Cyber center advances Energy’s understanding of, defense against threats

Rod Turk, the Energy Department's associate chief information officer for cybersecurity and chief information security officer, said the Joint Cyber Coordinatio...

The Energy Department’s Joint Cyber Coordination Center was born out of a major cyber attack that impacted more than 50,000 of its employees.

Now the JC3 is providing more cybersecurity capabilities and a better understanding of the threats the agency faces than first imagined.

Rod Turk
Rod Turk, the Energy Department’s associate chief information officer for cybersecurity and chief information security officer, said during the center’s first year, the department focused on building the foundation for better information sharing. Now, Turk said Energy is focused on putting in the amenities that will have the greatest impact on how the agency protects and defends its computer network and systems.

“JC3 is not a security operations center in the strictest sense,” Turk said. “What we are concerned with in JC3 is the collaboration amongst all of our sites with the

sharing of information. As incidents occur at different sites, we can then share that information, wrap around it maybe some classified information that rounds out the thought process of what’s actually going on, and then share that information across the enterprise. We are basically telling our components that this is something we are seeing at this particular site and it may transition to your site, and here are the signatures, here are the scripts and here are the different indicators of compromise that we are seeing. It gives early warning activity for our other components and hopefully they can put up their defenses and then preclude an exfiltration or infiltration at the other site.”

While JC3 hit initial operating capability in 2014, Turk said he expects the more advanced capabilities to come in fiscal 2016.

“We are continually looking at innovative tools, innovative procedures, innovative ways of gaining information to provide that early warning capability to our components,”

he said. “We are continually working the program for JC3 to develop a certain maturity level for the way things are today. When you consider that, tomorrow may be a different day and some of the things we are seeing tomorrow will drive different technologies, different thoughts and processes for how to be resilient in keeping out systems up and keeping them available for our users.”

Over the last years, Turk said Energy invested heavily in advanced analytical capabilities, including bringing in experts with cyber forensics and analysis skills.

“We also are working very closely with many of our labs. In this type of coordination center, you are talking about building the relationships that you need to be able

to do the job that you need to do,” he said. “For example at Los Alamos, we’ve brought them on board to help us with many of our malware analysis and reverse engineering to be able to take a look at what’s happening within our networks. We also have a very close relationship with the National Nuclear Security Administration (NNSA) and we work very close with them and their Information Assurance Response Center in Las Vegas and things they are doing out there for the protection, cyberwise.”

Additionally, Turk said JC3 works with the Office of Intelligence and Counter Intelligence. He said they are standing up a new cyber intelligence unit.

“It’s a group of folks and tools that enhances our open source and sensor data with classified information so basically we are providing a full package of information,”

he said. “We’ve developed a closer relationship with what our intelligence community is doing so we can get that information. We do have some folks that we are hiring, both contractors and federal employees within the JC3 as we mature. Having the awareness of our JC3 people and closely related through that cyber intelligence unit brings a real interesting and collaborative process to what we are trying to do with the rest of our lab.”

Turk said the cyber intelligence unit is in place today and the JC3 is using classified data to help protect Energy’s networks.

Energy has been building up the capabilities within the JC3 over the last year or so.

After sustaining a major cyber breach in July 2013 that exposed the data of 53,000 employees, Energy took several steps to change its approach to cyber.

Along with the JC3, Energy created a tool to look for outdated software and update it so it doesn’t become or is no longer a security risk.

This entire cyber effort rolls under the umbrella CyberOne program. Turk said recently the program moved into the major program category, meaning it’s broader than just

cyber information sharing, but includes several initiatives around incident management, identity control and access management and others.

In 2015, Energy expects to spend more than $15 million on capabilities under CyberOne, according to the department’s budget documents.

Turk said Energy is funding the JC3 and CyberOne through a working capital fund that each of its components puts money into to further develop its capabilities.

RELATED STORIES:

Energy ups number of employees at risk after cyber attack to 53,000

Energy rebounds from cyber attack thanks to new IT asset tracking tool

Energy’s new plug-and-play technology infrastructure

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.