This week, the final version of the new DOE Cybersecurity Directive entered Revcom for concurrence. Berkeley Lab strongly supports the new direction provided by the Directive, and its renewed focus on balanced risk management, a mission-centric view of risk, and the role of the Contractor Assurance System in providing reasonable assurance to the Department of Energy that the Laboratory is operating an effective, efficient, responsive, and balanced cyber security program.
In 2011, we'll be working on refining and improving our contractor assurance mechanisms to reflect these changes. We'll also be beginning our new "System Authorization" process which will be grounded in the values instantiated in the new Order, and in the Office of Science's new Risk Management Approach Implementation Plan.
As always, we'll be focusing on ensuring that Science and Operations are appropriately protected, that decisions about protections are weighed with risks to the conduct of research and the culture of the laboratory, and that individuals closest to the work take responsibility for understanding and protecting their information and systems.
We believe that the changes in the Directive will result in more effective cyber security efforts at Berkeley Lab and across the Department, as we focus our resources on the most serious risks to our operations and the Department focuses its resources in a similar manner.
We'll be keeping you updated on our progress throughout the year.
