Safeguards and Security



Similar documents
Science/Safeguards and Security. Funding Profile by Subprogram

AUDIT REPORT. The Department of Energy's Implementation of Voice over Internet Protocol Telecommunications Networks

OFFICE OF ASSISTANT MANAGER FOR SAFEGUARDS, SECURITY, AND EMERGENCY MANAGEMENT OAK RIDGE OFFICE OFFICE OF SCIENCE U.S. DEPARTMENT OF ENERGY

AUDIT REPORT. Follow-up on the Department of Energy's Acquisition and Maintenance of Software Licenses

Audit Report. Management of Naval Reactors' Cyber Security Program

U.S. Department of Energy Office of Inspector General Office of Audits and Inspections

Cybersecurity Enhancement Account. FY 2017 President s Budget

Practice Test Security Fundamentals Professional Certification (SFPC) Multiple Choice. Multiple-Choice Sample Question # 1

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015

AUDIT REPORT. The Department of Energy's Management of Cloud Computing Activities

Legislative Language

U.S. Department of Energy Office of Inspector General Office of Audits and Inspections

Legislative Language

White Paper on Financial Institution Vendor Management

Middle Class Economics: Cybersecurity Updated August 7, 2015

Physical Access Control System

Data Management Policies. Sage ERP Online

DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

DOE/IG-0471 INSPECTION REPORT

Commanding Officer and Executive Officer. Information and Personnel Security Reference Handbook

NASA OFFICE OF INSPECTOR GENERAL

Department of Defense INSTRUCTION. SUBJECT: Communications Security (COMSEC) Monitoring and Information Assurance (IA) Readiness Testing

AUDIT REPORT. Cybersecurity Controls Over a Major National Nuclear Security Administration Information System

U.S. Department of Energy Office of Inspector General Office of Audits & Inspections. Evaluation Report

U.S. Department of Energy Office of Inspector General Office of Audits and Inspections. Evaluation Report

TABLE OF CONTENTS Information Systems Security Handbook Information Systems Security program elements. 7

Department-wide Systems & Capital Investment Programs

BUDGET LETTER PEER-TO-PEER FILE SHARING , , EXECUTIVE ORDER S-16-04

Office of Health, Safety and Security. Small Business Activities

Brookhaven Site Office Environment, Safety & Health Management Plan. January 2013

A Risk Assessment Methodology (RAM) for Physical Security

OCC 98-3 OCC BULLETIN

Backgrounder Office of Public Affairs Telephone: 301/

Conducting Security System Site Surveys

Guidelines 1 on Information Technology Security

This directive applies to all DHS organizational elements with access to information designated Sensitive Compartmented Information.

Audit Report. The National Nuclear Security Administration's Weapons Dismantlement and Disposition Program

SAFEGUARDS AND SECURITY FOR PROGRAM AND PROJECT MANAGEMENT

Surveillance Equipment

NATIONAL NUCLEAR SECURITY ADMINISTRATION

Cybersecurity. Are you prepared?

Standards for Security Categorization of Federal Information and Information Systems

U.S. Nuclear Regulatory Commission

INTEGRATED SAFEGUARDS AND SECURITY MANAGEMENT PLAN (ISSM)

Section VI Principles of Laboratory Biosecurity

Public Law th Congress An Act

Privacy Impact Assessment (PIA) for the. Certification & Accreditation (C&A) Web (SBU)

Executive Director for Operations AUDIT OF NRC S CYBER SECURITY INSPECTION PROGRAM FOR NUCLEAR POWER PLANTS (OIG-14-A-15)

Discussion Draft of the Preliminary Cybersecurity Framework Illustrative Examples

HEALTH INSURANCE MARKETPLACES GENERALLY PROTECTED PERSONALLY IDENTIFIABLE INFORMATION BUT COULD IMPROVE CERTAIN INFORMATION SECURITY CONTROLS

Statement of Danny Harris, Ph.D. Chief Information Officer U.S. Department of Education

Information Security for Managers

Network Security: Policies and Guidelines for Effective Network Management

Water Critical Infrastructure and Key Resources Sector-Specific Plan as input to the National Infrastructure Protection Plan Executive Summary

How To Write A Contract For Software Quality Assurance

Facilitated Self-Evaluation v1.0

TASK TDSP Web Portal Project Cyber Security Standards Best Practices

The Comprehensive National Cybersecurity Initiative

Independent Evaluation of NRC s Implementation of the Federal Information Security Modernization Act of 2014 for Fiscal Year 2015

