Government DOE CIO Talks to SecurityWeek About Cybersecurity, Digital Transformation
The Department of Energy and Cybersecurity Role
Ann Dunkin, the CIO at the US Department of Energy (DOE), recently spoke at Israel’s Cyber Week about her responsibilities as the head of IT and cybersecurity at the DOE. The DOE is responsible for managing and maintaining the US Government’s nuclear stockpile, nuclear non-proliferation efforts, and building nuclear propulsion for submarines. Additionally, the department operates the electricity grid in 35 US states and manages the radio frequency spectrum required for its operations.
Dunkin emphasizes the importance of cybersecurity oversight in her role, highlighting the need for IT and security to work hand-in-hand. She rejects the idea that there is a conflict of interest between the CIO and CISO roles, stating that they should be strong partners with a unified cybersecurity program. She points out that Congress has mandated that CISOs should report to CIOs in the federal government to ensure alignment and shared drivers for performance.
Digital Transformation and Security
Dunkin discusses the DOE’s digital transformation program and its impact on IT and security. She explains that the goal of digital transformation is to design solutions that are user-friendly and intuitive, as well as to replace old legacy technologies that are difficult to secure. She highlights the use of cloud services, such as those provided by Microsoft and Google, as a way to improve security by leveraging their expertise.
While digital transformation introduces new risks, Dunkin believes that a defense-in-depth approach is the key to mitigating these risks. She mentions the use of the Federal Risk and Authorization Management Program (FedRAMP) to evaluate the security of cloud products and services. Multi-factor authentication (MFA) and a zero trust approach are also crucial in securing applications and data.
Evaluating Emerging Threats
When asked about unknown threats and mitigation strategies, Dunkin cites the supply chain as a high-risk area that requires a comprehensive risk management program. She mentions the use of Software Bill of Materials (SBOMs) to mitigate supply chain risks. Additionally, she emphasizes the importance of rapid response to zero-day vulnerabilities and continuous patching.
Dunkin acknowledges the increasing speed and scale of cyberattacks, without specifying any particular types or attackers. She notes that artificial intelligence (AI) has the potential to benefit both defenders and adversaries. Defensive AI is seen as another layer of defense to counter adversarial AI.
Conclusion
Ann Dunkin, as the CIO of the Department of Energy, provides valuable insights into the intersection of cybersecurity and digital transformation. She emphasizes the need for collaboration between IT and security, as well as the importance of a defense-in-depth approach to mitigate emerging risks. Dunkin’s perspective on the evolving threat landscape and the role of AI in cybersecurity highlights the need for continuous adaptation and improvement in defense strategies.
<< photo by Paul Frenzel >>
The image is for illustrative purposes only and does not depict the actual situation.
You might want to read !
- Aiming for Peace: The Imperative of an AI Arms Control Treaty
- Evaluating the Effectiveness of Side-Channel Attack Mitigations: MIT Introduces New Framework
- UAE and Israel Join Forces to Combat Cyber Threats: A Game-Changing Intelligence Partnership
- Fluhorse: Unveiling the Flutter-Based Android Malware Threat
- Saudi Arabia’s Cyber Capabilities: Unveiling the Kingdom’s Rise to Cyber Power
- The Rising Threats of Expanding SaaS Usage
- The Digital Tightrope: Unveiling the Mounting Stressors Faced by CISOs