An unidentified Energy Department nuclear facility needs to remedy shortcomings in its cybersecurity program, according to DOE’s Office of Inspector General.
“Furthermore, we found that limited cybersecurity resources at the site impacted the ability of the site to ensure that all security controls were fully implemented,” the Energy Department IG said in the memo dated July 19. A detailed report of the actual findings was not made public.
The site in question was the Waste Isolation Pilot Plant in New Mexico, according to one source Monday.
The integrity and availability of computer systems and data managed by the site could be hurt by the identified vulnerabilities, according to Sarah Nelson, assistant inspector general for technology, financial, and analytics. The two-page memo is addressed to the principal deputy assistant secretary for the Office of Environmental Management, a post held by Todd Shrader.
The IG identified weaknesses in access controls, contingency planning, and continuous management.
The report issued was for “official use only,” according to Nelson. “We provided site and program officials with detailed information regarding vulnerabilities that we identified.”
Management at the site concurred with the recommendations and corrective actions are planned, Nelson wrote.
The cybersecurity program at the nuclear cleanup site is overseen by the DOE Environmental Management Consolidated Business Center. The Office of Inspector General conducted the audit to determine if the site managed its cybersecurity program in accordance with federal requirements. The Federal Information Security Modernization Act of 2014 requires each U.S. agency to develop a cybersecurity program to protect systems and data that support its operations.
