220 likes | 432 Views
Defense Nuclear Security Lessons Learned Center. Enhancing the Defense Nuclear Security Lessons Learned Center Patricia Blount – DNS-LLC Project Leader OEC Workshop SLAC - May 5, 2010. DNS SEC-LLC Mission.
E N D
Defense Nuclear Security Lessons Learned Center Enhancing the Defense Nuclear Security Lessons Learned Center Patricia Blount – DNS-LLC Project Leader OEC Workshop SLAC - May 5, 2010
DNS SEC-LLC Mission • The Security Lessons Learned Center (SEC-LLC) was established in 2007 by the Defense Nuclear Security (DNS) to provide an infrastructure for gathering, archiving, and communicating security lessons learned related to physical safeguards and security (S&S) issues across the NNSA Enterprise. • Provide a platform to encourage and facilitate the sharing of lessons learned information. Slide 2
Program Drivers • DOE O 210.2, DOE Corporate Operating Experience/Lessons Learned Program (OEC) • DOE O 226.1A, Implementation of Department of Energy Oversight Policy • NA-1 SD 226.1A, NNSA Line Oversight & Contractor Assurance System Supplemental Directive • DOE Manual 470.4-1 Chg 1, Safeguards and Security Program Planning and Management • Part 1, Section F, Performance Assurance Program • Part 1, Section G, Survey, Review and Self-Assessment Programs
Lessons Learned Operating Experience Program Operating Experience Program The purpose of the DNS Safeguards and Security Operating Experience Program is to capture and apply lessons taken from operating experiences from across the National Security Enterprise in order to avoid repeat events, anticipate and mitigate undesirable consequences, and replicate best practices. Experiences are important to replicate awareness Lessons are important to replicate learning Slide 4
National Security Enterprise (NSE) Promote the Lessons Learned Center by leveraging the efforts of designated Points of Contact (POCs) at the site level. Slide 5
Points of Contact Slide 6
Infrastructure Webpage Web-based Homepage available on open network – linked to HSS and other DOE/NNSA websites Timely posting and dissemination of security communications Database Microsoft Access database maintained by DNS-LLC for archiving, tracking, trending and reporting Operating Experiences Compatible with the Office of Health, Safety and Security (HSS) database (DOE Corporate) DNS-LLC uploads to HSS for posting to DOE Corporate Shared Resource between Safety, Security, and Project Management Professionals Gatekeeper Authority - Approve user access to security related lessons learned Help Desk Call-In and E-Mail Resource Center Slide 7
Website http://dns-lessons.lanl.gov/ Slide 8
Security Smarts Slide 9
Operating Experience Template • Forms & Field Descriptions • Topical/Sub-Topical Area • Date • Originator • Site • Publish Anonymously • Title • Facility/Site POC • Derivative Classifier/ Reviewing Official • Lesson Learned • Discussion of Activities • Lesson Learned Summary • Analysis • Recommended Actions • Estimated Savings/Cost Avoidance • Keyword Slide 11
Quarterly Tracking/Reporting Slide 12
NNSA’s Enterprise Re-Engineering and Management Reform Six-Month Moratorium on NNSA Initiated Assessments (January – June 2010) Contractor Assurance Systems (CAS) Contractor Performance Evaluation Plans (CPEP) Enterprise-wide S&S Assessment Plan Security Requirements Reform Safeguards and Security Evaluation and Performance Assurance Program (EPAP)/ Management Systems Assurance Program (MSAP) Align with Secretarial objective to reply more on Contractor Assurance Systems Slide 13
Operating Experience Program Operational Awareness Operational Awareness Office of DNS S&S Evaluation and Performance Assurance Program (EPAP) “…those activities that ensure operations are securely performed; provide early identification of vulnerabilities; and ensure that there are effective lines of communication between organizations performing the work… Operational awareness also extends to management activities including maintaining a current awareness of the status, conditions and issues that may affect operations; performance expectations and measures; and contract deliverables or requirements. Operational awareness is not a scheduled activity…” Operational Awareness is a continuous process Slide 14
Operational Awareness What data is meaningful? Ensure that data is being analyzed & understood Communicate the operational aspects of S&S performance Ensure the application of relevant lessons learned/best practice Operational Awareness relies on timely data to anticipate shortfalls and focus resources, identify issues, gauge “weak signals,” and determine where assistance is needed in the field Slide 15
Screening & Distribution Process Improvements The SEC-LLC will “coordinate with the Office of Security Operations and Performance Assurance on the extent of the distribution of the lessons learned/best practice.” • Routine • Entered into the SEC-LLC and HSS databases • Targeted distribution through normal means • Significant – Major Impact on Operations or Policy • Special Markings • Site Office must provide “Positive Response” Ask – “Why it occurred, not just what” Slide 16
Operational Awareness • Data Analysis, Tracking, and Trending • Lessons Learned/Best Practices • Management System Assurance Program Reports (MSAP) • Site Self-Assessments & Periodic Reviews • Performance Metrics/Measures • Other sources including, but not limited to: • Office of Independent Oversight • Inspector General Reports • Line Oversight & Contractor Assurance System (LOCAS) • Safeguards and Security Information Management System (SSIMs) • Occurrence Reporting and Processing System (ORPs) • Enforcement Actions/ Reports • Review of safety-related lessons learned (e.g., conduct of operations, risk management) to determine whether aspects of safety lessons learned have applicability to S&S programs Slide 17
Communicating Data Enterprise-Wide • Periodic briefings provided to NNSA Administrator, Deputy Administrator for Defense Programs, and Site Office Managers • Monthly Conference Calls – DNS Management & NNSA Assistant Managers for Safeguards and Security (AMSSs) & Site Office AMSSs • Quarterly Program Reviews. • Increased Communications and Partnership • Increase Sharing and Communications Between NA-71, Site Office Points of Contacts & SEC-LLC • SEC-LLC Participation & Integration with various Security Working Groups • Participation on the Security Reforms Communication Team • DNS Quarterly Performance Improvement Bulletins The effectiveness of the DNS EPAP is dependent upon how well the results are communicated Slide 18
Targeted Distributions and Partnerships • Classification • Cyber Security • Facility Security • Human Reliability Program • Information Protection • Incidents of Security Concern • Personnel Security • Physical Security • Operational Security (OPSEC) • Material Control & Accountability • Federal Points of Contact • Protective Force • Program Management • Training Managers • Safeguards & Security Information Management Slide 19
Performance Improvement News Bulletin Translating Events into Actionable Information Integration of HPI principles into communication products Analyses of patterns and trends in incidents and reportable occurrences Communication of high leverage lessons and actions Recognition for developing and sharing lessons learned Slide 20
Defense Nuclear Security Lessons Learned CenterContact Information… Webpage: http://dns-lessons.lanl.gov/ Help Desk/Resource Center • (505) 665-0196 • sec-llc@lanl.gov Slide 21
Enhancing the Defense Nuclear SecurityLessons Learned Center Questions? Slide 22