Energy CIO readies a cybersecurity strategy

Energy CIO readies a cybersecurity strategy

John Gilligan, Energy

By Frank Tiboni

GCN Staff

Energy Department chief information officer John Gilligan will release an early version of DOE's new cybersecurity plan next month.'
The plan will include a consistent policy on classified and unclassified computing, a rapid training initiative to be deployed within six months, a cybersecurity architecture for all Energy labs, and an R&D plan for computer security tools, Gilligan said last week.

'I have accelerated our efforts ever since Secretary Bill Richardson gave me full responsibility for cybersecurity in mid-May,' he said.'' Richardson's security reforms, developed in the wake of the Los Alamos espionage scandal, included giving computer security oversight to Gilligan [GCN, May 24, Page 1].

Shake it up

The reforms also realigned the CIO's office under the new Office of Security and Emergency Operations, headed by former Air Force Gen. Eugene E. Habiger [GCN, June 28, Page 1].

Gilligan has assembled a team
of contractors'Booz, Allen & Hamilton Inc. of McLean, Va., Electronic Data Systems Corp. and Mitre Corp. of Bedford, Mass.'to help him develop the plan. After releasing the early version, Energy will fine-tune the plan and issue a final version in late September. Gilligan said he also will hold an industry day to get additional input.

The Energy CIO said the heightened computer security effort would cost $80 million over the next two years.

Gilligan broke down the plan into four parts: policy activities, training, fielding of an operational security capability and R&D.

In the near term, Energy will update policy on unclassified computer systems, developing a set of guidelines for bureau line managers to implement.

'This will fill a void and a weakness,' Gilligan said.

By January, Energy will integrate the classified and unclassified computing policies, he said.

Time to learn

In the next six months, Energy will begin a training initiative to educate all system administrators on computer security as quickly as possible.

The entire training effort will take two years, culminating in the development of courseware on computer security. The courseware will have central control and desktop computing facets, Gilligan said.

The department plans to develop a single cybersecurity architecture and set standards for use at all sites.

Energy will increase the staff of the Computer Incident Advisory Capability at the Lawrence Livermore National Laboratory in Livermore, Calif., from seven to 25 people.

The CIAC staff will have increased responsibilities in monitoring security and providing early warning for viruses, Gilligan said.

The fielding of the operational security capability will chew up $45 million of the $80 million over the next two years, he said.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected