October 10, 2018

New DOE Office to Focus on Critical Infrastructure Protection

tomas okeefeBy Tom O’Keefe
Consultant
immixGroup, An Arrow Company

Opportunities for cybersecurity solutions may soon be presenting themselves at the Department of Energy, but they probably won’t be the traditional kind – like virus and malware protection. With the formation of the Office of Cybersecurity, Energy Security and Emergency Response (CESER), DOE is taking on wider cybersecurity responsibility for the U.S. energy sector that includes threat intelligence and cyber situational awareness.

Karen Evans, a long-term player in the federal technology space, was confirmed as DOE assistant secretary for CESER last month. CESER’s charge is to build up cybersecurity capabilities to protect the U.S. energy grid, as well as DOE’s own IT assets. The formation of this office reinforces the government’s priority focus on protecting critical infrastructure from foreign attacks.

More specifically, CESER will focus on:

Threat intelligence: CESER will act as a collection center for information on threats against the domestic energy sector, which is designated by the Department of Homeland Security as a part of U.S. “critical infrastructure.” The types of information collected here will include any threats against energy production systems, operational technology networks (SCADA and other industrial control devices) and similar systems that could impact the resiliency of the U.S. energy grid.

Information sharing: CESER will serve as a centralized information hub for threats from nation states, bad actors and other potential vulnerabilities to the U.S. energy grid. A key part of this is the dissemination of information to the membership of the Cybersecurity Risk Information Sharing Program (CRISP), a voluntary public-private partnership whose members provide over 75 percent of electricity to U.S. customers. Opportunities here will include the ability to easily organize, share and distribute information to energy grid stakeholders to ensure there are no major interruptions to the delivery of electricity to U.S. consumers.

Cyber situational awareness: CESER will monitor who and what are planning to attack the U.S. and ensure that states, localities, and private operators of the energy grid know if anything is happening in real-time. Projects like the Cybersecurity for the Operational Technology Environment (CYOTE) provide real-time observation of anomalous traffic on networks and can identify if threats are imminent. There’s a chance here for industry to help with networking monitoring tools and penetration testing of energy networks.

This new office has asked for more than $180M in the FY19 budget request, so there’s a sizable amount of opportunity here for technology vendors who sell into DOE. Make sure to tailor your message around cyber situational awareness and threat intelligence and you’ll likely have success selling into the new organization at Energy!

Interested in finding our more about cybersecurity trends in government? Attend the 5th Annual Government IT Sales Summit on November 15, 2018 in Reston, Virginia. 

This story originally appeared on immixGroup’s Government Sales Insider Blog.