How Energy's new cyber shop will work
- By Mark Rockwell
- Jun 11, 2018
With the rollout of its cybersecurity and security unit and longer-term cybersecurity strategy, the Energy Department is looking to ramp up its stake in infrastructure protection, one of the agency's top cybersecurity officers said.
"We're changing the game," Jennifer Silk, the Energy Department's senior cybersecurity advisor, said at a June 8 Capitol Hill event. The DOE's multipronged strategy includes the Cybersecurity, Energy Security, and Emergency Response (CESER) office created in February, as well as programs that will address gaps in privately owned energy infrastructure.
"Energy security is a national security issue," she said.Although the Department of Homeland Security also has overall responsibility to protect the nation's 16 critical infrastructure sectors, DOE has a niche role in that mission, according to Silk. And CESER (which officials pronounce "Caesar") is part of that effort.
"Think of [CESER] as a sector-specific agency in a box," she said in her short presentation at the forum. "It shows that cybersecurity is a core duty [for DOE], not an additional responsibility."
In a brief interview after her presentation, Silk told FCW the Energy Department's CESER and threat information sharing programs will work hand in glove with DHS infrastructure-protection efforts.
"DOE is the sector-specific agency," she told FCW. "We're responsible for providing tailored expertise specific to the energy sector. The better we do that, the better we enable DHS to do its mission for the broader national risk mission. We will continue to play that supportive role."
When asked about possible conflict with DHS' Automated Indicator Sharing (AIS) program that looks to both harness private sector threat data, as well as share its own threat indicator data with industry, Silk responded that DOE has the Cybersecurity Risk Information Sharing Program (CRISP),
"That is very specific for our sector," she said. "That's where our niche is. It's a little different than AIS, but they're complementary."
The idea for CESER and CRISP, she said, is that some threat data should be tailored to specific sectors, while DHS' effort serves the broader critical infrastructure cross-sector.
When asked how DOE avoids territorial differences with DHS' threat indicator data sharing program, Silk said her agency works closely with DHS to avoid overlap and conflict while efficiently allocating resources.
"Really cybersecurity and particularly critical infrastructure is a huge challenge. It's really all hands on deck," she said. "Energy underpins everything else, so it really needs the dedicated attention of a strong sector-specific agency like ours."
Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.
Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, tele.com magazine and Wireless Week.
Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.
Click here for previous articles by Rockwell.
Contact him at firstname.lastname@example.org or follow him on Twitter at @MRockwell4.