What is your e-mail address?
My e-mail address is:

Do you have a password?
Forgot your password? Click here
close


    IG: Energy's Web sites lack security

    • By Wade-Hahn Chan
    • Mar 19, 2008

    Related Links

    NNSA wants more funding for cybersecurity

    Increasing security breaches worry Energy IG

    Visitors to Energy Department Web sites should not be redirected to pornography, the department’s Inspector General’s Office said in a report.

    But that has happened, the oversight office found. DOE sites suffered 60 security incidents on public servers in the past three years, with some 22 incidents occurring in the past year, the report states.

    More than half of those attacks resulted in defaced home pages, including the changing of the home page of Brookhaven National Laboratory’s Web site to route visitors to pornographic links.

    The IG report also found that some sites had lax controls on publicly accessible information, resulting in eight incidents in which personally identifiable information was exposed. It noted that some of the sites did not meet National Institute of Standards and Technology standards for securing public Web servers.

    The IG report recommended that DOE complete guidance on how to secure its agencies’ Web sites. Previous attempts to create such guidance stalled. The agency released a Web guidance manual in 2005 that was never released. DOE created another manual last year that has not been issued yet, but the IG report criticized the draft manual’s lack of specificity and a timeline.

    “Facilitating communication with the citizenry is in the national interest,” Energy IG Gregory Friedman said in a letter attached to the March 13 report. “However, the unavoidable fact is that such communication may well impact agency cybersecurity vulnerabilities.”

    The report found that some of the national labs have taken proactive steps toward securing their Web sites. The IG praised Oak Ridge, Lawrence Livermore, Los Alamos and Lawrence Berkeley national laboratories for implementing Web applications that detect possible vulnerabilities.

    It also noted that the Los Alamos, Lawrence Livermore and Sandia labs developed separate Web sites for use in emergency situations. Additionally, Oak Ridge moved all of its systems and independent Web sites under its central information technology management, resulting in enhanced security and possible cost and time savings.

    Reader comments

    Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

    Your Name:(optional)
    Your Email:(optional)
    Your Location:(optional)
    Comment:
    Please type the letters/numbers you see above

    eSeminar

    • Technology success through the stimulus Karen Jackson

      FCW will present Karen Jackson, deputy secretary of technology for the Commonwealth of Virginia, at 11 a.m. Wed, Dec. 9, in an eSeminar where she will discuss technology acquisition through the stimulus. Read more

    Federal Computer Week eNewsletters

    • Subscribe to Newsletters Subscribe

      Federal Computer Week's eNewsletters deliver the latest policy and management news to your inbox.

    Current issue of FCW