One year after the White House released its executive order on improving the nation’s cybersecurity, federal agencies have gained critical insight into their cybersecurity postures and are using that information to refine their strategies.
The Department of Energy, for example, is moving away from a compliance-driven cybersecurity approach and toward one focused on mitigating risk. Ann Dunkin, chief information officer of DOE, said in a recent keynote address she’s encouraged by the new direction and is already seeing the benefits from the switch.
“That’s really the only way we can meet our cybersecurity needs,” Dunkin shared during at the Potomac Officers Club’s Reframing Cyber Posture Around Data Collection, Analysis and Action Forum.
“As we work to defend our posture, in concert with the new directives, in the face of increased threats and across the diverse missions, we will continue to focus on risk management and shift away from the compliance mindset that we’ve had in the past,” she continued.
Dunkin said the department realizes that incremental improvements to its cybersecurity capabilities are not an option. Instead, DOE is targeting bold investments to protect its vital infrastructure.
“We really need to make substantial changes in the way we operate to be successful and better defend our data and systems,” Dunkin stated. “So the scope of improvements includes not only information technology, but those that run critical infrastructure and safety systems.”
The department is responsible for a wide range of missions, including securing the nation’s nuclear weapons stockpile, developing clean energy technology and protecting the national energy grid.
But the department’s operational technology and supervisory control and data acquisition systems — known as SCADA — are not getting the focus, nor the funding, they need to effectively secure these missions.
“It’s very important, particularly for organizations like these, that we really pay much more attention to those spaces,” said Dunkin. “The administration has made a commitment to increasing spending to implement the EO and reduce technical debt and modernize infrastructure. I’ll recognize that the amount of money that we have appropriated does not meet the need as of yet, but hopefully over time, we will be able to close that gap.”
DOE’s cybersecurity for its operational technology environment is what Dunkin referred to as a “high priority investment” that is expected to enhance energy sector threat detection of anomalous behavior and identify malicious cyber activity more quickly and efficiently.
To learn more about the federal government’s cybersecurity and data strategies, join GovCon Wire Events for its Second Annual Data Innovation Forum on June 9. Marie Falkowski, director of artificial intelligence and data analytics for the digital innovation directorate of the Central Intelligence Agency, is scheduled to keynote the forum. Click here to register.