CESG Connections Magazine 2020 Issue | Page 25

" COLLABORATION NOT ONLY IS VITAL, BUT WE PLACE THE HIGHEST VALUE ON OUR DISCIPLINED RELATIONSHIPS WITH FEDERAL, STATE, AND LOCAL GOVERNMENT PARTNERS. government, but our experience not only is positive, it is vital to the security of our operations. It also is complex. Take law enforcement: 18 states, [and] local law enforcement within each of these. At the federal level, add DOE, Justice Department, FBI, and obvious national security agencies. It seems daunting, but it works, and we highly value the critical and efficient collaboration we receive from our federal and state government partners. WHAT IS THE EXTENT TO WHICH DOMINION USES COMMERCIAL OR PUBLIC CLOUD SERVICES, AND HOW DOES THAT INTERSECT YOUR ROLE AND RESPONSIBILITIES? We operate on a hybrid cloud, which gives us greater flexibility depending on application use and security risk. In today’s world, it simply isn’t practical for any large business to maintain a private cloud for all operations. REGARDLESS OF TECHNOLOGY OR TRAINING, INSIDER THREATS OFTEN PRESENT THE MOST CHALLENGING VARIABLE IN CYBERSECURITY. HOW DOES DOMINION ADDRESS THIS? That’s a big one. Since joining Dominion last year, we added an Inside Threat Program, which is important for many reasons. One being the service we provide to sensitive DoD and other federal facilities. We are also trying to use this as a jumping off point by establishing a corporate insider threat program that will safeguard the company. I have great confidence in the disciplined cybersecurity platform we maintain and continually evolve, but if one variable “keeps me up at night,” it is the mandated connections " to our grid we incorporate via alternative energy sources, be these wind, solar, or others. We don’t control those environments— therein lies my concern. We all recognize that regardless of how tight your security, there is no perfect environment, and vulnerabilities, to some degree, always exist. We do standard cybersecurity training— phishing simulations and training for leaders across the organization on how to have more informed discussions with their work units. We want to build a culture of protection in our leadership that will trickle down into the workforce. We’re actually positioned to manage the network relatively well, since we’re not public facing and we’re purely domestic. HOW DO ADVANCED TECHNOLOGIES—AI AND 5G IN PARTICULAR— FACTOR INTO DOMINION’S SECURITY FRAMEWORK? My hope is that American companies are vigorously engaged in pursuing 5G technology. We need to lead so we don’t have to rely on other sources that might not have our best interests at heart. In machine learning, we’re already there. One example is our use of automated tools to assess threats on the outer perimeter of our network, which, as I said, is so essential to Dominion’s security framework. Adam Lee is participating in CES Government on the “Cyber 2020 Global Threat Matrix” Executive Roundtable and the January 10th plenary keynote panel on “Cyber Security and Critical Infrastructure: Energy.” MEET ADAM LEE As Dominion Energy's first Chief Security Officer, Adam Lee is responsible for all physical and cyber security across Dominion’s national footprint. He directs development and implementation of all policies and procedures that protect both physical and cyber assets. He is point for interaction with government and all levels of law enforcement, and he is charged with privacy governance and compliance with all security regulations, laws and evolving protocols. He brings to his position more than 20 years senior executive experience with the FBI, most recently as Special Agent in Charge for the Richmond, Virginia office.