1. 1 7/24/09 National Nuclear Security Administration Office of Defense Nuclear Security (DNS) DNS Security Lessons Learned Program Ted Wyka Director, Security Operations and Performance Assurance September 13, 2011

2. 2 DNS Lessons Learned Program The DNS Security Lessons Learned Center was created and hosted by the Los Alamos National Laboratory (LANL) in 2007. DNS recognizes the work and dedication LANL has put into this effort and is transitioning the program to HQ operations to become the DNS Lessons Learned Program (DNS-LLP) The mission of the DNS-LLP is to identify, capture, and share information collected as a result of operations, exercises, training events, and other sources for the purpose of enhancing an organization’s performance to accomplish their tasks. The DNS LLP will perform this mission by: –Analyzing data collected from Evaluation Performance and Assurance Program (EPAP), assessment reports, incidents, and other sources for relevant lessons learned, best practices, or success stories. –Making this information easily retrievable by the users quickly without performing a database query each time. Quick Search capability on the web page Each line has a summary and a link to the relevant full report –Establishing effective two-way communication between the HQ Program Office, Site Offices and Contractors (i.e. active working panel which will address what the sites want/need from the HQ DNS-LLP) –Bottom line: Promote information sharing throughout the NSE

3. 3 DNS Lessons Learned Program The main objective of the DNS-LLP is to be an aid to site operations. –DNS-LLP will provide this service to the sites by reviewing the volumes of various data already collected at headquarters to: Look for trends –Look for metrics and trends that may be common to more than one site Look for best practices –Can the practice be used at other sites? Is it relevant to others? Look for Lessons Learned –Does it apply to other sites? What are the benefits? Useful, relevant information will be communicated to the sites: –Website Quick Search feature –The DNS-LLP will be augmented by a working group among the NNSA security organization to help shape and direct the program. The working group will Discuss the relevance of what is mined and disseminated by DNS-LLP Discuss the program and suggest changes to the program, either to the website or to other aspects of the operations –Identify and promote sharing of documents other than Lessons Learned or Best Practices

4. 4 DNS Lessons Learned Program Data will not just be entered into the program by users DNS LLP will use data from Assessment Reports, Findings, Corrective Actions, Incidents of Security Concern (IOSC) and others. DNS-LLP will actively analyze the collected information for relevant lessons learned, best practices, or success stories that may be of interest to the sites. Data review will be done by the DNS-LLP team and the NA70 SMEs when their expertise is needed in their specific areas. Webpage Quick Search Feature allows for quick review of data by the user By year By category, Lessons Learned (LL), Best Practices (BP), Success stories (SS) Summary with link to full report in the database Makes searching for relevant information much easier than executing a database query Work with HSS to implement new data features that can be a benefit to the DNS Enterprise. Product called Autonomy, which will allow “Google” like searches of the stored data. Currently installed and in test.

5. 5 SUMMARY Start date for DNS Lessons Learned Program is 1 Oct 2011. Aid the sites by mining data already in review supporting such programs as EPAP (Evaluation Performance and Assurance Program), IOSC (Incidents of Security Concern), and results of various oversight and assurance reports for relevant Lessons Learned, Best Practices and Success Stories. Communicate this information in easy to use tabular list (Website Quick Search) Use the DNS working group to keep members informed and energized. Issues can be quickly brought to management attention by the team for resolution.