Morning Briefing - November 26, 2019
Visit Archives | Return to Issue
PDF
Morning Briefing
Article 2 of 6
November 26, 2019

Energy Dept. Still Struggling With Cybersecurity, IG Finds

By ExchangeMonitor

The U.S. National Nuclear Security Administration (NNSA) and other branches of the Department of Energy continue to struggle to improve their defenses against cyberattacks, according to the DOE Inspector General’s Office.

The inspector general’s 2019 evaluation of the department’s unclassified cybersecurity program involved control testing and other evaluations of 28 DOE sites, largely overseen by the NNSA, undersecretary for science, undersecretary of energy, and select staff offices.

Auditors closed 21 of 25 cybersecurity recommendations from their 2018 report. “Although these actions were positive, our current evaluation identified weaknesses that were consistent with our prior reports related to vulnerability management, configuration management, system integrity of Web applications, access controls and segregation of duties, cybersecurity and privacy training, and security control testing and continuous monitoring,” according to the Nov. 19 report.

Among the findings:

  • At 11 locations, testing of work stations and servers showed “critical and/or high-risk vulnerabilities.” Close to 11,000 such weaknesses were found at one site alone. Over 50% of 1,848 work stations evaluated throughout the complex had not applied security updates that were no less than 30 days old at the tine of testing.
  • Four sites had vulnerabilities connected to “system integrity of Web applications,” such as “improper validation of input data and/or the protection of the confidentiality of user credentials,” the report says. That opened the door for a cyber attack to access applications, revise data, or disclose sensitive information.
  • Two locations were not providing sufficient cybersecurity and privacy training. Notably, the locations had failed to prepare and enact “role-based training strategies/plans for all appropriate personnel.”

The inspector general during fiscal 2019 issued a total of 54 cybersecurity recommendations to DOE programs and facilities. The fiscal year ended on Sept. 30.

“Management concurred with recommendations made throughout the evaluation and indicated that corrective actions were taken or planned to address the issues identified in the report,” according to the inspector general.

Comments are closed.

Partner Content
Social Feed

NEW: Via public records request, I’ve been able to confirm reporting today that a warrant has been issued for DOE deputy asst. secretary of spent fuel and waste disposition Sam Brinton for another luggage theft, this time at Las Vegas’s Harry Reid airport. (cc: @EMPublications)

DOE spent fuel lead Brinton accused of second luggage theft.



by @BenjaminSWeiss, confirming today's reports with warrant from Las Vegas Metro PD.

Waste has been Emplaced! 🚮

We have finally begun emplacing defense-related transuranic (TRU) waste in Panel 8 of #WIPP.

Read more about the waste emplacement here: https://wipp.energy.gov/wipp_news_20221123-2.asp

Load More