The Office of Cyber and Security Assessments is responsible for the independent evaluation of the effectiveness of safeguards and security and classified and unclassified cyber security policies and programs throughout the Department, including protection of special nuclear material, and classified and sensitive information. The Office has established and maintains a continuous program for assessing the security of DOE facilities through expert program and technical analysis, including a systematic approach to performance testing that is applied across all security disciplines. This includes a continuous program for assessing the security of DOE classified and unclassified networks through detailed network penetration testing to detect vulnerabilities and risks that could be exploited by sophisticated adversaries and terrorists, and maintaining and managing a Composite Adversary Team to run exercises that test the capabilities of facilities storing special nuclear materials to counter threats posed by terrorists in a manner that is realistic and safe. The Office analyzes trends and studies complex-wide issues in order to provide feedback on essential security and information assurance practices to DOE Senior leadership, program and field managers, and contractors.
- Conducts regular evaluations of safeguards and security programs at DOE sites that have significant amounts of special nuclear material, classified information, or other security assets. The scope of the evaluations includes any or all aspects of safeguards and security including physical protection of special nuclear material, accountability of special nuclear material, protection of classified and sensitive information, personnel security, and foreign visits and assignments.
- Conducts special reviews on issues that may arise from time-to-time or which may be mandated by the Secretary.
- Develops recommendations and opportunities for improving safeguards and security and cyber security by line organizations.
- Assesses new vulnerabilities and the effectiveness of DOE policies governing physical protection strategies and classified and unclassified cyber security.
- Conducts annual evaluations of classified information security programs for DOE as required by the Federal Information Security Management Act.
- Conducts independent special studies of safeguards and security and cyber security topics of interest to the DOE community.
- Conducts physical and cyber security performance testing and manages a cyber security testing network that evaluates the effectiveness of state-of-the-art cyber security tools.