Ann Dunkin: Energy Department Has Better Cyber Posture Than FITARA Scorecard Grade

Ann Dunkin, chief information officer of the Department of Energy, said the organization’s cybersecurity posture is better than what the Federal Information Technology Acquisition Reform Act 13.0 scorecard shows. She was speaking at a FITARA hearing by the House Oversight and Reform Subcommittee on Government Operations.

Dunkin was responding to criticism from Rep. Andrew Clyde, R-Ga., who claimed that the Energy Department’s cybersecurity priorities were not in order. The Energy CIO said while the results on the FITARA scorecard may not be the best, improvements in cybersecurity metrics will be seen over the next months. 

DOE plans to use the Continuous Diagnostics and Mitigation program to deploy hardware and software tools to improve asset management within the next three to six months, FedScoop reported Thursday.

The Energy Department received a “D” grade on FITARA 13.0, which pertains to infrastructure, national security sites and targets that have been exposed to cyberattacks. Clyde said the score suggests that the DOE’s priorities are misguided. Dunkin countered that the specifics of the department’s security posture and cyberattacks should be discussed in a classified briefing, something that Clyde and subcommittee Chairman Gerry Connolly are interested in.

When it came to the FITARA scorecard, Dunkin and other members of the panel said the framework did not adequately measure agencies’ cyber postures and suggested tying FITARA metrics to recent cyber directives. Richard Spires, former CIO of the Department of Homeland Security, said President Joe Biden’s cybersecurity executive order could serve as a blueprint for how agencies would improve their cyber postures.