DOE hacked 199 times last year

DOE hacked 199 times last year

Weaknesses in the Energy Department's cybersecurity allowed hackers to successfully penetrate its systems 199 times last year in intrusions that affected 3,531 systems, the department's inspector general said.

Energy continues to have difficulty finding, tracking and fixing previously reported cybersecurity weaknesses quickly, the IG said in a report, 'The Department's Unclassified Cyber Security Program'2004.'

The report praised the department for improving its cybersecurity efforts, but pointed to continuing gaps in its virtual defenses, such as:

  • Incomplete certification and accreditation of major systems

  • Missing contingency plans for restoring systems after an emergency

  • Continuing problems with access control, segregation of responsibilities for financial processing and correction of known security vulnerabilities.

'Without continuing vigilance in this area, it is likely that future attacks will continue to jeopardize the availability and integrity of critical IT assets,' the auditors said.

The IG urged the department to track corrective actions needed to fix cybersecurity weaknesses, verify the effectiveness of the actions, strengthen methods of assuring that department employees understand the organization's IT policies, and ensure that all major systems are certified and accredited.

The report said Energy management's proposed actions were 'responsive to our recommendations,' without elaborating on or presenting the actions. The IG report did not describe specific IT vulnerabilities.

inside gcn

  • A framework for secure software

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group