U.S. Department of Energy NOTICE
DOE N 206.1
SUBJECT: ELECTRONIC MAIL ANALYSIS CAPABILITY
1. OBJECTIVE. To establish the pilot program to test the Department of Energy (DOE) Electronic Mail Analysis Capability (EMAC), which will be used to monitor and analyze outgoing and incoming electronic mail (e-mail) from the National Nuclear Security Administration (NNSA) and DOE laboratories that are engaged in nuclear weapons design or work involving special nuclear material. The purpose of the pilot program is to test whether e-mail monitoring is an effective device to address threats to DOE assets by foreign governments, groups, or persons that attempt to gather classified and other protected information through e-mail communications with DOE and contractor personnel. The pilot program will be implemented at Sandia National Laboratories, Los Alamos National Laboratory, Lawrence Livermore National Laboratory, and Pacific Northwest National Laboratory for 6 months.
The EMAC Pilot Program is being implemented at the direction of the Secretary of Energy, as a result of a study performed in accordance with Presidential Decision Directive/NSC- 61, "Energy Department Counterintelligence," which identified several cyber-related issues and called for the establishment of a Counterintelligence (CI)-Cyber Program.
2. CANCELLATION. None.
a. DOE Element. This Notice applies to all DOE elements, including the NNSA, that have access to DOE e-mail systems at the four sites.
b. Contractors. The Contractor Requirements Document (CRD) attached to this Notice sets forth requirements that apply to contractors, to the extent set forth in Major Facilities Management contracts. The CRD is intended for Major Facilities Management contracts at the four pilot sites that have access to DOE e-mail systems. Contractors are responsible for
(1) compliance with the requirements of this directive's CRD regardless of the performer of the work and4. REQUIREMENTS.
(2) flowing down the requirements of this directive's CRD to subcontracts to the extent necessary to ensure contractors' compliance with the requirements.
a. The purpose of this Notice is to promulgate the EMAC Pilot Program in accordance with the terms cited in this Notice in addition to subsequent information that the Office of Counterintelligence (OCI) will provide to each pilot site on EMAC.
b. All Secretarial Officers responsible for the EMAC pilot sites will ensure implementation of the EMAC Pilot Program in accordance with this Notice.
c. OCI will implement the EMAC Pilot Program in accordance with the Electronic Communications Privacy Act [18 United States Code (U.S.C.) 2510 et seq.], Executive Order 12333 (12-14-81), and the Privacy Act of 1974 (5 U.S.C. 552a).
d. OCI will define and develop a set of filtering criteria, approved by DOE General Counsel, and consistent with Executive Order 12333 and the Department of Energy Procedures for Intelligence Activities, to identify, through automated e-mail analysis, individual e-mail messages that indicate a CI concern. OCI and General Counsel must approve changes to the filtering criteria and the process by which the e-mail is analyzed.
e. The EMAC Pilot Program will archive a copy of all e-mail crossing facility boundaries and will write the e-mail to removable media (CD-ROM) for transfer to a classified system. Data will be processed through multiple layers of automated analysis based on criteria developed by OCI and approved by General Counsel. All cross-boundary e-mail will be archived for 3 months on CD.
f. Any e-mail message that does not indicate a potential CI concern, based on the defined criteria, will be deleted immediately from the classified system. All remaining e-mail will be written to removable media (CD-ROM) and then immediately deleted from the classified system. The CD will then be transferred to the CI data storage system for further analysis with additional automated tools. The aforementioned CD will be maintained for up to 1 year. Any e-mail associated with an ongoing inquiry or investigation will be maintained as long as legally and operationally required.
g. Actual review of e-mail content by a CI e-mail analyst will be permitted only where there is evidence of possible CI concern, in accordance with the following.
(1) For outgoing e-mail messages that involve a foreign national or have a source or destination in a foreign country (i.e., a foreign nexus), no approval is required.5. RESPONSIBILITIES.
(2) For incoming e-mail messages that involve a foreign national or have a source in a foreign country (i.e., a foreign nexus), no approval is required.
(3) For outgoing e-mail messages that indicate a CI concern by triggering on a CI filter other than foreign nexus, no approval is required.
