Currently, the PNNL network infrastructure is monitored on 5X24 bases, with limited on-call response by cyber security staff to combat intrusion, policy infraction, or attempted access. Availability of cyber security staff is currently on a volunteer basis. Monitoring by operator staff is only Monday through Friday on a 24 hour basis. Existing security alerting systems are not autocratically linked to our perimeter protection, nor do we have clearly delineated processes in place to respond to critical alert during non-normal working hours. The reply to the aforementioned issues was to develop and implement an automated monitoring and response system that integrates our real-time alerting systems with automated controls to react ~o critical alerts. For example, when our real-time alerting systems identify a workstation scanning I outside networks; the firewall can automatically block that specific workstation IP address. Security staff would verify and resolve this critical alarm during normal operation hours.