As directed by the Department of Energy (DOE), Berkeley Lab activated a new cyber security monitoring sensor in January, 2013. Unlike other cyber security monitoring which is only directly accessible to Berkeley Lab employees, the data collected by this sensor is accessible by DOE and DOE's contractors for the purposes of detecting malicious activity.
All Berkeley Lab employees and affiliates are required to complete a one-time acknowledgement of this monitoring. You can complete the training now (you'll need your employee/affiliate ID number).
Why did this happen?
Berkeley Lab has been directed by DOE Office of Science to install the sensor. Previously, installation of the sensor had been voluntary and Berkeley Lab had chosen not to participate in the program in its current iteration.
What is the purpose of the program?
The program is designed to provide DOE with a comprehensive picture of its cyber security status, allow for analysis and detection of suspicious activity across DOE, and support the counterintelligence and intelligence operations of DOE.
Do other Laboratories have this program?
Yes. Berkeley Lab was the last remaining DOE National Laboratory without this sensor.
What data is collected?
The sensors collect and monitor network traffic, which includes a variety of information:
- Domain Name Service (DNS) responses.
- Hypertext Transfer Protocol (HTTP) requests.
- Application client and server banners.
- Type of operating system.
- Summary data on network traffic (e.g. record of data between two network addresses).
What is the data used for?
Generally, the data is used by analysts at DOE to analyze and summarize network traffic patterns looking for malicious activity.
Who has access to the data?
The data is provided to a variety of DOE analysis centers and their staff, including DOE’s cyber analysis center and the operations staff at Pacific Northwest National Laboratory, which runs the monitoring program.
How is the data protected?
Analysis centers protect the data per their “concept of operations”. DOE has certified that the technical controls in the program are sufficient to protect the data.
Can I opt-out of this monitoring?
If you use the Berkeley Lab network, you cannot opt out of the monitoring.
Does this monitoring apply to my personal computer?
If you use the Berkeley Lab network, network traffic from any device - personal or otherwise - will be monitored. However, this does not authorize access to your personal devices or the data stored on your personal devices.
Does this affect what websites or services I can use, including incidental personal use?
No. This monitoring does not control or limit access to websites or services. This monitoring does not change Berkeley Lab's policy on Acceptable Use of Information Technology. Acceptable use includes business use and incidental personal use. Unacceptable use continues to cover the existing list in our policy, including copyright violations, sexually explicit materials, gambling, for personal gain, etc.
Why do I need to acknowledge this program?
Because of the unusual nature of the program, we are requiring a one time acknowledgement from all employees and guests. This approach replaces the previous paper-based cyber security acknowledgement that was used with new hires.