Energy Department auditors cite cybersecurity flaws at FERC

The Energy Department's inspector general has found fault with cybersecurity procedures in the Federal Energy Regulatory Commission's unclassified cybersecurity program.

In a report issued today, the IG noted that FERC officials have continued to improve their cybersecurity program, and cited improvements since a previous review in 2002.

However, the IG staff found several areas in which FERC was deficient, including:
  • Access controls had in some cases not been implemented via strong password management

  • Some software with known security flaws was not replaced, and some users were at times provided access at higher levels than their duties required

  • Not all cybersecurity weaknesses were traced and resolved.

Auditors said FERC had overlooked the problems because officials had failed to complete compliance evaluations required by general federal requirements and agency-specific rules.

The report, however, omitted information on specific vulnerabilities and how they might be fixed. FERC management said that it generally concurred with the IG's findings and recommendations.


  • Records management: Look beyond the NARA mandates

    Records management is about to get harder

    New collaboration technologies ramped up in the wake of the pandemic have introduced some new challenges.

  • puzzled employee (fizkes/

    Phish Scale: Weighing the threat from email scammers

    The National Institute of Standards and Technology’s Phish Scale quantifies characteristics of phishing emails that are likely to trick users.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.