Energy security policy drafted

The Energy Department has finished drafting its comprehensive cybersecurity policy, a top official said.

The policy, signed by Energy Secretary Spencer Abraham, is in line with the Federal Information Security Management Act (FISMA) of 2002, said department chief information officer Karen Evans, speaking today at an executive breakfast hosted by Federal Sources Inc. and the Information Technology Association of America.

FISMA, passed in December 2002 as part of the E-Government Act, updates the Government Information Security Reform Act (GISRA) of 2000, which expired Nov. 29, 2002. GISRA combined many federal security policies into one law.

"We view cybersecurity as a battle for supremacy," Evans said. "The process is a continuous improvement process."

As part of its strategy, the department has launched a massive effort to certify and accredit all its unclassified systems, she said.

Providing information technology security awareness training to employees is another key component, she said.

This summer, Energy officials hope to award a contract for the deployment of enterprise licenses across the department.