnership
with the Office of the Chief Information Officer, is conducting a special study
(Perimeter Scanning Project) to map out and characterize DOE’s network
perimeter. This effort is being
undertaken to establish a baseline understanding of the magnitude and make-up
of DOE computer systems exposed to the Internet in order to improve the
Department’s protection posture.
Testing has been completed for 40 DOE sites. Testing is currently ongoing at several additional sites and
scanning agreements are being coordinated with all remaining DOE/NNSA
sites.
Special
Study of the Security of Wireless Computer Networking: OA-20 has completed a special study report
to describe management and technical issues, and improvement recommendations as
they relate to the security of wireless computer networking devices within
DOE. The report is undergoing final
editing and will be published and distributed next week.
Unannounced
Cyber Security Penetration Testing: OA
is developing an unannounced cyber security penetration testing capability to
supplement routine announced inspections.
OA-20 has established program documentation and draft agreements that
will serve as the basis for the unannounced penetration testing program. These documents are being reviewed for
approval. OA-20 anticipates the
commencement of unannounced testing during this summer. Managers at several DOE organizations have
volunteered as participants.
Annual
Independent Evaluation of Classified Information System Security: In accordance with DOE Order 205.1, and as
required by the Federal Information Security Management Act (FISMA), OA is
preparing an annual evaluation of DOE’s classified information system security
program. An analysis of OA cyber
security inspection results over the last year is ongoing. An initial draft of the evaluation report is
anticipated in July.
Office of Emergency Management Oversight (OA-30)
Inspection
of East Tennessee Technology Park:
Factual accuracy comments from the site have been incorporated into the
draft report. The final report will be
issued the week of July 14. Interim
corrective actions are to be submitted within 30 days and a final corrective
action within 60 days of the report’s transmittal date.
Inspection
of the Idaho National Engineering and Environmental Laboratory (INEEL): OA-30 and OA-50 continue planning for a
joint inspection of INEEL. A formal
inspection plan was provided to line management on July 1. A site visit will be
conducted to finalize the tabletop performance test packages. On-site data
collection will occur as scheduled.
Emergency Management Oversight
Stakeholder Outreach: As part of its
ongoing outreach activities, OA-30 held meetings this week with emergency
management stakeholders in the States of New Mexico and Washington to discuss
DOE/community emergency response interfaces and shared emergency management
challenges. The meetings in New Mexico
included the State Office of Emergency Management Director and the State's WIPP
Program Manager and DOE liaison. In
Washington, meetings were held with emergency directors from Benton County,
Franklin County, and Washington State, and the Executive Director of the
Hanford Communities organization.
Feedback from these meetings will be provided to DOE field
management. The
stakeholders appreciated having an opportunity to meet with DOE Headquarters
representatives as well as further their understanding of the OA role to
independently evaluate emergency management programs at the DOE sites in their
state.
Office of Environment, Safety and Health
Evaluations (OA-50)
Sandia National
Laboratories – New Mexico Inspection:
The final report was transmitted to the site on April 7. NNSA has delegated the authority for
approval of Sandia Site Office Corrective Action Plans to the Sandia Site Office. A memorandum providing comments on the
corrective action plan is under development.
Y-12 National
Security Complex Inspection: The final
report was distributed on May 9. An
approved corrective action plan was due on July 7.
East Tennessee
Technology Park Inspection: The draft
report was provided to the site on May 22 for a 10-day review period to
provide written factual accuracy comments The final report is currently being
printed and will be distributed when delivered.
Suspect/Counterfeit
Items (S/CI) Special Study: The special
study is being conducted in two phases encompassing both the Department’s
headquarters and field elements of the S/CI program. The headquarters phase of the study continues. Onsite reviews at the Los Alamos National
Laboratory, Savannah River Site, Kansas City Plant, and River Protection
Project have been completed. Onsite
reviews at the Oak Ridge National Laboratory and Pantex Plant will be completed
July 10.
Idaho
National Engineering and Environmental Laboratory Inspection – The inspection
plan has been issued.
OA-50
staff along with a General Council representative assisted attorneys to access
files concerning the upcoming deposition regarding the Gaseous Diffusion Plants
Investigation.
Reviews
are being conducted, in accordance with the RevCom process of DOE M 440.1-1A,
Explosives Safety Manual, and DOE M 231.1-1A, Environment Safety and Health
Reporting Manual. Comments, due by July
17, 2003, are being developed for both manuals.
Activities Completed
Office of Safeguards and Security Evaluations
(OA-10)
RL/Hanford
and PNNL inspection activities: A
meeting was held with EM and SO to discuss the Hanford inspection results. The focus was on personnel security and
quarterly requirements for FOF.
Office of Cyber Security Evaluations
(OA-20)
Research
and Development Project to Support Computer Security Testing of Sites using
Raptor Firewalls: Using conclusions
drawn from testing in OA’s Cyber Security Laboratory, automated techniques have
been established to evaluate sites with Raptor firewalls with improved
efficiency and increased reliability of scanning results. These capabilities will provide immediate
benefits in the OA/OCIO Perimeter Scanning Project, as well as support OA
external penetration testing capabilities.
Office of Environment, Safety and Health
Evaluations (OA-50)
Meetings were held with EH management on June 30
and July 3 to discuss comments on the proposed draft for identifying and
processing information regarding Suspect/Counterfeit Items. Discussions were held regarding a response
to the DNFSB inquiry of the S/CI processes and the Temperform investigation.