Cybersecurity Basics for Energy Managers  

Education Type: 
1.5 Hours


0.2 CEU

This Energy Exchange recorded session* provides a high–level overview of controls systems cybersecurity. It explains how operating technologies can pose unique challenges for cybersecurity and how legacy systems, IoT integration, and operational technology (OT) architecture priorities require a different approach relative to traditional IT cybersecurity.


Daryl Haegley, Cybersecurity Risk Management, Pacific Northwest National Laboratory (PNNL)  

Daryl Haegley has more than 30 years of military, federal civilian, and commercial experience. He currently oversees the cybersecurity risk management effort to cyber secure real property, geospatial, and energy systems for the U.S. Department of Defense (DoD). He leads DoD policy, security assessments and system authorization process improvement developments for control systems/platform information technology systems. He also leads the development of the Cybersecurity of Facility Control Systems Unified Facilities Guide, cyber range requirements, and the DoD processes and integrates capabilities needed to systematically track, analyze, secure, and report facility energy and related data. He maintains four certifications, three master's degrees, two college tuitions, and one patent.

Doug Clifton, Executive Director, Ernst & Young LLP's Cyber Threat Management Group  

Doug Clifton is an executive director in Ernst & Young LLP's Cyber Threat Management group, which is based out of Dallas and focused on cybersecurity in the industrial/operational technology. Doug has more than 28 years of experience in technology delivery and leadership roles, focusing during the last 14 years on building and managing cybersecurity service businesses for industrial control and SCADA systems. Doug developed a cybersecurity services business in the industrial automation space over the last 12 years and has led and executed more than 550 cyber defense projects. Doug has met with White House staff regarding industrial control system security and has worked with clients to build and strengthen their cybersecurity safeguards.

Marianne Meins, Vice President, Parsons Federal Global Business Unit  

Parsons delivers, protects, and sustains critical federal assets across the national security, defense, intelligence, and infrastructure markets worldwide. Marianne has more than 25 years of experience leading national security mission initiatives supporting intelligence, defense, and homeland security solutions development. Since joining Parsons in 2015, she has served as the cyber intelligence and operations sector manager and business development manager for the National Security Division. Previously, she held several executive positions in industry, leading and growing profit-and–loss organizations for large and small businesses, all focused on national security missions.

Matt Lemma, Software Executive, U.S. Department of Defense, Healthcare, and Financial Services industries  

Matt Lemma is a software executive with 19 years supporting the U.S. Department of Defense, Healthcare, and Financial Services industries. He has managed $70–million organizations including software development, managed services, and cloud implementation resulting in multiple certifications including ISO 9001, ISO 20001, CMMI ML3 and CMMI ML5. As a former CIO of a software–as–a–service (SaaS) company, Matt holds CISSP, ITIL, PMP, and CPHIMS certifications, which provide a baseline of industry leading knowledge.

Learning Objectives

Upon completion of this course, attendees will understand:

  • The fundamental difference between the priorities of OT and information technology (IT) from a cyber perspective;
  • The process for achieving authority to operate for legacy controls systems;
  • The basic differences between DIACAP and NIST as they relate to controls systems compliance in DoD facilities;
  • Whether wireless systems pose a fundamental threat or if they can be safely implemented in some applications; and
  • Whether controls networks can reside on existing IT networks or if isolation is a fundamental control that cannot be overcome.

*The session featured in this on-demand course was recorded on August 21, 2018, at the 2018 Energy
Exchange held in Cleveland, Ohio (Track 10, Session 1).

Federal Agencies and Facility Criteria: