Given my experience in the military and intelligence community, training the world’s defenders, and leading the world’s best against the world’s worst, I would like to make three points today that are most relevant for this committee.
- The first, is that the industrial threat landscape is largely unknown. This demands that we seek to change this through an intelligence-driven approach that will then be used to inform our innovations, best practices, standards, and regulations.
- The second is that regulation has served a purpose in the private sector such as electric grid operators, but it is appropriate and needed to pause new regulation to allow the community to develop best practices and out-innovate our adversaries.
- The third is a recommendation for the new Department of Energy’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER) to focus on new and continued relationships between the DOE and the private sector while respecting that most of the knowledge of the threats and the innovation to counter them is occurring in the private sector. This drives a requirement for communities to work together without interfering in each’s respective mission.