Thursday, January 11, 2007
Update from Doug Beeson (Threat Reduction)
--Pat, the patient Dog
NNSA Cybersecurity audit teams found so many problems they gave up and went home. VTRs are "Vault-Type-Rooms" with restricted access. Typically they house secure computers and servers for classified computing. Evidently there was an argument about the evaluation criteria - NNSA had one checklist, LANS had another. Auditors are like that.
This week the Laboratory hosted audit teams from DOE/NNSA to review vault/VTR, cybersecurity and classified computing operations. During these audits it became clear that there were some problems, including differences in expectations between the auditors and the Laboratory. As a result, the audit teams have ceased their activities while DOE and the Laboratory discuss the expected standards against which these operations should be audited. Currently, the audit is expected to resume the week of Jan. 22.
In the interim, Director Mike Anastasio has asked us to review our vault/VTR and classified computing operations, and ensure that our operations meet current Laboratory guidance. I discussed these actions in a meeting Wednesday with vault custodians, ISSOs, OCSRs and others, and through this message I am sharing my directions and expectations with all of you.
TR will undertake several actions to establish clearly and completely our state of preparedness for classified computing, cybersecurity and vault/VTR operations as measured against the current Laboratory guidance. My goal is to ensure that we can reasonably accomplish our programmatic work and meet the Director's expectations and DOE/Laboratory requirements.
Finally, in a November 8 memo, Deputy Secretary of Energy Clay Sell established his expectations for cybersecurity throughout the DOE complex. That memo and associated DOE Order 205.1A are currently a topic of discussion between LANS and DOE/NNSA. It is possible that additional requirements will come from those discussions, and I will share information with you as soon as it is available.
Thank you very much for your continued support. I understand the challenge this effort presents to our conduct of programmatic activity -- but it is vital that we provide DOE/NNSA full assurance that our classified computing and vault/VTR activities are being conducted with the highest degree of attention to security. The nation deserves no less from us.
[Thanks to the anonymous leaker of this memo. We really thank people like you; we need all the intel we can get, since the 'official' sources are so unreliable.
It's time to begin questioning whether LANL is the place at which you really want to spend your career. There are many other places at which you can actually do exciting work and not have to put up with the stress and bureaucratic minutiae that now dominates life at LANL.