Cybersecurity

Granholm says cyber R&D is a priority at DOE

Shutterstock photo ID: 200726867 By chuyuss 

Department of Energy Secretary Jennifer Granholm on Thursday said cybersecurity research and development will be a top priority for DOE technology programs in the agency's fiscal year 2022 budget and rebutted suggestions that the administration was not sufficiently prioritizing cybersecurity in the wake of multiple high-profile intrusions.

"I know from our industry partners that I have spoken to that they are totally focused on it and I am completely committed to getting them, and us the tools and the intelligence and the cyber response that they need to address the threats that are out there," Granholm said during a House Appropriations subcommittee hearing.

The secretary's comments were in response to questions from Rep. Mike Simpson (R-Idaho), the subcommittee's ranking member, who said the DOE's budget overview lacked any mention of cybersecurity.

"I was concerned to see not a single mention of cybersecurity in the DOE's budget overview," he said. "Cyber threats like these are persistent and increasing. As our world becomes more reliant on Internet-connected capabilities and technologies, we know that the cybersecurity challenge in front of us will increase in scope."

Simpson cited the hacking campaign against SolarWinds, the notable uptick in ransomware and the intrusion into a Florida community's water treatment plant that nearly resulted in the town's water supply being poisoned with dangerous levels of lye.

Granholm said she is refocusing the Energy Department's Office of Cybersecurity, Energy Security, and Emergency Response (CESER) on providing grid operators with threat intelligence and response capabilities. "I'm also going to be making sure that cyber R&D is a focus for all of our technology programs," she added.

In written testimony, the secretary also noted a 100-day plan announced by the White House in April to shore up the country's electrical grid.

The secretary also touted the April 12 hiring of Puesh Kumar, who led cybersecurity engineering at Southern California Edison, to head CESER on an acting basis.

Cybersecurity regulations can vary based on industrial sectors. For the water and wastewater treatment industry -- such as the Florida facility compromised earlier this year -- the Environmental Protection Agency is responsible for cybersecurity regulations. For the electrical industry, it falls to DOE.

In the aftermath of multiple cybersecurity incidents this past year, Biden administration officials have responded with their own flurry of efforts from various departments and agencies. The 100-day DOE plan to assess the country's grid is only one of those efforts.

At the White House, the administration has still not unveiled its wide-ranging cybersecurity executive order and is now devising a new plan to confront ransomware. Both the Justice Department and Homeland Security Department have established their own ransomware task forces.

Also at DHS, Secretary Alejandro Mayorkas during his confirmation hearing pledged to conduct reviews of the agency's two premiere cybersecurity programs -- Einstein and Continuous Diagnostics and Mitigation.

Asked about the status of Mayorkas' reviews, a spokeswoman for the Cybersecurity and Infrastructure Security Agency today declined to comment.

About the Author

Justin Katz is a former staff writer at FCW.


Featured

  • Workforce
    Shutterstock image 1658927440 By Deliris masks in office coronavirus covid19

    White House orders federal contractors vaccinated by Dec. 8

    New COVID-19 guidance directs federal contractors and subcontractors to make sure their employees are vaccinated — the latest in a series of new vaccine requirements the White House has been rolling out in recent weeks.

  • FCW Perspectives
    remote workers (elenabsl/Shutterstock.com)

    Post-pandemic IT leadership

    The rush to maximum telework did more than showcase the importance of IT -- it also forced them to rethink their own operations.

Stay Connected