Highlights for August 2 - August 6, 2004Activities Underway Office of Safeguards and Security Evaluations (OA-10) Control and Accountability of Classified Removable Electronic Media (CREM)pecial Review: Subject matter experts are reviewing re-start packages from several Headquarters and field organizations. Planning for validating field CREM inventories and practices at field sites continues. Work continues with SO on strategies to strengthen the DOE / NNSA control and accountability for classified removable electronic media and for supporting validation of CREM inventories at DOE field sites. This work is being coordinated with NNSA and the Secretary's staff and is in A small team conducted a special review of the Los Alamos National Laboratory (LANL) concerning a recent failure to maintain accountability for classified computer media. The team's conclusions and recommendations are being developed and will be provided to senior DOE and laboratory managers. response to continuing failures to properly control and account for classified matter. The Department's response to results of this incident has resulted in new CREM protection requirements.this review could impact ongoing contract negotiations. Protective Force Secretarial Initiative: Department of Defense job task analyses for special operations forces continue to be analyzed and compared to the DOE job task analysis for security police officers to identify best practices which can be used to enhance DOE protective force training. Nevada Test Site (NTS) Safeguards and Security and Emergency Management Combined Review: Preparation for the final phase of this inspection has been completed. Force-on-force performance testing final on-site phase of the inspection is scheduled. The classified cyber security inspection of NTS has been postponed. Nuclear Material Management and Safeguards System (NMMSS) Project: A project group has been formed to look at ensuring that NMMSS can meet post 9/11 reporting and output requirements. Office staff met this week to discuss options and a path forward in support of this project. Office of Cyber Security Evaluations (OA-20) National Security Information Systems Annual Evaluation: The report for IN managed systems is scheduled to be submitted to IN within the next two weeks. The report for other Departmental elements is due in September. The Federal Information Security Management Act (FISMA) requires each agency to develop an annual evaluation of the security of their information systems. OA-20 has the responsibility to conduct independent oversight of cyber security programs within DOE and to develop annual evaluations of classified information systems to meet FISMA requirements. Based on independent oversight activities conducted during fiscal year 2004, OA-20 is developing an annual evaluation report for classified computers containing intelligence-related information belonging to Office of Intelligence (IN) and an annual evaluation report for classified information systems managed by other Departmental elements. The report for IN managed systems is scheduled to be submitted to IN within the next two weeks. Thomas Jefferson National Accelerator Facility (TJNAF) Unclassified Cyber Security Inspection: The final report under development. A briefing of the appraisal results was conducted for the Office of Science managers last week (July 30). Bonneville Power Administration (BPA) Cyber Security Inspection: Onsite data collection activities were conducted this week (August 2-6). Additional onsite data collection activities are scheduled. Nevada Test Site (NTS) Classified Cyber Security Inspection: This inspection, scheduled for August, has been postponed. Office of Emergency Management Oversight (OA-30) Savannah River Site (SRS) Emergency Management Corrective Action Plan (CAP): Awaiting the receipt of a revised CAP from the site addressing deficiencies in the site's hazardous material screening process. Brookhaven National Laboratory (BNL) Emergency Management Corrective Action Plan (CAP): The final CAP, due July 30, has not been received from the site. Hanford Site Emergency Management Corrective Action Plan (CAP): The interim CAP is due this week (August 6). Argonne National Laboratory-West (ANL-W) Emergency Management Targeted Review: Preparations continue in support of this inspection. Coordination is ongoing with NE, ID, INEEL, SC, CH, and ANL-W. Onsite scoping activities are scheduled. The scope of the review will include ensuring emergency management program effectiveness is maintained during the transition of line management roles, responsibilities, and authorities between SC and NE. Nevada Test Site (NTS) Safeguards and Security and Emergency Management Combined Review: The initial draft report regarding the emergency management portion of the inspection is scheduled to be submitted to the site next week for review and comment. The combined security and emergency management pilot performance testing is scheduled. The purpose of these exercises is to develop protocols to be used for future combined performance testing. As such, OA-30 is not planning to rate either activity. The first performance activity will be a combined command post tabletop exercise that focuses on how the NTS protective force and selected elements of the NTS emergency response organization respond to a simulated emergency event. The second combined activity will consist of force-on-force performance testing with emergency management objectives. Office of Environment, Safety, and Health (ES&H) Evaluations (OA-40) Kansas City Plant (KCP) Corrective Action Plan (CAP): An approved CAP is due September 7. Oak Ridge National Laboratory (ORNL) ES&H Inspection: Factual accuracy comments on the draft report have been received and addressed. The report is being finalized. Safety Management Challenge Task Force: Continued to support the Department's effort to address Safety Management Challenges through the efforts of the task force. Los Alamos National Laboratory (LANL) Special Safety Assistance Review: Onsite follow-up scoping activities were conducted this week (August 2-5). Onsite planning activities are scheduled. Following discussions with senior management, OA will conduct a special assistance review in lieu of the ES&H inspection previously scheduled. Teleconferences are ongoing to discuss the upcoming review activities. The review will focus on providing constructive recommendations for improving safety processes and their implementation, with emphasis on addressing recurring deficiencies and events. Ambulatory Health Care Accreditation: Oak Ridge National Laboratory (ORNL) is awaiting the results of the re-certification survey conducted July 26-27. Lawrence Livermore National Laboratory ES&H Inspection: Onsite scoping activities were conducted this week (August 4-5). Onsite data collection activities are scheduled.
Activities Completed Office of Safeguards and Security Evaluations (OA-10) OA-10 Control and Accountability of CREM: OA requested and received approval to restart classified computer processing. Oversight Policy and Notice: Briefed the Energy Facility Contractors Group (EFCOG) this week (August 5) on the status of the Oversight Policy and Notice. EFCOG's mission is to improve the performance and cost effectiveness of DOE contractors by sharing lessons learned and best practices across corporate and business lines. Office of Cyber Security Evaluations (OA-20) Perimeter Scanning Project: The final report for this project was distributed this week. This effort was undertaken in partnership with the Office of the Chief Information Officer to establish a baseline understanding of the magnitude and make-up of DOE computer systems exposed to the Internet in order to improve the Department's protection posture. A total of 54 DOE/NNSA sites were evaluated. Many of the recommendations developed have been addressed in actions plans associated with the implementation of the Secretary of Energy's security initiatives. Nevada Test Site (NTS) Unannounced Cyber Security Penetration Testing: The final report for this inspection was distributed this week. The unannounced testing involved network penetration testing from the Internet, evaluation of computer modems in auto answer mode, detection of wireless networking devices, and an internal assessment to evaluate protections against a malicious insider. Office of Environment, Safety, and Health (ES&H) Evaluations (OA-40) Unreviewed Safety Question (USQ) Workshop: A staff member attended the USQ workshop this week (August 2-4) in Germantown, MD.
|