Defense Nuclear Security Lessons Learned Center
description
Transcript of Defense Nuclear Security Lessons Learned Center
UNCLASSIFIED
Slide 1
Defense Nuclear Security Lessons Learned Center
Enhancing theDefense Nuclear SecurityLessons Learned Center
Patricia Blount – DNS-LLC Project LeaderOEC Workshop
SLAC - May 5, 2010
UNCLASSIFIED
Slide 2
DNS SEC-LLC Mission
The Security Lessons Learned Center (SEC-LLC) was established in 2007 by the Defense Nuclear Security (DNS) to provide an infrastructure for gathering, archiving, and communicating security lessons learned related to physical safeguards and security (S&S) issues across the NNSA Enterprise.
Provide a platform to encourage and facilitate the sharing of lessons learned information.
UNCLASSIFIED
Slide 3
Program Drivers
DOE O 210.2, DOE Corporate Operating Experience/Lessons Learned Program (OEC)
DOE O 226.1A, Implementation of Department of Energy Oversight Policy
NA-1 SD 226.1A, NNSA Line Oversight & Contractor Assurance System Supplemental Directive
DOE Manual 470.4-1 Chg 1, Safeguards and Security Program Planning and Management
Part 1, Section F, Performance Assurance Program
Part 1, Section G, Survey, Review and Self-Assessment Programs
UNCLASSIFIED
Slide 4
Lessons Learned Operating Experience Program
Operating Experience Program
The purpose of the DNS Safeguards and Security Operating Experience Program is to capture and apply lessons taken from operating experiences from across the National Security Enterprise in order to avoid repeat events, anticipate and mitigate undesirable consequences, and replicate best practices.
Experiences are important to replicate awarenessLessons are important to replicate learning
UNCLASSIFIED
Slide 5
National Security Enterprise (NSE) Promote the Lessons Learned Center by
leveraging the efforts of designated Points of Contact (POCs) at the site level.
UNCLASSIFIED
Slide 6
Points of Contact
UNCLASSIFIED
Slide 7
Infrastructure
Webpage Web-based Homepage available on open network – linked to HSS and other
DOE/NNSA websites Timely posting and dissemination of security communications
Database Microsoft Access database maintained by DNS-LLC for archiving, tracking,
trending and reporting Operating Experiences Compatible with the Office of Health, Safety and Security (HSS) database (DOE
Corporate) DNS-LLC uploads to HSS for posting to DOE Corporate Shared Resource between Safety, Security, and Project Management
Professionals Gatekeeper Authority - Approve user access to security related lessons learned
Help Desk Call-In and E-Mail Resource Center
UNCLASSIFIED
Slide 8
Website
http://dns-lessons.lanl.gov/
UNCLASSIFIED
Slide 9
Security Smarts
UNCLASSIFIED
Slide 10
CSI: Contemplating Security Incidents
UNCLASSIFIED
Slide 11
Operating Experience Template
Forms & Field Descriptions• Topical/Sub-Topical Area• Date• Originator• Site• Publish Anonymously• Title• Facility/Site POC• Derivative Classifier/ Reviewing Official
Lesson Learned • Discussion of Activities• Lesson Learned Summary• Analysis• Recommended Actions• Estimated Savings/Cost Avoidance• Keyword
UNCLASSIFIED
Slide 12
Quarterly Tracking/Reporting
UNCLASSIFIED
NNSA’s Enterprise Re-Engineering and Management Reform
Slide 13
Six-Month Moratorium on NNSA Initiated Assessments
(January – June 2010)
Contractor Assurance Systems (CAS)
Contractor Performance Evaluation Plans (CPEP)
Enterprise-wide S&S Assessment Plan
Security Requirements Reform
Safeguards and Security Evaluation and Performance Assurance Program (EPAP)/ Management Systems Assurance Program (MSAP)
Align with Secretarial objective to reply more on Contractor Assurance Systems
UNCLASSIFIED
Operating Experience Program Operational Awareness
Slide 14
Operational Awareness• Office of DNS S&S Evaluation and Performance Assurance Program
(EPAP)
“…those activities that ensure operations are securely performed; provide early identification of vulnerabilities; and ensure that there are effective lines of communication between organizations performing the work…
Operational awareness also extends to management activities including maintaining a current awareness of the status, conditions and issues that
may affect operations; performance expectations and measures; and contract deliverables or requirements. Operational awareness is not a
scheduled activity…”
Operational Awareness is a continuous process
UNCLASSIFIED
Operational Awareness
Slide 15
What data is meaningful?
