SAN FRANCISCO — The Department of Energy’s cybersecurity office wants to focus on educating both technical and non-technical energy-sector stakeholders in the course of the next year.
“Awareness is a key issue. Right now, everyone is very ... focused on their own silo and you don’t realize how the supply chain impacts you,” said Sean Plankey, the principal deputy assistant secretary for cybersecurity, energy, security and emergency response at the Department of Energy.
Plankey said that the department is going to expand three education programs that it uses to interact with both universities and private industry.
The defensive and espionage missions undertaken by the National Security Agency require efforts from some of the top tech operators in the world, and these operators must come from somewhere. Enter the NSA's partner institutions — designated Centers of Academic Excellence.
“We have to find better ways to understand and close that skills gap in operational technology,” Plankey said at the RSA Public Sector Day 2020. “It’s not up to the schools to do this.”
In 2020, the Energy Department wants to make data available from its national CyberForce competition, an annual contest hosted at all the national labs where university teams defend networks from red teams. About 120 schools participate, creating a hiring pipeline for the labs and the rest of the department.
“You should be able to hire off that pipeline knowing what these students and professionals went through in this competition,” Plankey said.
Energy is also looking at expanding its CyberStrike program, a hands-on industrial control system training. That training includes nontechnical officials, including first responders and the local FBI field office.
The department wants to expand that program from 15 training events to 150.
“We want the people that will be working together in an emergency to understand what each other is thinking,” Plankey said.
The department also wants to up investment in its Consequence-driven, cyber-enabled engineering program, run out of Idaho National Labs. In this program, the lab brings together technical and non-technical operators to teach them how nation-state actors target their networks and supply chain.
This year, the department wants to train up to 2,000 people.
The effort by the department is part of a broader, whole-of-government approach to bolster the lack of cybersecurity skills in the workforce, a problem that troubles both the private and public sector. At the federal level, the Office of Management and Budget has started a cyber reskilling academy for federal employees, but found limited success due to issues with hiring requirements for feds.
These are problems that government and private industry need to work together to solve.
“A threat to one is a threat to all in this space,” Plankey said.