DOE Cybersecurity Is a Mess, According to Senate Panel
Posted at 1:13 p.m. on July 28, 2014
There are 11 different places in the Energy Department budget that contain cybersecurity funding for energy, science and environmental missions. That’s too messy for the Senate Appropriations Committee, which wants to see all of that nearly $150 million consolidated into one place.
DOE plays the lead federal role in securing the computer networks of the electricity grid, which, according to a recent study, is in grave danger and in need of seriously improved protection.
In the Senate panel’s fiscal 2015 Energy and Water spending bill, there’s a total of $304 million in cybersecurity funding for the Department of Energy, with $155 million going to the National Nuclear Security Administration and $149 million going to the energy/science/environmental missions.
But the NNSA money is all coordinated by one official.
To be fair, the Senate committee’s bill report — released late last week — praises DOE for making an effort at coordinating cybersecurity with a newly-created Cybersecurity Council.
“However, the Committee is concerned by the lack of transparency in funding cybersecurity activities and the lack of a single senior official responsible for managing those funds based on strategic priorities,” it states. “Currently, cybersecurity activities for energy, science, and environmental missions are funded in 11 different accounts. The Committee believes the Department of Energy should follow NNSA’s example of consolidating cybersecurity activities and funding authority to one person under one funding account.”
That leads to this command: “The Committee directs the Department of Energy to consolidate cybersecurity funding for energy, science and environmental missions under the Chief Information Officer within Departmental Administration starting in the fiscal year 2016 budget request. The Committee expects the budget justification to include a detailed breakdown of cybersecurity activities across the Department.”
And the panel offered an extra note on cybersecurity as it pertains to the electricity grid:
The Committee remains concerned that Nation’s electrical infrastructure remains vulnerable to cyber threats. The Department has taken important steps to develop analytical and security tools with industry partners to increase situational awareness and overall resilience of the grid. Funds provided are to expand these collaborative efforts and increase the deployment of necessary tools. Ongoing coordination with the Department of Homeland Security and the Federal Energy Regulatory Commission should also be a priority.