The United States faces persistent and increasingly malicious cyber campaigns against both the public and private sectors that threaten American security, economic well-being, and privacy. Federal agency staff are facing increasing pressures to defend their facilities, control systems, and operational technologies against cyber intrusion. But how do staff know where they have areas of weakness that might be introducing vulnerabilities into their networks? This Federal Energy Management Program (FEMP) training, part of a series on cybersecurity, will focus on how to conduct cybersecurity self-assessments that can evaluate a facility's policies and practices and help identify areas of potential weakness.
FEMP Cyber Series: 1 Understanding Management's Cybersecurity Priorities
FEMP Cyber Series: 2 Find Cybersecurity Gaps to Manage Cybersecurity Risk
FEMP Cyber Series: 3 Focusing on Connected OT Cybersecurity Risk
Jason Koman, Energy Technology Program Specialist, U.S. Department of Energy Federal Energy Management Program (FEMP) Read Bio
Jason Koman is an Energy Technology Program Specialist at the Department of Energy's (DOE) Federal Energy Management Program (FEMP). He leads FEMP's work focused on Grid-Integrated Efficient Buildings (GEBs), water sustainability and resilience, and cybersecurity. Jason began his career in the non-profit space with the Clinton Foundation as a global program manager for energy efficient, low carbon buildings. Moving into the private sector as a consultant to the US Department of Energy during the Obama and Trump administrations, Jason rose to the role of managing director at RE Tech Advisors, leading a team of 30+ consultants to deliver sustainability programs for the US EPA and DOE. Jason decided to return to DOE in 2021 to focus on decarbonizing federal government infrastructure and helping agencies meet their sustainability goals under the Biden administration. He holds a Bachelor's in Public Policy from Trinity College, Hartford and a Master's in Public Policy from the University of California, Berkeley.
Christopher Bonebrake, Energy Cyber Program Coordinator, Pacific Northwest National Laboratory (PNNL) Read Bio
Christopher Bonebrake graduated from Washington State University with a bachelor's degree in Electrical Engineering in 2002 and a master's degree in Electrical Engineering in 2004. He has been working for PNNL since 2002 on various projects such as analog electronics and system design on chemical and radiation detection systems, industrial control systems, commercial Energy Management Systems (EMS), supervisory control and data acquisition (SCADA) equipment, power system simulation and analysis using lab-based tools, and cyber security events and training related to energy delivery systems. He is currently the Energy Cyber Program Coordinator and working on the cybersecurity of energy delivery systems.
Md Touhiduzzaman, Cyber Security Engineer, PNNL Read Bio
Md Touhiduzzaman is a Cyber Security Engineer in the Electric Security group at the Pacific Northwest National Laboratory with the research focuses on grid cyber system modeling, grid communication network, cybersecurity assessment (CSF, RMF) as well as analysis of cybersecurity consequences and threats on grid. Before joining PNNL, Touhiduzzaman was at National Renewable Energy Laboratory (NREL) as an energy cyber security researcher. In NREL, Touhiduzzaman co-led the research and development of the DER cyber security framework (DER-CF) and DER risk management framework (DER-RM) tools. He also co-led the effort of developing Cyber Value-at-risk framework for hydropower fleet and understanding the security benefit of 5G for DER operation. Touhiduzzaman was at PNNL as a post-doctoral researcher involved in developing risk assessment frameworks for externally exposed energy delivery systems, and conducting research on risk management framework for improving cyber resiliency.
Cliff Glantz, Senior Staff Scientist, PNNL Read Bio
Cliff Glantz is a senior staff scientist and project manager with PNNL's Energy and Environment Directorate. Mr. Glantz's research focuses on critical infrastructure protection, cyber and cyber-physical security, risk management, consequence assessment modeling, and emergency response and preparedness. His recent work supports a broad array of national and international projects. This includes projects conducted for various DOE offices (including DOE-OE, NA-20, and NA-40), the DoD, State Department, DHS, NRC, and the IAEA. He is the former Chair of the DOE Subcommittee on Technical Analysis and Response Support (STARS) and coordinated its many working groups. He has authored over 200 publications and conference presentations and developed numerous products and tools since joining PNNL in 1982.
Upon completion of this training, attendees will be able to:
- Identify available FEMP resources for facility energy cybersecurity;
- Identify the 5 domains of the NIST Cybersecurity Framework that together support the creation of a holistic and successful cybersecurity plan;
- Recognize the 7 steps of the NIST Risk Management Framework; and
- Recognize what a maturity model is and how a cybersecurity maturity model may help you evaluate your facility's relative maturity.