Energy CIO readies a cybersecurity strategy

Energy CIO readies a cybersecurity strategy

John Gilligan, Energy

By Frank Tiboni

GCN Staff

Energy Department chief information officer John Gilligan will release an early version of DOE's new cybersecurity plan next month.'
The plan will include a consistent policy on classified and unclassified computing, a rapid training initiative to be deployed within six months, a cybersecurity architecture for all Energy labs, and an R&D plan for computer security tools, Gilligan said last week.

'I have accelerated our efforts ever since Secretary Bill Richardson gave me full responsibility for cybersecurity in mid-May,' he said.'' Richardson's security reforms, developed in the wake of the Los Alamos espionage scandal, included giving computer security oversight to Gilligan [GCN, May 24, Page 1].

Shake it up

The reforms also realigned the CIO's office under the new Office of Security and Emergency Operations, headed by former Air Force Gen. Eugene E. Habiger [GCN, June 28, Page 1].

Gilligan has assembled a team
of contractors'Booz, Allen & Hamilton Inc. of McLean, Va., Electronic Data Systems Corp. and Mitre Corp. of Bedford, Mass.'to help him develop the plan. After releasing the early version, Energy will fine-tune the plan and issue a final version in late September. Gilligan said he also will hold an industry day to get additional input.

The Energy CIO said the heightened computer security effort would cost $80 million over the next two years.

Gilligan broke down the plan into four parts: policy activities, training, fielding of an operational security capability and R&D.

In the near term, Energy will update policy on unclassified computer systems, developing a set of guidelines for bureau line managers to implement.

'This will fill a void and a weakness,' Gilligan said.

By January, Energy will integrate the classified and unclassified computing policies, he said.

Time to learn

In the next six months, Energy will begin a training initiative to educate all system administrators on computer security as quickly as possible.

The entire training effort will take two years, culminating in the development of courseware on computer security. The courseware will have central control and desktop computing facets, Gilligan said.

The department plans to develop a single cybersecurity architecture and set standards for use at all sites.

Energy will increase the staff of the Computer Incident Advisory Capability at the Lawrence Livermore National Laboratory in Livermore, Calif., from seven to 25 people.

The CIAC staff will have increased responsibilities in monitoring security and providing early warning for viruses, Gilligan said.

The fielding of the operational security capability will chew up $45 million of the $80 million over the next two years, he said.


  • senior center (vuqarali/

    Bmore Responsive: Home-grown emergency response coordination

    Working with the local Code for America brigade, Baltimore’s Health Department built a new contact management system that saves hundreds of hours when checking in on senior care centers during emergencies.

  • man checking phone in the dark (Maridav/

    AI-based ‘listening’ helps VA monitor vets’ mental health

    To better monitor veterans’ mental health, especially during the pandemic, the Department of Veterans Affairs is relying on data and artificial intelligence-based analytics.

Stay Connected