FEMP Cyber Series: 3 Focusing on Connected OT Cybersecurity Risk  

Education Type: 
1 hour
0.2 CEU
Sponsored by: 

DOE Federal Energy Management Program - FEMP

The United States faces persistent and increasingly malicious cyber campaigns against both the public and private sectors that threaten American security, economic well-being, and privacy. Federal agency staff are facing increasing pressures to defend their facilities, control systems, and operational technologies against cyber intrusion. At the same time, facilities are increasingly interested in leveraging connected devices and systems to gain additional capabilities and efficiencies, but connecting devices to the internet can pose new and confusing cybersecurity questions. What considerations for "connectedness" do staff need to keep in mind when they want to add new devices or system to their facility without introducing new vulnerabilities to their current cybersecurity posture? This Federal Energy Management Program (FEMP) training, part of a series on cybersecurity, will focus on the challenges of "connectedness" with regard to cybersecurity and provide an overview of FEMP's free FCF-IoT self-assessment tool that may help sites to identify areas of potential weakness from that connection.

FEMP Cyber Series: 1 Understanding Management's Cybersecurity Priorities
FEMP Cyber Series: 2 Find Cybersecurity Gaps to Manage Cybersecurity Risk
FEMP Cyber Series: 3 Focusing on Connected OT Cybersecurity Risk
FEMP Cyber Series: 4 Understand and Mitigate Cybersecurity Gaps


Jason Koman, Energy Technology Program Specialist, U.S. Department of Energy Federal Energy Management Program (FEMP)  

Jason Koman is an Energy Technology Program Specialist at the Department of Energy's (DOE) Federal Energy Management Program (FEMP). He leads FEMP's work focused on Grid-Integrated Efficient Buildings (GEBs), water sustainability and resilience, and cybersecurity. Jason began his career in the non-profit space with the Clinton Foundation as a global program manager for energy efficient, low carbon buildings. Moving into the private sector as a consultant to the US Department of Energy during the Obama and Trump administrations, Jason rose to the role of managing director at RE Tech Advisors, leading a team of 30+ consultants to deliver sustainability programs for the US EPA and DOE. Jason decided to return to DOE in 2021 to focus on decarbonizing federal government infrastructure and helping agencies meet their sustainability goals under the Biden administration. He holds a Bachelor's in Public Policy from Trinity College, Hartford and a Master's in Public Policy from the University of California, Berkeley.

Christopher Bonebrake, Energy Cyber Program Coordinator, Pacific Northwest National Laboratory (PNNL)  

Christopher Bonebrake graduated from Washington State University with a bachelor's degree in Electrical Engineering in 2002 and a master's degree in Electrical Engineering in 2004. He has been working for PNNL since 2002 on various projects such as analog electronics and system design on chemical and radiation detection systems, industrial control systems, commercial Energy Management Systems (EMS), supervisory control and data acquisition (SCADA) equipment, power system simulation and analysis using lab-based tools, and cyber security events and training related to energy delivery systems. He is currently the Energy Cyber Program Coordinator and working on the cybersecurity of energy delivery systems.

Travis Ashley, Pacific Northwest National Laboratory  

Travis Ashley joined the Electricity Infrastructure and Buildings division at Pacific Northwest National Laboratory in 2017 as a computer scientist, primarily researching in residential energy efficiency applications and cybersecurity. His research in cybersecurity focuses on critical infrastructure protection, focusing on improving the maturity of the cybersecurity posture of the facilities that supply critical services. He has contributed to the development of the Mitigations of Exposed Energy Delivery System (MEEDS) attack surface management tool was primarily through identifying exposed devices using Python. He also contributed to the development of the Facility Cybersecurity Framework (FCF) training tools through designing cyberattack scenarios and mapping cybersecurity policy controls to the various stages of the attack. He is currently pursuing his Master's degree in Cybersecurity and is a member of the IEEE Computer Society.

Penny McKenzie, Cyber Security Engineer, PNNL  

Penny McKenzie is a Cyber Security Engineer for Pacific Northwest National Laboratory. She has expertise in network monitoring and intrusion detection of Industrial Control Systems (ICS), forensics analysis, policy and regulation determination for incident response for ICS, incident handling procedures, convergence of cyber and physical security, and Internet of Things (IoT) cyber security with an emphasis in intrusion detection and secure coding practices. Her current research focuses on incident response, risk management framework guidance of implementation on facility related control systems, network monitoring protocols for ICS, configuration management of network sensors, cyber security policy review and implementation, cyber-physical security for federal facilities, IoT pattern of life behaviors, cyber talent recruitment and program development, and educational outreach. Penny's work supports the IAEA, the US Department of Energy, the Department of Homeland Security, Federal Bureau of Investigation, Building Technology Office, and the Department of Defense. She has supported the Office of STEM education for the last 5 years in developing an early education cyber security guidance for K-12 students and has piloted and helped develop an early career cyber security competition for students and work force professionals.

Learning Objectives

Upon completion of this training, attendees will be able to:

  • Identify available FEMP resources for facility energy cybersecurity;
  • Recognize why the Internet-of-Things can bring special cybersecurity challenges compared to traditional IT or OT devices and equipment; and
  • Identify the purpose of and how to access the FEMP FCF-IoT self-assessment tool.
Federal Agencies and Facility Criteria: