While preaching vigilance to the utility industry, the Energy
Department has failed to correct previously identified cybersecurity
weaknesses in its unclassified information systems and has opened new
vulnerabilities this year, an internal review found.
In all, some 38 specific weaknesses remained, even after the department addressed 40 others, Inspector General Gregory H. Friedman said in a letter to Energy Secretary Steven Chu.
"While this is a positive trend, our current evaluation found that the types and severity of weaknesses continued to persist and remained consistent with prior years," he said Wednesday
The department did not dispute the findings and said it would take action to correct the problems.
"The Energy Department is committed to continuing the progress we’ve made in strengthening the department’s unclassified cybersecurity program, including enhancing our cybersecurity posture through the RightPath initiative, improving training programs and developing risk management plans," a spokeswoman said.
"The department appreciates the Inspector General’s recommendations and is taking actions to implement the findings and continue improving how the department manages and protects its cyber information systems," she added.
The review found that 16 problems remained from the 2011 review, including four first identified in 2010. Friedman said the weaknesses related to "access controls, vulnerability management, integrity of web applications, planning for continuity of operations, and change control management."
Some of the problems were found at the department's headquarters offices, which he said included the lack of periodic reviews of user accounts and access privileges and weak user names and passwords, among other problems.
Read more: http://www.washingtonguardian.com/cyber-insecurity
In all, some 38 specific weaknesses remained, even after the department addressed 40 others, Inspector General Gregory H. Friedman said in a letter to Energy Secretary Steven Chu.
"While this is a positive trend, our current evaluation found that the types and severity of weaknesses continued to persist and remained consistent with prior years," he said Wednesday
The department did not dispute the findings and said it would take action to correct the problems.
"The Energy Department is committed to continuing the progress we’ve made in strengthening the department’s unclassified cybersecurity program, including enhancing our cybersecurity posture through the RightPath initiative, improving training programs and developing risk management plans," a spokeswoman said.
"The department appreciates the Inspector General’s recommendations and is taking actions to implement the findings and continue improving how the department manages and protects its cyber information systems," she added.
The review found that 16 problems remained from the 2011 review, including four first identified in 2010. Friedman said the weaknesses related to "access controls, vulnerability management, integrity of web applications, planning for continuity of operations, and change control management."
Some of the problems were found at the department's headquarters offices, which he said included the lack of periodic reviews of user accounts and access privileges and weak user names and passwords, among other problems.
Read more: http://www.washingtonguardian.com/cyber-insecurity
No comments:
Post a Comment