Presented by

Hosted by

Welcome Remarks

Steve LeSueurContributing Editor, 1105 Government

Information Group

Opening Keynote:

Creating Trusted Digital Infrastructures--Practical Enterprise Experience

Gil VegaAssociate CIO for Cybersecurity and Chief

Information Security Officer, Department of Energy

A New Reality

Trusted Digital Infrastructure

Gil VegaAssociate CIO for Cybersecurity & Chief Information Security Officer

5U.S. Department of Energy | Office of the Chief Information Officer

The Fading Reality

6U.S. Department of Energy | Office of the Chief Information Officer

“If you protect your toothbrushes with the same zeal that you protect your diamonds, you’ll lose less toothbrushes

but more diamonds.”

– McGeorge Bundy

The New Reality

“Hear that Mr. Anderson? That is the sound of inevitability. That is the sound of your death. Goodbye,

Mr. Anderson,”

– Agent Smith “The Matrix”

Today...

• A little more background… why would you listen to me?

• Real Threats, Real Experiences…

• A CISO’s approach to…

• Leaving you with some thoughts…

7U.S. Department of Energy | Office of the Chief Information Officer

8U.S. Department of Energy | Office of the Chief Information Officer

The DOE is a nation-wide collection of nearly 100 national laboratories, production plants and

environmental clean-up sites

Operations Offices

Production/Cleanup

Laboratories

Field Offices

Site/Project Offices

Special Purpose Sites/Offices

Power Administrations

Service Business Center

U.S. Department of Energy | Office of the Chief Information Officer 9

ENERGY SCIENCE NUCLEAR SECURITY

DEPARTMENT OF ENERGY PROGRAM PORTFOLIO

10U.S. Department of Energy | Office of the Chief Information Officer

“DOE has Nuclear Weapons information and responsibility for the Energy Grid… The United States’ military, economic and social fabric has

become inextricably dependent on an Information Technology infrastructure that is inherently

insecure. What is the most likely threat to U.S. with greatest impact on our way of life? WMD?...or

Cyber Attack?…”

-- Robert Osborn, DOE NNSA CIO

11U.S. Department of Energy | Office of the Chief Information Officer

The Department of Energy is a government-owned contractor-operated (GOCO) enterprise.

National laboratories provide unique technical capabilities to the government that cannot be effectively met industry, academia, or government in-house resources.

The GOCO model gives the national laboratories greater flexibility than most government organizations in operations, and in attracting and retaining a diverse and highly skilled technical workforce across a wide range of disciplines.

The national laboratories are the Department’s strong long-term partners, supporting the diverse research and development needs our missions demand.

Innovation

12U.S. Department of Energy | Office of the Chief Information Officer

13U.S. Department of Energy | Office of the Chief Information Officer

“[The DOE National Labs] are the crown jewels of American innovation,

which is also why they’re prime targets for hostile entities…”

-- Daniel B. Poneman, Deputy Secretary of Energy

14U.S. Department of Energy | Office of the Chief Information Officer

Real Threats…

Script Kiddies

Cyber Criminals

Nation States

15U.S. Department of Energy | Office of the Chief Information Officer

Real Experiences…

Oak Ridge National Lab

Pacific Northwest National Lab

Jefferson Lab

16U.S. Department of Energy | Office of the Chief Information Officer

What did we learn…

“In a time of drastic change it is the learners who inherit the future. The

learned usually find themselves equipped to live in a world that no

longer exists.” – Eric Hoffer

Oh yeah, we did learn…

17U.S. Department of Energy | Office of the Chief Information Officer

DOE CISO view…

Risk Management

Approach (RMA)

DOE Joint Cybersecurity

Coordination Center (JC3)

DOE Cyber Sciences

Laboratory (CSL)

Cloud Transformation

(RightPath)

Leading Edge Initiatives, such as Supply

Chain, E-RAMP

Parting thoughts...• There’s danger in multi-level security environments

18U.S. Department of Energy | Office of the Chief Information Officer

• Monitor events 24x7x365

• Accept that intrusions have occurred and will continue…• Social engineering is a sure-bet even with great security

• Prepare … focus on quick detection … triage … containment

• Stay the course … slow and steady wins the race…• Understand your mission and business areas … partnership• Good Governance and appropriate policy really works…

• It’s about the data … it’s about the people (good or bad) who have access to your data

Wrap up…

19U.S. Department of Energy | Office of the Chief Information Officer

Gil VegaChief Information Security Officer

U.S. Department of Energy | Office of the Chief Information Officer

The Science and Economy of Global Cyber

Resilience in Today's Threat Environment

Dr. Phyllis SchneckVice President and Chief Technology Officer,

Global Public Sector, McAfee

Ask the Experts Discussion:Focus on Enterprise Risk Management -- From the Data Center to the

Mobile Device

Steve LeSueur (Moderator)Contributing Editor, 1105 Government Information Group

Bob KimballCTO, Ciena Government Solutions

Rob RoyFederal ESP Chief Technology Officer, Enterprise Security Products, Hewlett-

Packard

Richard TowleDirector of Northeast Region, Federal Government, and Eastern Canada, FireMon

Closing Remarks

Steve LeSueurContributing Editor, 1105 Government

Information Group