Subject: Note from ADEPS
From: "Susan Seestrom"
Date: Fri, June 5, 2009 5:53 pm
Cc: "Terry Wallace"
Cyber security continues to be a concern at the Laboratory. There has been a dramatic increase in targeted phone calls (those targeting a specific person). Recently examples are calls claiming to be from local banks, local medical facilities. The caller knows your name and telephone number and solicits personal identifying information. Do not give out your personal information. If you think it could be legitimate, call back to the normal phone number for the organization if it reputes to be one you deal with.
We have also been hit by war dialing - over 40,000 calls this last weekend. Phone calls that solicit PII or other suspicious information should be reported to the SIT (Security Inquiry Team 665-3505) The lab have moved to proactive defense, so let NIE (Network Infrastructure and engineering) Organization (667-6430) know if you have a legitimate requirement to collect information through phone calls.
We continue to see new threats involving email. The Lab received 3.664M emails last month from external resources; NIE stripped 1.728M of these emails because they appear to be SPAM. They also stripped between 100 and 2000 emails a days for virus content in the last month
A new threat: targeted nation-state spearfishing. One example from this week: a collaborative community of researchers (internal + external) with a shared email list was targeted. Someone appearing to be known to the group solicited information from the members of the lists about z number or password. A few people responded. When malicious outsiders have this information it can be used to compromise our network security.
Report emails that solicit information such as Z numbers, passwords, or PII to the SIT. NIE is proactive in shutting down external URLs/IP addresses solicit information: please let them know if you are using these types of services.
Privileged Computer Access for Non-US Citizens
Once again I request your patience in working through the problems posed by the new computer system designed to track, justify and approve computer access for Non-US Citizens. The implementation has been very rough, as I know from the amount of time it has taken me to approve them. I have spent quite a bit of time working with Tom Harper and Nat Farnham in CIO to resolve the numerous problems we have encountered. We received a one time extension to the process. This means that we have until June 12th to either obtain approval for privileged access - or to remove that access.
AS of this morning there were about 130 cases in which the host had not submitted the request for approval thru the PUAR system. Many of these may not really need to be submitted (because that system was mistakenly identified as needing privileged access, for example). My plea is that all hosts/co-hosts of foreign nationals ensure that the data has been entered into the PUIAR system for EACH SYSTEM to which your FN needs privileged access. Your division leaders have the complete data base on what is in this system and they can provide information if you are unsure that state of your requests.
I would also like to remind you all that the laboratory has been negotiating with NNSA at the highest levels to develop an approval process for privileged access on appropriate machines for Foreign Nationals from countries the Department of State has deemed "sensitive" (http://int.lanl.gov/security/isec/fva/countries.shtml). At this time we have not received final approval on this process - Terry Wallace is personally strongly engaged on this and he is optimistic we will have a process, but it is not yet approved. Until such an approval is obtained we have until June 12th to remove PA accounts for foreign nationals on the various machines/clusters that have not been re-approved by this new PUAR process. This will unfortunately require us to begin removing such accounts, including all those for sensitive FNs. We will continue to work toward an approval process for the needed tools for all our workforce to accomplish their work.
I understand this may have very significant impacts to the productivity of many of our foreign national employees and visitors. We must also comply with the policies that NNSA has laid out for us. Be assured we will work tirelessly to find ways to mitigate the impacts of this policy.
Electrical Safety Improvement
Safety incidents continue to be a grave concern of mine; one of our divisions has an incident almost every week and I am concerned that the sheer volume is a warning that a serious incident could happen at any time. Please, please ensure you are trained and authorized to perform work or tasks, and be vigilant and careful when you perform them. In particular - student mentors ensure your students are properly supervised, that they have appropriate training, and they understand what work they are allowed to do. Students - be sure your understand what you have been authorized to do - and if you have ANY questions ask you mentor (and if she/he is not available ask your team leader or group leader).
Right now the Lab is emphasizing electrical safety and we are asking that all of you take some actions to raise your awareness regarding responsibilities, qualification and training, to assure your electrical equipment is safe, and that IWDs adequately reflect potential dangers. This is why:
There have been twelve electrical incidents this FY:
* There have been 6 electrical events in March 2009.
* Two were serious shocks, to programmatic workers.
