A Department of Energy perspective: Assume the role of a Department of Energy staff analyst. Prepare a 2-3 paragraph email to the Assistant Secretary answering whether the Department of Energy should require the utilities it operates make changes to respond to this threat.
Scenario
ACME Company, USA provides a “comprehensive suite of cybersecurity services.” Its flagship offering is anti-virus software. In addition, it offers on-site consulting (sending an analyst to a company’s facility), written reports on various cybersecurity threats that clients should be aware of, penetration testing, and incident response. The ACME Company, USA has a parent, the ACME Company of Calormen.
The ACME Company, USA, includes on its Board of Directors three senior officials of the ACME Company of Calormen.
News reports and commentators state that the laws of the country of Calormen require that all data that is managed by companies subject to its laws can be accessed by its law enforcement and intelligence agencies.
There has been a steady stream of reporting in the media over the past six months that there are close connections between the leadership of the ACME Company of Calormen and the intelligence services of that country. Reports indicate that senior officials of the company often play golf with various government officials, including those in the intelligence services. Moreover, several senior leaders of the ACME Company of Calormen were previously employed by the intelligence services of that country.
Five federal agencies have contracts to use ACME Company USA products and services. Moreover, ACME Company USA has just announced a major new effort to sell its software to energy companies, financial institutions, and defense contractors.
>Please read the following before completing the assignments in this module.
1). The White House Office of the Press Secretary (2013). Presidential Policy Directive 21 (Feb. 12, 2013) (https://obamawhitehouse.archives.gov/the-press-office/2013/02/12/presidential-policy-directive-critical-infrastructure-security-and-resil).
2). Woods, B. & Bochman A. (2018). Supply Chain in the Software Era. ( See attached – Atlantic council supply_Chain_WEB)
3). United States Government (2015). The FAST Act, Section 61003. (See Attached – FAST Act 61003)
4). Case study: The CRISP project.
United States Department of the Energy (2018). The Cybersecurity Risk Information Sharing Program CRISP Fact Sheet. (See Attached – CRISP Fact Sheet)
