UNCLASSIFIED

Slide 1

Defense Nuclear Security Lessons Learned Center

Enhancing theDefense Nuclear SecurityLessons Learned Center

Patricia Blount – DNS-LLC Project LeaderOEC Workshop

SLAC - May 5, 2010

UNCLASSIFIED

Slide 2

DNS SEC-LLC Mission

The Security Lessons Learned Center (SEC-LLC) was established in 2007 by the Defense Nuclear Security (DNS) to provide an infrastructure for gathering, archiving, and communicating security lessons learned related to physical safeguards and security (S&S) issues across the NNSA Enterprise.

Provide a platform to encourage and facilitate the sharing of lessons learned information.

UNCLASSIFIED

Slide 3

Program Drivers

DOE O 210.2, DOE Corporate Operating Experience/Lessons Learned Program (OEC)

DOE O 226.1A, Implementation of Department of Energy Oversight Policy

NA-1 SD 226.1A, NNSA Line Oversight & Contractor Assurance System Supplemental Directive

DOE Manual 470.4-1 Chg 1, Safeguards and Security Program Planning and Management

Part 1, Section F, Performance Assurance Program

Part 1, Section G, Survey, Review and Self-Assessment Programs

UNCLASSIFIED

Slide 4

Lessons Learned Operating Experience Program

Operating Experience Program

The purpose of the DNS Safeguards and Security Operating Experience Program is to capture and apply lessons taken from operating experiences from across the National Security Enterprise in order to avoid repeat events, anticipate and mitigate undesirable consequences, and replicate best practices.

Experiences are important to replicate awarenessLessons are important to replicate learning

UNCLASSIFIED

Slide 5

National Security Enterprise (NSE) Promote the Lessons Learned Center by

leveraging the efforts of designated Points of Contact (POCs) at the site level.

UNCLASSIFIED

Slide 6

Points of Contact

UNCLASSIFIED

Slide 7

Infrastructure

Webpage Web-based Homepage available on open network – linked to HSS and other

DOE/NNSA websites Timely posting and dissemination of security communications

Database Microsoft Access database maintained by DNS-LLC for archiving, tracking,

trending and reporting Operating Experiences Compatible with the Office of Health, Safety and Security (HSS) database (DOE

Corporate) DNS-LLC uploads to HSS for posting to DOE Corporate Shared Resource between Safety, Security, and Project Management

Professionals Gatekeeper Authority - Approve user access to security related lessons learned

Help Desk Call-In and E-Mail Resource Center

UNCLASSIFIED

Slide 8

Website

http://dns-lessons.lanl.gov/

UNCLASSIFIED

Slide 9

Security Smarts

UNCLASSIFIED

Slide 10

CSI: Contemplating Security Incidents

UNCLASSIFIED

Slide 11

Operating Experience Template

Forms & Field Descriptions• Topical/Sub-Topical Area• Date• Originator• Site• Publish Anonymously• Title• Facility/Site POC• Derivative Classifier/ Reviewing Official

Lesson Learned • Discussion of Activities• Lesson Learned Summary• Analysis• Recommended Actions• Estimated Savings/Cost Avoidance• Keyword

UNCLASSIFIED

Slide 12

Quarterly Tracking/Reporting

UNCLASSIFIED

NNSA’s Enterprise Re-Engineering and Management Reform

Slide 13

Six-Month Moratorium on NNSA Initiated Assessments

(January – June 2010)

Contractor Assurance Systems (CAS)

Contractor Performance Evaluation Plans (CPEP)

Enterprise-wide S&S Assessment Plan

Security Requirements Reform

Safeguards and Security Evaluation and Performance Assurance Program (EPAP)/ Management Systems Assurance Program (MSAP)

Align with Secretarial objective to reply more on Contractor Assurance Systems

UNCLASSIFIED

Operating Experience Program Operational Awareness

Slide 14

Operational Awareness• Office of DNS S&S Evaluation and Performance Assurance Program

(EPAP)

“…those activities that ensure operations are securely performed; provide early identification of vulnerabilities; and ensure that there are effective lines of communication between organizations performing the work…

Operational awareness also extends to management activities including maintaining a current awareness of the status, conditions and issues that

may affect operations; performance expectations and measures; and contract deliverables or requirements. Operational awareness is not a

scheduled activity…”

Operational Awareness is a continuous process

UNCLASSIFIED

Operational Awareness

Slide 15

What data is meaningful?

