How Energy's new cyber shop will work

With the rollout of its cybersecurity and security unit and longer-term cybersecurity strategy, the Energy Department is looking to ramp up its stake in infrastructure protection, one of the agency's top cybersecurity officers said.

"We're changing the game," Jennifer Silk, the Energy Department's senior cybersecurity advisor, said at a June 8 Capitol Hill event. The DOE's multipronged strategy includes the Cybersecurity, Energy Security, and Emergency Response (CESER) office created in February, as well as programs that will address gaps in privately owned energy infrastructure.

"Energy security is a national security issue," she said.Although the Department of Homeland Security also has overall responsibility to protect the nation's 16 critical infrastructure sectors, DOE has a niche role in that mission, according to Silk. And CESER (which officials pronounce "Caesar") is part of that effort.

"Think of [CESER] as a sector-specific agency in a box," she said in her short presentation at the forum. "It shows that cybersecurity is a core duty [for DOE], not an additional responsibility."

In a brief interview after her presentation, Silk told FCW the Energy Department's CESER and threat information sharing programs will work hand in glove with DHS infrastructure-protection efforts.

"DOE is the sector-specific agency," she told FCW. "We're responsible for providing tailored expertise specific to the energy sector. The better we do that, the better we enable DHS to do its mission for the broader national risk mission. We will continue to play that supportive role."

When asked about possible conflict with DHS' Automated Indicator Sharing (AIS) program that looks to both harness private sector threat data, as well as share its own threat indicator data with industry, Silk responded that DOE has the Cybersecurity Risk Information Sharing Program (CRISP),

"That is very specific for our sector," she said. "That's where our niche is. It's a little different than AIS, but they're complementary."

The idea for CESER and CRISP, she said, is that some threat data should be tailored to specific sectors, while DHS' effort serves the broader critical infrastructure cross-sector.

When asked how DOE avoids territorial differences with DHS' threat indicator data sharing program, Silk said her agency works closely with DHS to avoid overlap and conflict while efficiently allocating resources.

"Really cybersecurity and particularly critical infrastructure is a huge challenge. It's really all hands on deck," she said. "Energy underpins everything else, so it really needs the dedicated attention of a strong sector-specific agency like ours."