SECURITY, TECHNOLOGY
AND CRITICAL
INFRASTRUCTURE:
ENERGY
AN INTERVIEW WITH HONORABLE KAREN EVANS, ASSISTANT SECRETARY,
OFFICE OF CYBERSECURITY, ENERGY SECURITY, AND EMERGENCY RESPONSE,
U.S. DEPARTMENT OF ENERGY
KAREN EVANS is a name familiar to anyone who has
spent any appreciable time working in or around government
technology. Today, Karen serves as Assistant Secretary and
the Energy Department’s cybersecurity point person for
guidance and policy affecting the nation’s energy sector.
She has also served as U.S. Chief Information Officer under
President George W. Bush, CIO for the Department of
Energy, IRM Director for the Justice Department’s Office
of Justice Programs, and a few other positions as well.
Whatever her position, cybersecurity has been a focus.
HOW DID IT START, YOUR PASSION FOR
AND INTEREST IN CYBERSECURITY?
I think cybersecurity actually chose me. Most people don’t
know this, but the Department of Justice website was the
first government website ever hacked. I was there, working
in the Department, and the date August 17, 1996 is ingrained
in me. It was a career-enhancing moment. Two weeks
later, the CIA website was hacked, and we surrendered
the stage to the Washington Post front page coverage of
that hack. But that August website hack led us to think
about evidence preservation, data protection, and records
management. That’s where it started for me, that incident.
YOU HAVE BEEN PART OF OUR COUNTRY’S
46 • CESGovernment.com
CYBER EVOLUTION IN TERMS OF LAW
AND POLICY. CAN YOU TALK ABOUT
FISMA—THE FEDERAL INFORMATION
SECURITY MANAGEMENT ACT?
Before FISMA, talk to IT managers about a security framework
governed by reasonable processes to protect against what
were the early era of cyber threats and you would get “I am an
innovator and I can’t be bothered with frameworks and process
for security.” Well that works fine right up to the point there is
a problem. FISMA put discipline into cybersecurity across the
Federal government. People paid attention. The question[s] now
moved to “What are you trying to accomplish? Who signed off?
What is the risk? and What is your risk mitigation strategy?”
The question I started asking, and have asked throughout
my career, was and remains “How do I provide the greatest
services of the Federal government through technology while
preserving privacy, records management, and security?”
CAN YOU TALK ABOUT YOUR OFFICE,
CYBERSECURITY, AND THE ENERGY SECTOR?
Sure. We learned some important lessons from 9/11.
Communications services went down because we all were
using the same tunnel, the same pipe. Different providers,
but the same delivery channel. That was an important lesson