Cybersecurity

DOE cyber arm preps risk management tool

critical infrastructure security (Ravil Sayfullin/Shutterstock.com) 

The federal cybersecurity agency designated with protecting the energy sector is creating a tool that could help commercial electric critical infrastructure providers put a price tag on managing cybersecurity risk for their networks.

Karen Evans, assistant secretary for the Department of Energy's Office of Cybersecurity, Energy Security, and Emergency Response, said company executives don't want a lot of granular detail on cybersecurity technology, they want to see the bottom line.

"They want to know for 'X' amount of dollars how much risk is being reduced in the enterprise," Evans said. "We're working on a tool right now that will answer that question."

Evans said at a March 14 meeting of the DOE's Energy Electricity Advisory Board that CESER is working with the Energy Department's National Labs on a formula the tool will use.

Earlier this week, DOE officials said CESER would get $157 million for grid cybersecurity to support early-stage research and development to improve security and resilience that will help private infrastructure providers "harden and evolve" their systems against man-made and natural events.

Part of the challenge, experts said, is keeping ahead of cyber threats to the electrical infrastructure as they move down through bulk supply systems to distribution systems.

Evans wants the tool to be easy to use for a wide range of personnel and provide actionable information that doesn't have to be decoded among internal operations.

"We want the interfaces to be really simple, so that your cybersecurity person can sit with your engineer and say, 'We need to ask for $10,000 and here's all the risk points that we're going to reduce.'"

Quantifying risk reduction is a critical piece of protecting electric critical infrastructure, according to Evans and experts at the event participating on a cybersecurity panel.

Critical infrastructure providers, said Scott Aaronson, vice president, security and preparedness at the Edison Electric Institute, have reached a more mature level of understanding of the threat to their facilities.

Instead of fearing individual attackers and their specific tactics, he said, critical infrastructure providers learn what they can protect against, but they are also preparing for an almost inevitable breach.

"You can't protect 100 percent of everything 100 percent of the time," he said. "That's a sign of maturity," he said. Electrical providers, he said, have to prepare to recover as quickly and as effectively as possible.

About the Author

Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.

Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, tele.com magazine and Wireless Week.

Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.

Click here for previous articles by Rockwell. Contact him at [email protected] or follow him on Twitter at @MRockwell4.


Featured

  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Stay Connected