Ensure that data is being analyzed & understood

Communicate the operational aspects of S&S performance

Ensure the application of relevant lessons learned/best practice

Operational Awareness relies on timely data toanticipate shortfalls and focus resources, identify issues,

gauge “weak signals,” and determine whereassistance is needed in the field

UNCLASSIFIED

Screening & Distribution Process Improvements

Slide 16

The SEC-LLC will “coordinate with the Office of Security Operations and Performance Assurance on the extent of the distribution of the lessons learned/best practice.”

Significant – Major Impact on Operations or Policy

• Special Markings

• Site Office must provide “Positive Response”

Routine

• Entered into the SEC-LLC and HSS databases

• Targeted distribution through normal means

Ask – “Why it occurred, not just what”

UNCLASSIFIED

Slide 17

Operational Awareness Data Analysis, Tracking, and Trending

Lessons Learned/Best Practices

Management System Assurance Program Reports (MSAP)

Site Self-Assessments & Periodic Reviews

Performance Metrics/Measures

Other sources including, but not limited to:

Office of Independent Oversight

Inspector General Reports

Line Oversight & Contractor Assurance System (LOCAS)

Safeguards and Security Information Management System (SSIMs)

Occurrence Reporting and Processing System (ORPs)

Enforcement Actions/ Reports

Review of safety-related lessons learned (e.g., conduct of operations, risk management) to determine whether aspects of safety lessons learned have applicability to S&S programs

UNCLASSIFIED

Slide 18

Communicating Data Enterprise-Wide

Periodic briefings provided to NNSA Administrator, Deputy Administrator for Defense Programs, and Site Office Managers

Monthly Conference Calls – DNS Management & NNSA Assistant Managers for Safeguards and Security (AMSSs) & Site Office AMSSs

Quarterly Program Reviews.

Increased Communications and Partnership

• Increase Sharing and Communications Between NA-71, Site Office Points of Contacts & SEC-LLC

• SEC-LLC Participation & Integration with various Security Working Groups

• Participation on the Security Reforms Communication Team

• DNS Quarterly Performance Improvement Bulletins

The effectiveness of the DNS EPAP is dependentupon how well the results are communicated

UNCLASSIFIED

Additional Interest Groups• Training Manager’s Working Group • Office of Science• National Training Center• HSS OEC Working Group• Office of Enforcement

• EFCOG Security Working Group (SSWG)• Security Awareness Special Interest Working Group (SASIG)• National Security Information Exchange (NSIE) • United Kingdom Counterparts

Targeted Distributions and Partnerships

Slide 19

Classification

Cyber Security

Facility Security

Human Reliability Program

Information Protection

Incidents of Security Concern

Personnel Security

Physical Security

Operational Security (OPSEC)

Material Control & Accountability

Federal Points of Contact

Protective Force

Program Management

Training Managers

Safeguards & Security Information Management

UNCLASSIFIED

Performance Improvement News Bulletin

Translating Events into Actionable Information• Integration of HPI principles into

communication products

Analyses of patterns and trends in incidents and reportable occurrences

Communication of high leverage lessons and actions

Recognition for developing and sharing lessons learned

Slide 20

UNCLASSIFIED

Defense Nuclear Security Lessons Learned CenterContact Information…

Webpage: http://dns-lessons.lanl.gov/

Help Desk/Resource Center• (505) 665-0196 • sec-llc@lanl.gov

Slide 21

UNCLASSIFIED

Enhancing the Defense Nuclear SecurityLessons Learned Center

Questions?

Slide 22