Department of Homeland Security

EVALUATION REPORT. Weaknesses Identified During the FY 2014 Federal Information Security Management Act Review. March 13, 2015 REPORT NUMBER 15-07

Data Security Concerns for the Electric Grid

U.S. Office of Personnel Management. Actions to Strengthen Cybersecurity and Protect Critical IT Systems

Information Security for Executives

State of Minnesota. Enterprise Security Strategic Plan. Fiscal Years

Combatting the Biggest Cyber Threats to the Financial Services Industry. A White Paper Presented by: Lockheed Martin Corporation

Information Security Program Management Standard

Rx-360 Supply Chain Security White Paper: Audits and Assessments of Third Party Warehousing and Distribution Facilities

Independent Security Operations Oversight and Assessment. Captain Timothy Holland PM NGEN

GEM Technology Corporate Overview & Statement of Qualifications December 2015

Memorandum. ACTION: Report on Computer Security Controls of Financial Management System, FTA FE May 23, 2000.

Get Confidence in Mission Security with IV&V Information Assurance

UF IT Risk Assessment Standard

POSITION CLASSIFICATION STANDARD FOR SECURITY ADMINISTRATION SERIES, GS-0080

IRM FY Information Resources Management Strategic Plan

United States Visitor and Immigrant Status Indicator Technology Program (US-VISIT)

Enterprise Forensics and ediscovery (EnCase) Privacy Impact Assessment

Global Supply Chain Security Recommendations

FEDERAL HOUSING FINANCE AGENCY ADVISORY BULLETIN AB Cyber Risk Management Guidance. Purpose

SECTION-BY-SECTION. Section 1. Short Title. The short title of the bill is the Cybersecurity Act of 2012.

Transcription:

Safeguards and Security Overview The Safeguards and Security (S&S) program mission is to support Departmental research at Office of Science (SC) laboratories by ensuring appropriate levels of protection against unauthorized access, theft, or destruction of Department assets. The S&S program mission also includes protection against hostile acts that may cause adverse impacts on fundamental science, national security, the health and safety of DOE and contractor employees, the public, or the environment. In order to execute this mission, the S&S program focuses on securing and protecting Special Nuclear Materials, protecting classified and unclassified controlled information, providing physical security controls at and around SC national laboratories, and ensuring that the laboratories have rigorous cyber security controls to protect sensitive and classified government data. Based on complex-wide oversight security reviews, the S&S program is implementing sound, improved security practices at our laboratories to accomplish the mission. However, there are a few critical challenges our laboratories face that will require increased investment. The program s first priority is to provide security for the Special Nuclear Materials at the Oak Ridge National Laboratory (ORNL). Next, we must address the increasing cyber security threat, balancing investments in that area with the need to continue providing adequate resources for the ongoing physical security posture at our laboratories. Finally, where possible, we invest in physical security systems such as video surveillance and secure, automated entry to simultaneously make more efficient use of funds and improve laboratory security. Highlights of the FY 2015 Budget Request Ensuring nuclear security is among our most important commitments to the American taxpayer. In keeping with that focus, a critical challenge the SC S&S program faces is assuring adequate security for the special nuclear material housed in Building 3019 at the Oak Ridge National Laboratory. The 2012 security breach at the Y-12 complex prompted a thorough review of our posture, both current and planned, at that facility. These reviews highlighted opportunities for improvement that are being pursued vigorously. In addition, a new Protective Force contractor was brought on board in March 2013. As we continue to assess and improve security for Building 3019, we are increasing the level of investment needed to protect this facility. This increase will pay for improvements to security technologies, as well as the increasing costs of training, and special response capabilities. The S&S program is working to consolidate the Central Alarm Station (CAS) activities being performed separately at the Oak Ridge Office (ORO), Oak Ridge National Laboratory (ORNL), and East Tennessee Technology Park (ETTP) into one central CAS operation. Once completed, this consolidation will provide SC with a full integration of alarm monitoring, system engineering, testing, maintenance, access controls, and overall accountability for CAS operations. This plan is expected to provide SC with added efficiencies by reducing the number of full time employee positions required to support these operations and by eliminating the continued cost to support alarm components reaching their end of life cycles at two additional facilities. Funding for this project began in FY 2013 and will continue in FY 2014 and FY 2015. The Department is also collectively implementing a strategy for managing enterprise-wide identify management and cybersecurity for DOE systems and data, referred to as CyberOne, which is managed through the Working Capital Fund. The CyberOne strategy will implement DOE Enterprise capabilities for incident management and HSPD-12 logical access. SC s portion of this investment is reflected in the increase for Cyber Security in the FY 2015 request. Description The S&S program is organized into seven functional areas: Protective Forces, Security Systems, Information Security, Cyber Security, Personnel Security, Material Control and Accountability, and Program Management. Page 307

