PNNL information security praised

Pacific Northwest National Laboratory’s programs to keep classified information secure were praised after a review by the Department of Energy Office of Security Enforcement.

A report on the May review released Tuesday identified 16 strengths in the Richland national laboratory’s security program.

“Staff has a wealth of site security and operational experience, and the personnel assigned to key positions appear to have a high level of professionalism and technical competence in accomplishing the mission of protecting national security interests,” the report said.

The review was PNNL’s second since it became the first laboratory reviewed after the Office of Security Enforcement was created about five years ago.

PNNL senior management is committed to the identification and resolution of security issues, the director of the PNNL Safeguards and Security Services Division told reviewers.

In July 2012, PNNL experienced a serious incident involving the potential loss of classified matter and the director and other staff members traveled to Washington, D.C., to brief the Office of Security Enforcement on PNNL’s efforts to address the incident and prevent recurrence.

The incident involved some classified matter that initially was not accounted for but eventually was accounted for, according to PNNL. As a result of the incident, several procedural changes were made.

The review team called inquiry reports “exemplary,” after looking at six security incident files. Reports were timely, well-organized and well-written, the report said.

The division is “proactive in responding to security incidents, and personnel are knowledgeable of program requirements and have years of investigative experience,” the report said.

It also pointed out a few ways the program could be improved, including formally documenting all deficiencies found, “including the low-level find-it-fix-it type issues resulting from monthly informal walk-through assessments.” That would provide a more accurate reflection of the program’s performance, it said.

However, the review team liked PNNL’s “heat map” process to depict security risk graphically, including the issues found on monthly walk-throughs and reviews. Issues such as unsecured doors, lost keys and improperly sent packages are ranked. When they build up to a predetermined threshold, the heat map identifies the area of concern for management’s attention.