The Trump administration’s nominees to become head of cybersecurity and Inspector General (IG) at the Department of Energy (DoE) received a largely warm welcome from members of the Senate Energy and Natural Resources Committee today as the panel held a hearing to consider those and several other DoE nominations.
The committee did not vote on the nominations today, but Sen. Lisa Murkowski, R-Alaska, chairman of the committee, said she intends “to seek to move your nominations as soon as possible,” while cautioning that “the environment on the [Senate] floor is not conducive to moving nominations right now.”
Karen Evans is nominated as assistant secretary for cybersecurity, energy security, and emergency response (CESER)–a newly created position at the agency. She told senators that the energy sector, along with the communications sector, is the “lifeline” for all other critical infrastructure sectors, and that if confirmed she would seek to address both natural and man-made threats to energy infrastructure.
“It is only with the appropriate degree of preparedness and timely response to threats to our energy systems that we will reduce risks and provide needed resiliency of the electric grid for the safety and the well-being of the American people,” she said.
Evans is a former chief information officer at DoE and in 2003 was named administrator for e-government and IT at the Office of Management and Budget–a position now commonly referred to as the Federal government’s CIO. Since then she has run U.S. Cyber Challenge.
Asked by Sen. Murkowski about the challenges of setting up a new office within DoE, Evans replied that a lot of work has already been done at the agency including development of a multiyear cybersecurity plan. “A lot of the groundwork has already been done,” Evans said, adding that her focus would center on implementation and making existing plans “actionable.”
“I don’t want to admire the problem,” Evans said, but instead work on making systems more resilient, along with ways to implement response plans with the help of the private sector and state and local governments.
Asked how DoE can attract a high quality cybersecurity workforce, Evans called on her experience running U.S. Cyber Challenge and said, “DoE could really lead the way… There is a lot of innovative ways to evaluate talent.”
Evans told Sen. Cory Gardner, R-Colo., that in the “whole of government” approach to cybersecurity her position reports to the Energy Secretary but also to the National Protection and Programs Directorate at the Department of Homeland Security, and that each agency understands its roles for cybersecurity coordination.
Evans told Sen. Catherine Cortez Masto, D-Nev., that she would be partnering with DHS regarding protection of hydropower facilities, as DoE is responsible for protecting power facilities but DHS had jurisdiction over dams, and planned to “dive deep” into protection plans for water and power assets that typically employ industrial control systems technologies.
Sen. Angus King, I-Maine, urged Evans to carry to the Trump administration his opinions that the U.S. needs to have a single point of coordination for cybersecurity, and a cybersecurity defense doctrine that provides for deterrence. The nominee said she would do so.
“Everyone says whole of government, but I hear none of government, nobody is accountable, and nobody is in charge,” Sen. King said. On the issue of deterrence, he said, “We need a cyber doctrine… to make our adversaries understand they will pay for a cyber attack on this country.”
“We know a cyber attack is coming at some point… it’s the longest windup of a punch in the history of the world… the best way to prevent it is to deter it,” he said.
The DoE Inspector General nominee, Teri Donaldson, told senators that she would be independent and impartial in her work, and that she believes being responsive to the requests of Congress was “critically important” to the IG position.
