Energy IG flags cybersecurity flaws at FERC

The Energy Department's inspector general has found fault with cybersecurity procedures in the Federal Energy Regulatory Commission's unclassified cybersecurity program.

In a report issued earlier this month, the IG noted that FERC officials have continued to improve their cybersecurity program and cited improvements since a previous review in 2002.

However, the IG staff found several deficiencies: Access controls had in some cases not been implemented via strong password management; some software with known security flaws was not replaced, and some users were at times given access at higher levels than their duties required; and not all cybersecurity weaknesses were traced and resolved.

Auditors said FERC had overlooked the problems because officials had failed to complete compliance evaluations required by general federal requirements and agency-specific rules.
To read the report, go to www.gcn.com and enter 498 in the GCN.com/box.

Featured

  • Russia prying into state, local networks

    A Russian state-sponsored advanced persistent threat actor targeting state, local, territorial and tribal government networks exfiltrated data from at least two victims.

  • Marines on patrol (US Marines)

    Using AVs to tell friend from foe

    The Defense Advanced Research Projects Agency is looking for ways autonomous vehicles can make it easier for commanders to detect and track threats among civilians in complex urban environments without escalating tensions.

Stay Connected