Ensure that data is being analyzed & understood
Communicate the operational aspects of S&S performance
Ensure the application of relevant lessons learned/best practice
Operational Awareness relies on timely data toanticipate shortfalls and focus resources, identify issues,
gauge “weak signals,” and determine whereassistance is needed in the field
UNCLASSIFIED
Screening & Distribution Process Improvements
Slide 16
The SEC-LLC will “coordinate with the Office of Security Operations and Performance Assurance on the extent of the distribution of the lessons learned/best practice.”
Significant – Major Impact on Operations or Policy
• Special Markings
• Site Office must provide “Positive Response”
Routine
• Entered into the SEC-LLC and HSS databases
• Targeted distribution through normal means
Ask – “Why it occurred, not just what”
UNCLASSIFIED
Slide 17
Operational Awareness Data Analysis, Tracking, and Trending
Lessons Learned/Best Practices
Management System Assurance Program Reports (MSAP)
Site Self-Assessments & Periodic Reviews
Performance Metrics/Measures
Other sources including, but not limited to:
Office of Independent Oversight
Inspector General Reports
Line Oversight & Contractor Assurance System (LOCAS)
Safeguards and Security Information Management System (SSIMs)
Occurrence Reporting and Processing System (ORPs)
Enforcement Actions/ Reports
Review of safety-related lessons learned (e.g., conduct of operations, risk management) to determine whether aspects of safety lessons learned have applicability to S&S programs
UNCLASSIFIED
Slide 18
Communicating Data Enterprise-Wide
Periodic briefings provided to NNSA Administrator, Deputy Administrator for Defense Programs, and Site Office Managers
Monthly Conference Calls – DNS Management & NNSA Assistant Managers for Safeguards and Security (AMSSs) & Site Office AMSSs
Quarterly Program Reviews.
Increased Communications and Partnership
• Increase Sharing and Communications Between NA-71, Site Office Points of Contacts & SEC-LLC
• SEC-LLC Participation & Integration with various Security Working Groups
• Participation on the Security Reforms Communication Team
• DNS Quarterly Performance Improvement Bulletins
The effectiveness of the DNS EPAP is dependentupon how well the results are communicated
UNCLASSIFIED
Additional Interest Groups• Training Manager’s Working Group • Office of Science• National Training Center• HSS OEC Working Group• Office of Enforcement
• EFCOG Security Working Group (SSWG)• Security Awareness Special Interest Working Group (SASIG)• National Security Information Exchange (NSIE) • United Kingdom Counterparts
Targeted Distributions and Partnerships
Slide 19
Classification
Cyber Security
Facility Security
Human Reliability Program
Information Protection
Incidents of Security Concern
Personnel Security
Physical Security
Operational Security (OPSEC)
Material Control & Accountability
Federal Points of Contact
Protective Force
Program Management
Training Managers
Safeguards & Security Information Management
UNCLASSIFIED
Performance Improvement News Bulletin
Translating Events into Actionable Information• Integration of HPI principles into
communication products
Analyses of patterns and trends in incidents and reportable occurrences
Communication of high leverage lessons and actions
Recognition for developing and sharing lessons learned
Slide 20
UNCLASSIFIED
Defense Nuclear Security Lessons Learned CenterContact Information…
Webpage: http://dns-lessons.lanl.gov/
Help Desk/Resource Center• (505) 665-0196 • [email protected]
Slide 21
UNCLASSIFIED
Enhancing the Defense Nuclear SecurityLessons Learned Center
Questions?
Slide 22