* Three resulted from work control omissions, using a voltmeter on energized circuits (Mode 2 work) without authorized work control (without a proper IWD)
* Three involved workers not qualified.
* Two involved unlisted, unapproved electrical equipment.
* One involved inferior quality equipment.
* One was a deenergized phone line struck during excavation.
* Two were clearly Human Performance related
* At least one could have resulted in a fatality if luck had not been on our side
Now let me tell you about another incident of concern that occurred just this last. On May 27, 2009, the Science Technology and Operations FOD declared a management concern relative to work management and worker qualification discrepancies identified on a pulsed magnet replacement. On May 21, 2009, the Materials Physics and Applications National High Magnet Field Laboratory (MPA-NHMFL) acting group leader became aware that a NHMFL student had inadvertently removed a cable connected to the cell safety switch while replacing a pulsed magnet in Cell 3 of the NHMFL. The cell safety switch, an engineering control, isolated the magnet from the 1.6 mega joules (MJ) capacitor bank energy source. A NHMFL technical staff member had tasked the student to replace the magnet due to its failure. Preliminary review found the magnet replacement work had not been properly authorized. The review identified the following discrepancies with the pulsed magnet replacement work:
* The MPA-NHMFL student has been in the NHMFL technical program for about two years. He had been assigned a mentor, but due to unusual circumstances, his mentor left and another mentor had not been re-assigned to the student.
* Work requests for students are processed through their supervisor which is usually a mentor. In this case, the student performed the magnet replacement work alone in Cell 3 of the NHMFL. The work request had not been processed through the student's supervisor; therefore, MPA-NHMFL management was unaware of the work until it was reported.
* Integrated Work Document No. NHMFL-35-124-l105-1, "Capacitor Control and Maintenance," defined the hazards and mitigating procedures for performing maintenance, repair or modifications of capacitor bank system. The IWD did not specifically address magnet replacement and the student had not been authorized to perform work under this IWD.
* Any maintenance, repair, or modification to the capacitor bank system must be performed by a qualified electrical work. The student, though extensively trained, was not a qualified electrical worker.
The issues of work authorization and appropriate supervision have the potential to cause problems anywhere in our organization. We are fortunate that the magnet lab center leader was well versed in the hazards of pulsed power, that the issues surrounding this event were appropriately brought to his attention, and that he responded with appropriate urgency. Please think about how you or your colleagues might be placed at risk due to similar causes and take action if you find some.
Gordon Receives NNSA Safety Professional of the Year Award!
We are fortunate to have the best chief electrical safety office in the complex! Lloyd Gordon received the NNSA Safety Professional of the year award for 2008. Gordon displayed outstanding leadership in electrical safety, both at the Laboratory and across the Department of Energy, said Tom D'Agostino, NNSA administrator. He is a primary author of the Electrical Severity Measurement Tool, which is now used across the DOE complex to categorize and report electrical incidents. Gordon also provided leadership and technical guidance to nearly 150 group and division electrical safety officers and developed and delivered training to thousands of Lab workers.
Safe Drinking Water
AD Bob McQuinn presented information on drinking water at our LANL team meeting on May 29. In April, LASO directed that bottled water is an unallowable expense if safe drinking water is available. LANL and LA County both comply with the Safe Drinking Water Act of 1994. In 1993 LANL extensively evaluated drinking water and found trace levels of lead due to soldered joints in some water fountains. All of these have been removed from service. Since the LASO direction, safe drinking water access has been defined as a drinking fountain or kitchen sink. Access to only restroom supply is not considered acceptable. Bottled water can only be supplied if access to safe water is not available, and the FODs will work these issues. The Lab is analyzing water in buildings where there is some suspicion there might be a problem; none have been found. Although the origin of this issue was in the LASO determination on unallowable cost, this is a reasonable decision. for many other reasons. At a time of budget pressure there is no reason to spend money buying water when safe drinking water is available to us. Using the public water supply is more environmentally conscious than buying water and transporting it from other locations.
I wish you an enjoyable weekend and a safe and productive week!
Susan J. Seestrom, Ph.D.
Associate Director for Experimental Physical Sciences
Mail Stop A106
(505) 665-4454 FAX (505) 665-1293