SLAC to Participate in DOE Cooperative Protection Program
Since 2001, the Department of Energy has been using a cyber monitoring tool called the Cooperative Protection Program. The CPP includes sensors deployed at the network boundaries of most DOE sites. The sensors collect data about the network traffic at the sites’ Internet boundaries and allow DOE cyber analysts a broad view of network traffic for threat trending, incident analysis and network forensics. A recent upgrade will enable CPP activation at SLAC in mid-September. Participation in the program will allow DOE cyber analysts to incorporate data from SLAC and leverage expertise of the SLAC cyber security team in confronting shared network-based threats, usually emanating from foreign sources.
In general, the CPP sensors forward summary data but not content of all cyber traffic entering or leaving the DOE network at SLAC. In addition to the summary data, some data critical to modern cyber incident analysis are also captured, including domain or DNS queries, and certain fields from http (Web) requests.
The U.S. Government maintains ownership or oversight of all uses of its computing resources, including data and e-mail transmitted within its internal or external network or on its computing and storage equipment and devices, including those at SLAC.
There have been very few occasions when management or government agents have needed to examine these communications, data transfers or e-mail, usually in conjunction with counter-intelligence/espionage investigations, criminal investigations or personnel actions.
In an effort to maintain transparent communication with the employees at the lab, we in management want to make you aware of the activation of the CPP sensor and also remind you about your obligation to use the SLAC network and computers for business purposes; however, the policy allowing incidental personal use of the Internet and other computing resources, consistent with SLAC policy, is unchanged.
The installation of the CPP sensor and supporting infrastructure will enable SLAC to work more closely with the government cyber security teams and be in alignment with the other national labs, balancing scientific pursuits while protecting the laboratory's and government's information resources