Cybersecurity working group mission and scope

he EFCOG Cybersecurity Working Group (CSWG) is chartered to assist member companies to attain and maintain excellence in all aspects of Cybersecurity operations and management of DOE facilities through the consistent exchange of information, best practices, and corresponding improvement activities.  The CSWG will achieve this by:

• Leveraging the expertise and experience of DOE Contractors to address challenges and achieve improvements in cybersecurity;
• Advocating for strong, effective implementation of Integrated Cybersecurity Management across departmental activities;
• Developing, and promoting best management and operating practices;
• Improving the effectiveness of boundary authorization packages for achieving and maintaining the Authority to Operate (ATO) and achievement of Cybersecurity readiness processes across contracts by working together, exchanging information, and sharing best practices and lessons learned;
• Improving the effectiveness of risk management and cyber resilience, and associated processes by developing tools, practices, guidance, and recommendations for compliance and directive changes – where appropriate and as supported by Contractor and DOE line management;
• Providing real-time support for cyber related emergent issues in the form of ideas, tools, resources, etc.;
• Interfacing with various intelligence associated organizations and industry providers to promote cooperation, information exchange, and as appropriate, minimization of duplication of effort;
• Interfacing with key DOE managers (both headquarters and field) on varying concepts, practices, and concerns associated with Cybersecurity needs and processes to enable better understanding of customer needs and concerns;
• Interfacing with other external organizations on varying concepts, practices, and concerns associated with Cybersecurity processes and risk management;
• Promoting transparent communications across group members and DOE;
• Facilitating the exchange of operating experiences and information on Cybersecurity programs and their effectiveness, and designing studies and developing position and technical papers to inform DOE where appropriate;
• Providing DOE and member companies with access to a network of subject matter experts;
• Identifying opportunities to save and/or avoid costs in the implementation of Cybersecurity and regulatory programs while assisting member companies to implement effective Cybersecurity and regulatory programs through peer reviews and consultations; and
• Arranging training and awareness workshops and collaborative workshops to enhance the competency of Cybersecurity professionals.

 The working group is focused around the following key areas of Cybersecurity: Industrial Control Systems/Distributed Control Systems/SCADA; IoT & Smart Technologies; Risk Management & Governance; Addressing Remote Work Challenges; Technology and Tools; and Cloud Security.