Mara Winn, the Deputy Director for the Preparedness, Policy, and Risk Analysis (PPRA) division of the Office of Cybersecurity, Energy Security, and Emergency Response (CESER), recently shared her insights on the US critical infrastructure's threats and vulnerabilities.
In an interview with journalists, she explained that her division works closely with the Department of Energy's International Affairs Office and the State Department to share tools and technologies with international partners and increase their resilience.
Mara Winn stressed that various cyber-attacks frequently target the American energy system. However, she has emphasized the availability of the necessary tools to handle such attacks effectively, thanks to the established partnerships within the industry. Winn further noted that the CESER's primary focus is on their preparedness for defense rather than solely on the frequency of attacks received daily.
‘Our US infrastructure is resilient, and we continuously work towards improving our defenses. We share knowledge and remain prepared for the next type of attack. Our system is robust enough to minimize the consequences of these attacks, and we prioritize keeping the lights on for all of our customers. In the energy system, we build for the long term, so we must consider threats and vulnerabilities that may arise in the next 20 years. We must take steps to protect ourselves now to ensure that our system remains resilient over its lifetime', Mara Winn noted.
Looking ahead, she believes that by working alongside stakeholders, such as federal and local government partners and industry partners, they can ensure energy security over the next five years.
'I believe that we have a comprehensive strategy in place that involves working alongside our stakeholders. We take a multi-prong approach by bringing everyone together through group discussions and meetings where we target specific threat issues. We have partners in the government at the state and local levels, as well as industry partners who are creating the components that we integrate into the system. We assess our gaps and identify mitigations that need to be put in place, some of which are federal government-driven. We also know that the industry sometimes knows best, so we make sure that they have the knowledge to create their own solutions and do their solutions in the best possible way. Through partnership and engagement, we exchange knowledge to ensure that we are making progress toward our goals. We test ourselves against our pillars through exercises and evaluate our progress to identify any gaps or knowledge that needs to be put in place'.
Deputy Director for PPRA highlighted several climate change risks, such as wildfires, flooding, and more frequent and intense storms.
Wildfires are a major concern, particularly in the West but not limited to that region. We take a lot of measures to mitigate these risks, including ensuring that our electricity transmission and distribution lines are up to code. This is important because the environment is primed for wildfires due to drought in many areas. We also worry about flooding, especially after a wildfire has occurred, as this can lead to landslides and other consequences. More frequent and intense storms are another issue we must deal with. It used to be that only certain communities were at risk, but now we understand that all communities are at risk and it's just a matter of when. Climate change affects everything from our ability to maintain our infrastructure to our generation capabilities, as we must ensure that our dams have enough water for hydro and other purposes.
Mara Winn added that it is essential to approach cybersecurity from a maturity model perspective and consider entities' diverse backgrounds and states.
'There are no one-size-fits-all solutions, but we recommend following the basics of the six best security practices, known as cyber hygiene. This includes using multi-factor authentication, not exposing unnecessary systems to the internet, and regularly changing passwords. If you have matured beyond these basics, it's important to regularly check for vulnerabilities, stay updated on the latest threats, and engage with experts. Good cyber hygiene practices among employees are also key'.
The Office of Cybersecurity, Energy Security, and Emergency Response (CESER) operates as a department within the DOE, with a primary focus on safeguarding the energy supply of the American people and addressing any emerging threats that may arise in the future. CESER is committed to enhancing the security of energy infrastructure and supporting the national security mission of the DOE. The department prioritizes preparedness and response activities to natural and man-made threats to ensure a stronger, more prosperous, and secure future for the nation.
Comments (0)