IG cites Energy cybersecurity weaknesses

IG Report: “Management challenges at the Department of Energy”

Related Links

The Energy Department’s unclassified cybersecurity program has several weaknesses that could affect critical systems, but officials are reportedly working on improving those areas, the department’s inspector general said.

After examining information technology departmentwide, Inspector General Gregory Friedman wrote in a new report released yesterday that there were problems ensuring authorized access to information resources, determining whether duties and responsibilities for processing financial transactions were properly segregated, and verifying that modifications to applications and systems were properly approved and managed.

He wrote that the department also didn’t complete contingency planning for several systems in case of an emergency.

“These problems persisted for several reasons,” Friedman wrote. “First, the department did not provide adequate oversight to ensure that previously reported problems were promptly corrected. Second, the department did not provide adequate oversight to ensure field offices [including contractors] properly implemented all federal cybersecurity requirements.”

But senior managers are focused on upgrading cybersecurity, which would improve along with several other initiatives, according to the report.

In other IT areas, Friedman wrote that Energy’s enterprise architecture did not fully define current and future IT requirements, and questioned whether the various enterprise architectures of the program offices fit in with the department’s overall design. Energy didn’t define “the roles, responsibilities and authorities necessary to development and implement a departmentwide architecture,” or establish the scope, timetable and associated costs, he wrote.

Friedman added there is little assurance that mobile communications devices and services were managed cost effectively.

“At three of the eight sites visited, our audit work disclosed that the department could have saved as much as $1.12 million annually by adopting more efficient methods for using and managing communication devices and services,” he wrote.

IT was one of several management challenges, including contract administration, project management, financial management and reporting, highlighted in the IG’s report.

In the contract administration and project management areas, the report notes that department officials are paying closer attention to those issues and have taken steps to improve them.

Department officials are also working to improve the Standard Accounting and Reporting System (STARS), the new accounting and financial reporting system. Although it was implemented in April, Friedman wrote that officials encountered reporting difficulties, errors, unreconciled accounting data and data conversion challenges from the old system to STARS.

However, he wrote that officials have addressed many of the transaction processing backlogs and are trying to resolve the data integrity and conversion issues. Also, the department established a Chief Financial Officer Issue Resolution Tiger Team to develop a plan of action and milestones in this area, Friedman wrote, adding that the team is expected to submit a report to the deputy secretary soon.


    pentagon cloud

    Court orders temporary block on JEDI

    JEDI, the Defense Department’s multi-billion-dollar cloud procurement, is officially on hold, according to a federal court announcement Feb. 13.

  • Defense
    mock-up of the shore-based Aegis Combat Information Center

    Pentagon focuses on research, cyber in 2021 budget request

    The Defense Department wants to significantly increase funds for research, cyber, and cloud.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.