Secretary Moniz visits the Office of Cyber Assessments for hands-on experience with the tools and techniques that are used by sophisticated adversaries to attack modern IT systems.
Office of Cyber Assessments
Cyber Security is becoming increasingly important in today’s technologically anchored society. Advances in information technology have made our lives easier in countless ways, but these same advances have brought us a key-stroke away from our enemies. This remains true for the Department of Energy (DOE), whose mission is to ensure America’s security and prosperity by addressing its energy, environmental and nuclear challenges. The inadvertent compromise of the DOE’s critical data could cause severe damage to the United States and its stakeholders as a whole. That is why it is imperative that the DOE protect its information from potential adversaries through a strong cyber security program.
Every minute of every day our adversaries use complex cyber-attacks in their endless attempts to destroy, disrupt, or discredit the United States government, to include the DOE. The adversary’s ultimate objective could be to steal and sell a government employees’ personal information, access classified nuclear information or worse yet, black-out a nuclear weapons facility long enough to bypass security features and gain access. The Department of Energy understands these threats and invests great effort in hardening its own high quality cyber security policies and programs. These cyber security policies and programs are put to the test and evaluated by the Office of Cyber Assessments.
The mission of the Office of Cyber Assessments is to provide feedback to internal and external stakeholders through the independent evaluation of the effectiveness of cyber security policies and programs throughout the U.S. Department of Energy. In other words, they are the team of cyber experts that think like and mimic the adversary in order to beat potential real-world adversaries to the punch.
In order to better protect the DOE’s cyber infrastructure, the team plans and conducts a variety of announced and unannounced cyber review activities that incorporate a broad range of cyber threats and scenarios in order to provide a complete and realistic evaluation of cyber security readiness. They also develop and validate cyber review results in reports that identify findings and opportunities for improvement. Once a review is conducted and opportunities for improvement are identified, the Office of Cyber Assessments performs follow-up cyber reviews to ensure site-specific corrective actions are effective. Lastly, the team conducts complex-wide reviews of cyber security programs to enhance the overall effectiveness and efficiency of these programs with particular focus on the insider threat.
The Office of Cyber Assessments will achieve its mission by continuing its role, previously under the office of Health, Safety and Security (HSS) and now within the office of Independent Enterprise Assessments (IEA), as the leading cyber security asset for the Department of Energy. The team leverages over 300 years of collective expertise while employing core values to produce actionable information for DOE stakeholders. Our adversaries won’t rest and neither will we.