(4) For incoming e-mail messages that indicate a CI concern by triggering on a CI filter other than foreign nexus, OCI approval is required prior to review of the e- mail message content. Requests to review e-mail involving U.S. persons must be submitted to EMAC@cn.doe.gov. All requests will be reviewed and OCI will provide responses on a weekly basis.
(5) Based on the e-mail review, two possible results can occur.
(a) E-mail judged to be benign and without CI concern is immediately deleted from the system.(6) The EMAC Pilot Program will be evaluated for 6 months after all four sites are operational.
(b) If a CI concern still exists, a CI investigation is initiated to resolve this concern. This investigation will follow the same rules of any CI investigation. Accordingly, CI e-mail analysts may request access to the archived e-mail in the possession of the system administration staff.
a. Secretarial Officers.
(1) Ensure that each request for a procurement requiring application of this Notice incorporates the requirements specified in the CRD.b. Office of Counterintelligence.
(2) Provide program and project direction at the pilot sites consistent with OCI policy, requirements, and the terms of this Notice.
(1) Ensure that the EMAC Pilot Program is implemented at the four pilot sites in accordance with the statutes listed in paragraphs 4a and b.c. DOE General Counsel.
(2) Oversee development of a set of filtering criteria for the EMAC Pilot Program.
(3) Review and approve changes to the EMAC filtering criteria.
(4) Advise contracting officers of Major Facilities Management contracts as directed by program elements.
(5) If evidence of a possible CI concern exists, approve the review of e-mail content by a CI e-mail analyst.
(6) OCI will provide each pilot site with funding for the actual labor costs incurred by the system administration and security functions of the EMAC process. Each pilot site will be required to produce full accounting and documentation in support of these functions by preparing monthly reports of all tasks performed for the EMAC process.
(1) Review and approve the e-mail filtering criteria and any subsequent changes defined by OCI.d. Albuquerque, Oakland, and Richland Operations Offices.
(2) Review responses to requests for information relating to the Pilot Program and collected by the Pilot Program.
(1) Take actions to make the CRD for this Notice enforceable under the prime contracts for the four pilot sites.6. CONTACT. For assistance with this Notice, contact the Office of Counterintelligence at 202-586-5901.
(2) Insert CRD into Major Facilities Management contracts as directed by program elements.
BY ORDER OF THE SECRETARY OF ENERGY:
CONTRACTOR REQUIREMENTS DOCUMENTThe following requirements apply to the Department of Energy (DOE) prime contractors at the four pilot sites: Sandia National Laboratories, Los Alamos National Laboratory, Lawrence Livermore National Laboratory, and Pacific Northwest National Laboratory.
DOE N 206.1, ELECTRONIC MAIL ANALYSIS CAPABILITY
1. All contractor organizations at the participating Government-owned laboratories will implement the Electronic Mail Analysis Capability (EMAC) Pilot Program.
2. As directed by DOE, through the applicable contracting officer, the system administration staff will capture and archive a copy of all e-mail crossing facility boundaries and will write the e-mail to removable media (CD-ROM) for transfer to a classified system for automated analysis in accordance with the EMAC Pilot Program.
3. E-mail captured on a daily basis will be archived by the system administration staff for 3 months.
4. The system administration staff will load the daily e-mail archive as directed by the Office of Counterintelligence (OCI) to the classified system for automated processing and will initiate the automated tools in accordance with the EMAC Pilot Program as developed and implemented by the OCI.
5. The system administration staff will copy the e-mail that triggers on a filter to removable media (CD-ROM) for transfer to a site CI-controlled classified system for automated and interactive analysis by a CI e-mail analyst affiliated with the EMAC Pilot Program.
6. The system administration staff will maintain any e-mail identified by the automated tools in accordance with the EMAC Pilot Program.
7. The system administration staff will not make any changes to the automated tools and/or the process by which the e-mail is analyzed without the approval of the OCI and the DOE Office of the General Counsel.
8. Contractors are responsible for the following:
a. compliance with the requirements of this CRD regardless of the performer of work and
b. flowing down the requirements of this CRD to subcontracts to the extent necessary to ensure contractors' compliance with the requirements.
Source: Department of Energy