SLAC National Accelerator Laboratory

How SLAC National Laboratory revamped its cybersecurity

When officials at the SLAC National Accelerator Laboratory were handed the results of the Energy Department’s inspector general audit citing nine findings related to its compliance with the Federal Information Security Management Act,  Ben Calvert, the newly appointed chief information security officer for SLAC, knew the lab’s cybersecurity program had to change.

What's inside CSIP

With collaboration between network engineering and the cybersecurity teams, the Cybersecurity Improvement Program implemented:

Secure wireless (Cisco): Less exposure to Wi-Fi attacks, better user experience, improved productivity.

Secure mobility (AirWatch): Protects data on mobile devices, enables future mobility.

IP address management (NetDB): Faster resolution of incidents, lower overhead to network management.

Border firewalls (Palo Alto Networks): Strategic routing of network traffic and malware blocking.

Network intelligence (BRO): Network traffic information to aid with policy design/implementation and defense in depth.

The December 2013 audit uncovered problems with vulnerability management, change management, configuration management and security training, showing a wide range of problems across SLAC’s cybersecurity program.

“These were real issues," Calvert said. "They weren’t saying, ‘Hey, you forgot to patch a system’ or ‘You have a gap here.’ They were telling us these areas of our program need significant work, and so we took that to heart.”

Calvert and SLAC created the cybersecurity improvement program (CSIP), a $1.7 million effort to invest in new technologies, new processes and a reboot of the entire cybersecurity program. SLAC received the funding for the program in October 2014.

Because SLAC is a 24/7 science-driven organization, “the job of cybersecurity at the lab is to support the mission and to make sure that nothing hinges on our ability to do science.” Calvert said.

To make the new cybersecurity program successful, Calvert’s team connected with representatives from every business line and every key constituent group, then rewrote SLAC’s entire cybersecurity policy base, starting with making security invisible to the end user.  The lab installed a secure wireless network, security intelligence, monitoring and analytics tools and next-generation firewalls. Bringing these tools online wasn’t easy, according to Calvert, but it wasn’t the software that was the problem.

“We had a lot of work to do on the organization… make them understand that we’re looking at a new approach to cybersecurity.” Calvert said,  including making sure employees take training courses – by disabling accounts of employees who didn’t participate in training.

The process of implementing the CSIP took 18 months before it was launched in April 2015. And according to Calvert, there's clear evidence the plan has been a success: He’s not hearing complaints.

“If you have people who are unhappy dealing with the fallout of your cybersecurity solution, then you know you’re not doing it right. Sometimes the silence is deafening, and so it’s really the lack of issues being surfaced that we know that we’re doing something right.”

About the Author

Derek Major is a former reporter for GCN.


  • automated processes (Nikolay Klimenko/

    How the Army’s DORA bot cuts manual work for contracting professionals

    Thanks to robotic process automation, the time it takes Army contracting professionals to determine whether prospective vendors should receive a contract has been cut from an hour to just five minutes.

  • Russia prying into state, local networks

    A Russian state-sponsored advanced persistent threat actor targeting state, local, territorial and tribal government networks exfiltrated data from at least two victims.

Stay Connected