Energy's cyber office looks to keep industry in the loop

The head of the Department of Energy's cybersecurity office told a congressional panel she plans to distill threat and intelligence data into actionable reports for critical infrastructure providers.

Private sector personnel won't necessarily have to possess security clearances to view such reports, Karen Evans, assistant secretary of the DoE's Office of Cybersecurity, Energy Security, and Emergency Response, said at a Sept. 27 Capitol Hill hearing.

Evans, who has been at CESER for a month, told the House Energy and Commerce Committee she plans to combine threat and intelligence data into reports that energy sector critical infrastructure providers can act on immediately.

Critical infrastructure providers have complained about the Department of Homeland Security's efforts to share threat information, which can require infrastructure provider employees get security clearances to see that data.

"We're trying to take information that is informed by threat intelligence and overlay it with what we have, and take it to where it is actionable by the utility," she said. "You don't necessarily have to have a classified background behind it."

The approach, she said, would have CESER providing actions critical infrastructure providers need to take to blunt a threat when an immediate response is needed, without getting into the explicit, possibly classified, details of the threat itself.

"There are a lot of times when you really want to know what you're supposed to do. The 'why' can come later on," Evans said.