Protective Forces The Protective Forces element supports security officers, access control officers, and security policy officers assigned to protect S&S interests. Activities within this element include access control and security response operations as well as physical protection of the Department s critical assets and SC facilities. The Protective Forces mission includes providing effective response to emergency situations, random prohibited article inspections, security alarm monitoring, and performance testing of the protective force response to various event scenarios. Security Systems The Security Systems element provides physical protection of Departmental material, equipment, property, and facilities, and includes buildings, fences, barriers, lighting, sensors, surveillance devices, entry control devices, access control systems, and power systems operated and used to support the protection of DOE property, classified information, and other interests of national security. Information Security The Information Security element provides support to ensure that sensitive and classified information is accurately and consistently identified, reviewed, marked, protected, transmitted, stored, and ultimately destroyed. Specific activities within this element include management, planning, training, and oversight for maintaining security containers and combinations, marking documents, and administration of control systems, operations security, special access programs, technical surveillance countermeasures, and classification and declassification determinations. Cyber Security The Cyber Security element provides staffing for appropriate risk management tools and controls for sensitive or classified information that is electronically processed, transmitted, or stored. Risk management controls ensure that information systems, including the information contained within the systems, maintain confidentiality, integrity, and availability in a manner consistent with the SC mission. Personnel Security The Personnel Security element encompasses the processes for employee suitability and security clearance determinations at each site to ensure that individuals are trustworthy and eligible for access to classified information or matter. This element also includes the management of security clearance programs, adjudications, security education and awareness programs for Federal and contractor employees, and processing and hosting approved foreign visitors. Material Control and Accountability (MC&A) The MC&A element provides assurance that Departmental materials are properly controlled and accounted for at all times. This element supports administration, including testing performance and assessing the levels of protection, control, and accountability required for the types and quantities of materials at each facility; documenting facility plans for materials control and accountability; assigning authorities and responsibilities for MC&A functions; and establishing programs to detect and report occurrences such as material theft, the loss of control or inability to account for materials, or evidence of malevolent acts. Program Management The Program Management element coordinates the management of Protective Forces, Security Systems, Information Security, Personnel Security, Cyber Security, and MC&A to achieve and ensure appropriate levels of protections are in place. Page 308

Safeguards and Security Funding ($K) FY 2013 Current FY 2014 Enacted FY 2014 Current FY 2015 Request FY 2015 vs. FY 2014 Enacted Protective Forces 34,693 38,141 38,141 38,388 +247 Security Systems 10,165 13,319 13,319 13,521 +202 Information Security 4,119 4,164 4,164 4,432 +268 Cyber Security 15,646 17,599 17,599 23,908 +6,309 Personnel Security 4,760 5,143 5,143 5,180 +37 Material Control and Accountability 2,283 2,397 2,397 2,061-336 Program Management 5,840 6,237 6,237 6,510 +273 Total, Safeguards and Security 77,506 87,000 87,000 94,000 +7,000 Page 309

