Chu: IT security a drag on Energy's mission

Energy secretary wants to balance information security, mission

Energy Secretary Steven Chu has said the Energy Department needs to consider whether its information security systems are worth the drag on its mission.

“We’re going to be looking at information technologies," Chu said at press briefing May 7 about the department's fiscal 2010 budget proposal. "Do we have the right balance between keeping our IT secure from viruses to how it compromises productivity?”

In an April 29 speech at the National Renewable Energy Laboratory in Golden, Colo., Chu said “well-meaning people” in the chief information officer’s office and in the procurement and finance offices “whose job it is to protect the Department of Energy” actually hinder what the department can do.

“They forgot the Department of Energy has a job, and it’s not to protect the Department of Energy. It’s to get something done,” he said. Terrible accidents and financial waste are bad things, he said, but added, “It has to be balanced against the mission of the department and so this is something that I feel very strongly about.”

Beyond IT, the department will undergo more core reforms, Chu said on May 7, adding that officials will take a thorough look at how Energy buys things and manages its property and then direct any savings to the department’s goals

“We really want to look very hard at the business operations of the Department of Energy,” he said.


About the Author

Matthew Weigelt is a freelance journalist who writes about acquisition and procurement.

The Fed 100

Save the date for 28th annual Federal 100 Awards Gala.

Featured

  • computer network

    How Einstein changes the way government does business

    The Department of Commerce is revising its confidentiality agreement for statistical data survey respondents to reflect the fact that the Department of Homeland Security could see some of that data if it is captured by the Einstein system.

  • Defense Secretary Jim Mattis. Army photo by Monica King. Jan. 26, 2017.

    Mattis mulls consolidation in IT, cyber

    In a Feb. 17 memo, Defense Secretary Jim Mattis told senior leadership to establish teams to look for duplication across the armed services in business operations, including in IT and cybersecurity.

  • Image from Shutterstock.com

    DHS vague on rules for election aid, say states

    State election officials had more questions than answers after a Department of Homeland Security presentation on the designation of election systems as critical U.S. infrastructure.

  • Org Chart Stock Art - Shutterstock

    How the hiring freeze targets millennials

    The government desperately needs younger talent to replace an aging workforce, and experts say that a freeze on hiring doesn't help.

  • Shutterstock image: healthcare digital interface.

    VA moves ahead with homegrown scheduling IT

    The Department of Veterans Affairs will test an internally developed scheduling module at primary care sites nationwide to see if it's ready to service the entire agency.

  • Shutterstock images (honglouwawa & 0beron): Bitcoin image overlay replaced with a dollar sign on a hardware circuit.

    MGT Act poised for a comeback

    After missing in the last Congress, drafters of a bill to encourage cloud adoption are looking for a new plan.

Reader comments

Tue, May 19, 2009 Anonymous please

It's only special nuclear material... and human safety... bah humbug! Agency mission is more important! Chu: "If we have a terrible accident, that would be terrible". I wonder if his personal information was stolen when UC Berkeley lost all those personal information records...oh those darn security rules get in the way of getting things done. Right?

Thu, May 14, 2009 DOEWatcher

Everyone who thinks this guy is crazy needs to take a deep breath. If we are at the point where anyone who questions the balance between security and work is considered a heretic, we have a really really serious problem on our hands as a community. No one is going to take security seriously if the entire conversation about risk is reduced to: error on the side of caution. That's just a ticket for not so smart IT people to lock-down everything and prevent all work from happening. Security people need to be an input to risk-management, not in charge of it.

Wed, May 13, 2009

Our IT Sec team was amused based on the following e-mail exchange with various contributors who shall remain nameless:---------------------------------------------------------------------------------a posting on the cisspforum contained this link. Stupid, stupid, stupid things for the most senior official to say....
----------------------------------------
"Do we have the right balance between keeping our IT secure from viruses to how it compromises productivity?”
Suppose he sees no link between the two ?
----------------------------------------
At least he's not Canadian !
----------------------------------------
Stupidity knows no pay grade....
----------------------------------------
Is not like they have had any lost data or espionage issues involving the nuclear sector....
----------------------------------------
ALMOST feeling sympathy for the poor guy but.....must take one parting shot.
This gem from his 35 page speech: "If you can’t get an idea out in less than 20 pages there’s something wrong with the idea."

Wed, May 13, 2009 just a citizen MD

Excuse me. Wasn't just a couple of weeks ago that the headlines and lead stories were about the dire consequences of our national power grid being hacked and viruses being placed in them? Well by all means let's make it easier to hack into secure systems. Yes, we need a balance but isn't it better to "err" on the side of caution.

Wed, May 13, 2009 Maryland

It's not security itself that's the problem. It's the corporate Windows botnet security model. You just can't get any work done when your disk is at 100% utilization running virus scans all the time, crashing due to the probing that the apps weren't designed for, blocking outbound ports you know about and need, and getting critical system files quarantined. When it comes down to that kind of pain, it's a lot easier to strike that balance by installing a Linux desktop, locking down everything inbound but ssh, and staying up to date. It's probably better to go to a hypervisor based model so OS installations are disposable (incidentally, its how a lot of people run their Linux installations). That way, most security checks can be made safer by moving them out of the OS if they aren't already done by a network IDS.

Show All Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group