The Office of Cyber Assessments is responsible for the independent evaluation of the effectiveness of classified and unclassified computer security policies and programs throughout the Department. The Office has established and maintains a continuous program for assessing the security of DOE classified and unclassified networks through expert program and technical analysis, including detailed network penetration testing to detect vulnerabilities and risks that could be exploited by sophisticated adversaries and terrorists. The Office analyzes cyber security trends and studies complex-wide issues in order to provide feedback on essential information assurance practices to DOE Headquarters and sites.
- Assesses new vulnerabilities and the effectiveness of DOE policies governing classified and unclassified cyber security.
- Conducts annual evaluations of classified information security programs for DOE as required by the Federal Information Security Management Act.
- Conducts independent special studies of cyber security topics of interest to the DOE community.
- Conducts routine inspections of classified and unclassified cyber security programs at DOE sites.
- Develops recommendations and identifies opportunities for improving cyber security performance.
- Manages a cyber security testing network that evaluates the effectiveness of state-of-the-art cyber security tools.
- Maintains a continuous program of announced and unannounced testing for DOE network vulnerabilities through scanning and penetration testing.
- Performs complex-wide reviews of cyber security topical areas and institutes follow-up activities to ensure that identified issues are addressed in a timely and effective manner.
- Performs on-going analyses to identify trends and emerging issues in the cyber security arena.
- Provides a "rapid response" capability to perform special reviews for the Secretary of Energy and senior DOE managers.
- Provides input for the annual evaluation of DOE unclassified information security programs as required by the Federal Information Security Management Act.
- Conducts annual “red team” cyber security assessments of the National Nuclear Security Administration weapons laboratory computer networks to fulfill FY2000 National Defense Authorization Act security and counterintelligence objectives.
- Reviews other governmental and commercial cyber security programs to provide benchmarks for DOE performance.