Energy IG flags cybersecurity flaws at FERC

The Energy Department's inspector general has found fault with cybersecurity procedures in the Federal Energy Regulatory Commission's unclassified cybersecurity program.

In a report issued earlier this month, the IG noted that FERC officials have continued to improve their cybersecurity program and cited improvements since a previous review in 2002.

However, the IG staff found several deficiencies: Access controls had in some cases not been implemented via strong password management; some software with known security flaws was not replaced, and some users were at times given access at higher levels than their duties required; and not all cybersecurity weaknesses were traced and resolved.

Auditors said FERC had overlooked the problems because officials had failed to complete compliance evaluations required by general federal requirements and agency-specific rules.
To read the report, go to www.gcn.com and enter 498 in the GCN.com/box.

Featured

  • business meeting (Monkey Business Images/Shutterstock.com)

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (Shutterstock.com)

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected