Energy Department – National Nuclear Security Administration (NNSA)

Goal: Providing Cyber Defense to NNSA’s distributed federal enterprise.

Situation: The NNSA is responsible for the management and security of U.S. nuclear weapons, nuclear nonproliferation and naval reactor programs. It responds to nuclear and radiological emergencies both in the U.S. and abroad. NNSA’s Office of the Chief Information Officer (OCIO) must ensure that IT systems across the enterprise have the necessary cyber security protection and are aligned with the NNSA Strategic Plan and other DOE objectives.

OnPoint is responsible for enterprise network and security monitoring as well as incident response for over 40 NNSA and other DOE sites. These site have more than 24,000 users nationally and internationally. In addition, OnPoint supports the NNSA’s Enterprise Secure Network (ESN) and facilitates the secure exchange of classified information and capabilities across the DOE Nuclear Security Enterprise.

Approach: OnPoint provides a team of cybersecurity specialists, network and systems engineers, and forensic analysts at the NNSA Information Assurance Resource Center (IARC). Our specialists provide the following services:

Cyber Security and Information Assurance: The IARC Security Operations Center (SOC) performs 24x7x365 enterprise-wide security monitoring of all traffic passing through NNSA classified and unclassified networks. The center provides intrusion detection and event forensics. The IARC also serves as the Computer Network Defense Service Provider (CNDSP) for DOE and NNSA networks connecting to the Department of Defense (DoD) SIPRNet.

Incident Management and Incident Response: OnPoint’s Incident Response Program provides classified cyber security incident management for NNSA and incorporates our classified enterprise help desk with cradle-to-grave ticket management, technical assistance to NNSA sites, and facilitation of inter-agency cyber technical expertise communication.

Network Operation Center and Enterprise system support: The IARC Network Operations Center (NOC) team manages the ESN infrastructure within a Tier 4 data center. This high-efficiency, high-availability data center features 99.999% up-time, 1500 watts per square foot, and a 1.146 PUE rating.

Emerging Technologies Integration Support: OnPoint actively supports emerging technology integration for a migration to classified and unclassified cloud computing and virtualization, and continuously researches the integration of innovative and new technology. OnPoint also successfully implemented a security information and event management (SIEM) appliance to provide logging and security event management, which enabled IARC to actively manage logs while decreasing the number of security-related and compliance-related incidents. OnPoint led pilot implementations of a continuous monitoring solution and engineering tests of an intrusion prevention system, network monitoring switch, and network/application monitoring tool.

Impact: The IARC has not experienced a service outage for more than 3 years. NNSA continues to increase the scope, depth, and breadth of its overall situational awareness through increased and improved security monitoring, reporting, and forensic analysis.