Rick Perry, former Governor of Texas and the U.S. Secretary of the Department of Energy (DOE) established a new Office of Cybersecurity, Energy Security, and Emergency Response (CESER) at the U.S. Department of Energy (DOE).
CESER is in President Trumps budget for an allocation of $96 M to increase DOE’s ability to respond to cyber terrorism and physical infrastructure security issues. The office will be led by a yet to be named Assistant Secretary.
“DOE plays a vital role in protecting our nation’s energy infrastructure from cyber threats, physical attack and natural disaster, and as Secretary, I have no higher priority,” said Secretary Perry. “This new office best positions the Department to address the emerging threats of tomorrow while protecting the reliable flow of energy to Americans today.”
This fits into the existing strategic initiatives, which Tony Scott the US CIO has comment on as well and embedded here to elaborate.
The Strategy identifies three crosscutting principles:
- Information is a Departmental asset. Improve information sharing to support the mission. The Department will provide stakeholders with discoverable, high-quality information, when and where they need it, with an emphasis on four key topics:
- Effective information sharing and safeguarding requires a distributed, standards-based risk management approach. Information Availability: Enable discovery and appropriate access to information. Architecture: Design and implement modern, standards-based information technology and data architectures.
- Public trust is critical to mission success. The Department will apply these principles across four strategic goals. Collaboration: Facilitate a culture of communication and collaboration
- Share enterprise information more effectively with authorized users. Information Technology Enhancement: Provide innovative solutions and enhance existing technologies.
- Safeguard information against cyber threats. Adopt information management policies, guidance, and best practices. We will transform the value of data by investing in cyber best practices and tools, standardizing existing sharing agreements, and providing the necessary frameworks (terms and conditions), such as: the National Information Exchange Model, Cybersecurity Information Exchange Framework, Structured Threat Information Expression, Trusted Automated Exchange Indicator Information and the Systems Engineering Body of Knowledge.
- Win the competition for cyber talent. . That means that we have to be as nimble, as aggressive, and as well resourced as those who are trying to break into our systems. Cyber professionals are in high demand. It is imperative that we attract and retain an elite workforce in science, technology, engineering, and mathematics if the Energy Enterprise is to overcome rapidly evolving cyber challenges. To address this need, we will modernize the mechanisms by which the Department recruits, shapes, and retains a diverse and highly capable cyber workforce.
- Mature and strengthen the Department’s cyber posture. Attempts are not going away. They will continue to accelerate on two dimensions: first, the attacks will continue to become more sophisticated, and secondly, as we remediate and strengthen our own practices, our detection capabilities will improve.
The success of the Strategy hinges on the Department’s ability to collaborate and innovate.
Given the recent news on information cyber warfare by Russia, it’s important to develop strategies to protect our natural resources.