A former White House IT official tapped by the Trump administration to head a new Energy Department cybersecurity office says she intends to make the agency a more competitive recruiter for top talent.
Karen Evans, the former administrator of the Office of E-Government and Information Technology at the Office of Management and Budget under the George W. Bush administration, told senators Tuesday that she would help fill the Energy Department’s cyber skills gap.
“If I’m confirmed, DoE could really lead the way through a lot of innovative approaches to identifying talent,” Evans said, at a Senate Energy and Natural Resources Committee hearing.
Since leaving government at the end of the Bush administration, Evans has served as national director of U.S. Cyber Challenge, a public-private partnership aimed at identifying high-level cyber talent.
In order to find people with the right cyber skills, U.S. Cyber Challenge posts competitions online that can eventually lead to job opportunities.
“Based on their performance, we brought them to a boot camp. What we tried to do was open up that aperture so that they can see all the possibilities of what they can do in a cybersecurity professional job,” Evans said.
Over the longer term, Evans said U.S. Cyber Challenge has worked with colleges and universities to reshape their curriculums and bolster STEM programs.
Sen. Catherine Cortez Masto (D-Nev.) said federal agencies have had a difficult time luring potential employees away from private industry, which usually offers higher salaries.
“The public and private sectors must compete for a limited pool of highly trained cyber experts. We’ve been having these conversations on the challenges we face. We know because of that competition it creates a shortage of cybersecurity leadership and expertise,” she said.
But with Evans’ background in hiring cyber talent, and Energy’s new multi-year cybersecurity plan, Cortez Masto said she’s encouraged by the steps the agency is taking.
“It is so great to see and hear a federal agency that is actually focused on the workforce, and how to develop it and develop it and create a wonderful model that other agencies can emulate,” she said.
But while Energy has elevated its cyber mission, Sen. Angus King (I-Vt.) urged Evans and the White House to set up a cyber chain of command that has “one point of authority” on governmentwide cybersecurity issues.
“I go to these hearings all the time and everybody says ‘the whole of government.’ When I hear that, I think, ‘none of government.’ That means nobody’s in charge, and nobody’s accountable,” King said. “I believe that we need a leadership position, because there are at least seven or eight agencies, by my count, that have responsibilities in cyber.”
Evans said, if confirmed, she would work closely with Chris Krebs, the recently confirmed undersecretary of the National Protection and Programs Directorate (NPDD) in the Homeland Security Department.
“It’s my understanding that in this new role, with the aspect of energy security, that I would be partnering directly with the Department of Homeland Security as it relates to my responsibilities as a sector-specific agency,” Evans said.
King also pressed the Trump administration to develop a cyber doctrine that would put the federal government on more of an offensive position against hackers.
Former White House Cybersecurity Coordinator Rob Joyce advocated for similar measures earlier this year, calling for more “naming and shaming” of hackers who target government IT systems.
“Right now, there are no deterrents, we are entirely defensive, and ultimately that’s a losing strategy,” King said.
Evans said one of her top priorities at Energy is to help guide the agency down its multi-year cybersecurity roadmap the agency released in March.
“A lot of the groundwork is there. It is my intention to leverage that work,” Evans said, adding that, if confirmed, she would seek to work closely with Bruce Walker, the acting assistant secretary of cybersecurity.
“I don’t want to admire the problem anymore. I think a lot of us have done that through the years. It’s really now to execute and to really start looking at how do you make these systems more resilient, how you ensure that you have a response plan, that you exercise that response plan and you do it in partnership with private industry, and state and local governments,” she said.
Energy one step closer to filling long-vacant IG role
The Senate committee also heard from Teri Donaldson, the Trump administration’s pick for Energy’s inspector general.
Since September 2017, Donaldson has served as general counsel for the Senate Environment and Public Works Committee.
Before joining the government, Donaldson worked as a partner at the law firm DLA Piper in Houston, Texas.
If confirmed as the agency’s top watchdog, Donaldson’s role would include oversight of the work done at Energy’s national laboratories.
“It’s not an exaggeration to say that these facilities are contributing to the most significant areas of scientific research, with contributions to computing, medical technologies, energy-related innovations and of course, national defense,” Donaldson said in her opening statement. “If confirmed, I hope to advance these efforts by devoting OIG resources as needed to protect these world-class facilities.”
Donaldson also promised to provide transparency into the agency, and told lawmakers she would help carry out its own oversight role.
“It may take some time to marshal the facts and develop a thoughtful response, but it will always be a priority of mine to get back to Congress as quickly as possible with a thorough and complete response,” she said.
According to the Project on Government Oversight, Energy hasn’t had a permanent IG in more than 1,000 days.
April Stephenson has served as the agency’s acting inspector general since September 2015.