DOE office reviews, tightens security

The Energy Department, which suffered some of the most damaging computer security breaches in government, has begun to tighten security through a newly established office, according to government auditors and DOE security experts.

Last month, the Office of Independent Oversight and Performance Assurance released its first reviews of the national nuclear weapons laboratories. The Los Alamos National Laboratory improved its security posture to "satisfactory," the highest rating under the office's three-tier system, while Lawrence Livermore and Sandia laboratories were rated as "marginal."

The ratings indicate that security at the labs has improved, and they mark a return to the department's practice of reviewing facilities instead of just "profiling" them, said evaluators from the General Accounting Office.

The profiles were a "status check rather than a rating," said Ken Lightner, a GAO evaluator who has been following DOE oversight and security operations. "What we've seen since they're back doing inspections again."

DOE created the Office of Independent Oversight and Performance Assurance in May as part of a new departmentwide security strategy created in response to computer security holes that led to China's alleged theft of U.S. nuclear secrets The office performs three functions:

It reviews the safeguards and security at all of the Energy facilities.

It performs real-time cybersecurity reviews, including continual vulnerability and intrusion scanning.

The most important changes have been made in the new position the oversight office has within DOE, an arrangement that allows the office to work with program people to solve security problems, a senior department official said.

"Part of the problem with this department is that we have too many people looking for problems and not enough fixing them," the official said. "We feel like we are making a difference in the department now."

The office's independent position within DOE has been questioned in the past, but because the office's managers report to only Energy Secretary Bill Richardson, with occasional briefings to Congress, office officials feel they are responsible to no program within the department. GAO agrees that it is possible for a group to be independent, even though it is still inside an organization.

"It is theoretically possible to have independent oversight within an organization, as long as that entity is insulated from policy concerns," said William Fenzel, a GAO evaluator. "But it's also helpful to have the external oversight...and Energy has not been lacking that in the past six months."

The oversight office works with chief information officer John Gilligan; the department's new "security czar," Eugene Habiger; and counterintelligence director Edward Curran, the department official said. There are weekly meetings to talk about issues, status, problems and successes, but the policy groups run the meetings and only call on the information and knowledge of the oversight office, he said.

In addition, the attitude of the office toward the facilities being reviewed has changed in a way that can only benefit the department, the official said. "We try not to be like neo-Nazis and just embarrass everyone," he said. "We try to come in and find out how we can help people."

The office plans to help improve security by returning to each facility to check if each item mentioned in the reviews are fixed, rather than showing up months later and finding that nothing has been done, he said.


  • Management
    shutterstock image By enzozo; photo ID: 319763930

    Where does the TMF Board go from here?

    With a $1 billion cash infusion, relaxed repayment guidelines and a surge in proposals from federal agencies, questions have been raised about whether the board overseeing the Technology Modernization Fund has been scaled to cope with its newfound popularity.

  • IT Modernization
    shutterstock image By enzozo; photo ID: 319763930

    OMB provides key guidance for TMF proposals amid surge in submissions

    Deputy Federal CIO Maria Roat details what makes for a winning Technology Modernization Fund proposal as agencies continue to submit major IT projects for potential funding.

Stay Connected