The Office of Cyber Assessments is responsible for the independent evaluation of the effectiveness of classified and unclassified cybersecurity policies and programs throughout the Department. The Office operates two cyber security testing facilities for conducting internal and external penetration testing using state-of-the-art techniques to challenge and probe computer network security. The Office conducts announced penetration tests to evaluate internal and external threats, and unannounced penetration tests that are executed by a red team of cyber experts playing the role of an adversary to identify weak links that could expose a network to a cyber attack. The Office also analyzes cybersecurity trends and studies complex-wide issues to provide feedback on essential information assurance practices to DOE Headquarters and sites.
Fred West, Director
Chris McFearin, Deputy Director
The Office of Cyber Assessments maintains the following two sub-offices:
CYBER ASSESSMENT STRATEGY
The Office of Cyber Assessment Strategy is responsible for monitoring and analyzing information to support the development of strategies, plans, and recommendations for the Office of Cyber Assessment Operations to select and conduct independent assessments of DOE cybersecurity programs and performance. The Office maintains strategic assessment objectives and requirements, develops systems and implements procedures for tracking and monitoring cybersecurity assessments and reports, maintains a catalog of existing cybersecurity assessment capabilities, evaluates and responds to specialized and ad hoc cybersecurity advisory requirements, and examines complex-wide cybersecurity issues.
CYBER ASSESSMENT OPERATIONS
The Office of Cyber Assessment Operations is responsible for executing the independent assessment activities of the Office of Cyber Assessments, including its broad suite of announced and unannounced performance tests. Assessment reports provide recommendations and identify best practices for improving Departmental cybersecurity programs and performance. The Office also prepares the annual evaluation of DOE classified and intelligence cybersecurity programs required by the Federal Information Security Modernization Act of 2014.