Episode 66

Developing the Collective Defense with Ann Dunkin, CIO at the U.S. Department of Energy

00:00:00
/
00:38:25

August 9th, 2023

38 mins 25 secs

Your Host

About this Episode

Ann Dunkin, Chief Information Officer (CIO) at the U.S. Department of Energy (DOE), joins Carolyn and guest host Willie Hicks to discuss the National Cybersecurity Strategy and what it takes to secure a large agency like the DOE, as well as how agencies balance cybersecurity compliance and risk management. She also highlights the DOE's role in the Partnership for Transatlantic Energy and Climate Cooperation (P-TECCC) and the agency's relationship with its industry partners.

Key Topics

  • [01:47] - Affect of the National Cybersecurity Strategy on DOE Modernization Initiatives
  • [07:59] - Risk vs. Compliance
  • [14:17] - Protecting a Large Agency like DOE vs. Smaller Agencies
  • [16:49] - P-TECC Overview & DOE's Work with P-TECC
  • [23:14] - Implementing Lessons Learned from the Global Community
  • [26:11] - DOE Modernization Efforts & The Role of Public-Private Partnerships
  • [30:26] - Where Industry Can Improve
  • [36:03] - Tech Talk Question

Quotable Quotes

On the Collective Defense: "The principles of collective defense, which underlie the cybersecurity strategy are incredibly important. That concept that we can't individually be safe, we have to work together. Once upon a time, you'd say, oh, if my cybersecurity's better than the guy down the street, they'll go down the street and forget about me. And we just can't do that. We're too interconnected. There's too much work we do together. There's too many interconnections between our systems. We absolutely positively have to develop that collective defense. In addition, part of that collective defense is ensuring that the burden of defense falls to those most able to deliver on that." - Ann Dunkin

On balancing risk vs. compliance: "The reality is we can't do all the compliance. And so we absolutely have to look at risk to prioritize it. But I would argue that you should always look at your risk and balance that against your compliance exercises. Because number one, if you do all the compliance and then you start risk mitigation, you may be missing something big. But number two, because you probably don't have enough money to do all the compliance anyway." - Ann Dunkin

On workforce development: "I firmly believe that we need pathways to move people in between the private and public sectors. And we need to make it easier for people to cycle between those places over the course of their career to leave government, to come back to government and to learn from each other. And also for the government through DOE and through other places to help build a workforce within the government that looks like America. And then to help the rest of America grow their workforce capabilities." - Ann Dunkin

About Our Guest

Ann Dunkin serves as the Chief Information Officer at the U.S. Department of Energy, where she manages the Department’s information technology (IT) portfolio and modernization; oversees the Department’s cybersecurity efforts; leads technology innovation and digital transformation; and enables collaboration across the Department. Ms. Dunkin is a published author, most recently of the book Industrial Digital Transformation.

Episode Links