Safeguards and Security Activities and Explanation of Changes Protective Forces FY 2014 Enacted FY 2014 funding supports SC s portion of the Protective Forces Contract at Oak Ridge and maintains protection levels, equipment, facilities, and training needed to ensure effective performance at all SC laboratories. Security Systems FY 2014 funding supports the CAS consolidation project at ORNL and the federal access control systems and upgrades needed to meet HSPD-12 requirements and implementation of technologies that will incrementally reduce reliance on the use of personnel for routine access control, employee verification, and other security services. Information Security FY 2014 funding maintains Information Security efforts to ensure proper document marking, storage, and protection of information. FY 2015 Request The FY 2015 Request provides funding to maintain protection levels, equipment, facilities, and training needed to ensure proper protection and effective performance at all SC laboratories. The FY 2015 Request provides funding to maintain the security systems currently in place, to support investments in SC laboratory physical security systems, and provides funding to support the continuation of the CAS consolidation project at ORNL. The FY 2015 Request provides funding for personnel, equipment, and systems necessary to ensure sensitive and classified information is properly safeguarded at SC laboratories. Explanation of Changes FY 2015 vs. FY 2014 Enacted The increased request addresses cost of living adjustments and provides funding to maintain appropriate Protective Force operations at Building 3019 at Oak Ridge to include costs of shared training, technical surveillance services, and response capabilities. Funding increases to support the continuation of the CAS consolidation project and to support implementation of technology upgrades and infrastructure investments in SC laboratory physical security systems, including those at Building 3019 that will improve security at laboratories and reduce reliance on the use of personnel for routine access control and employee verification processes. Funding increases to address adjustments in volume of DOE classified work and to provide the support needed to ensure proper processing of these materials. Page 310

FY 2014 Enacted FY 2015 Request Explanation of Changes FY 2015 vs. FY 2014 Enacted Cyber Security FY 2014 funding supports cyber security staffing needed to ensure laboratories are properly protected against emerging threats from persistent attacks against SC Information Technology systems. Funding supports threat assessments, risk management, and configuration and network management. Personnel Security Funding supports the necessary laboratory personnel to grant individual access to classified matter and/or special nuclear material and to allow foreign nationals access to SC facilities, consistent with agency procedures. Funding also supports security investigations for federal field personnel and security awareness programs for employees. The FY 2015 Request maintains proper protection of SC laboratory computer resources and data and also supports SC s contribution of the Department s CyberOne strategy, which is managed through the Working Capital Fund. CyberOne is the Department s solution for managing enterprise-wide identity management and cyber-security for DOE systems and data. CyberOne will consolidate and streamline Department-wide systems and business processes to mitigate the risk of intrusion and the threat such intrusions pose to high-valued national assets. CyberOne will integrate various tools at headquarters and across the DOE complex to secure both data transmission and data repositories at these diverse sites. FY 2015 funding will maintain support and Personnel Security efforts at SC laboratories. The increased request provides $7,351,000 to support SC s contribution to the Department s CyberOne strategy. Funding increases slightly to accommodate support for security investigations for Federal field personnel. Page 311

FY 2014 Enacted Material Control and Accountability Funding provides for establishing, controlling, and tracking inventories of special and other nuclear materials at SC laboratories. Activities supported by these funds include measurements, quality assurance, accounting, containment, surveillance, and physical inventories of materials. Program Management FY 2014 funding maintains efforts to ensure security procedures and policy support the SC Research mission. FY 2015 Request Funding in FY 2015 maintains proper protection of material at SC laboratories. The FY 2015 Request provides funding for the oversight, administration, and planning for security programs at SC laboratories and to ensure security procedures and policy support SC Research missions. Explanation of Changes FY 2015 vs. FY 2014 Enacted Funding decreases to accommodate changes in site specific MC&A programs. Funding increases to accommodate laboratory and program priorities and maintain Program Management activities. Page 312

Capital Operating Expenses Summary Safeguards and Security Capital Summary ($K) FY 2013 Current FY 2014 Enacted FY 2014 Current FY 2015 Request FY 2015 vs. FY 2014 Enacted General Plant Projects 1,100 0 0 0 0 Estimates of Cost Recovered for Safeguards and Security Activities ($K) In addition to the direct funding received from the Safeguards and Security Program, sites recover Safeguards and Security costs related to Work for Others (WFO) activities from WFO customers, including the cost of any unique security needs directly attributable to the customer. Estimates of those costs are shown below. FY 2013 Costs FY 2014 Planned Costs FY 2015 Planned Costs FY 2015 vs. FY 2014 Ames National Laboratory 120 120 120 0 Argonne National Laboratory 1,100 1,100 1,100 0 Brookhaven National Laboratory 700 800 800 0 Lawrence Berkeley National Laboratory 698 733 733 0 Oak Ridge Institute for Science and Education 620 560 560 0 Oak Ridge National Laboratory 4,500 4,500 4,500 0 Pacific Northwest National Laboratory 4,555 4,300 4,300 0 Princeton Plasma Physics Laboratory 70 50 40-10 SLAC National Accelerator Laboratory 80 104 104 0 Total, Security Cost Recovered 12,443 12,267 12,257-10 Page 313

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information