While preaching vigilance to the utility industry, the Energy Department has failed to correct previously identified cybersecurity weaknesses in its unclassified information systems and has opened new vulnerabilities this year, an internal review found.
“While this is a positive trend, our current evaluation found that the types and severity of weaknesses continued to persist and remained consistent with prior years,” he said Wednesday
The department did not dispute the findings and said it would take action to correct the problems.
“The Energy Department is committed to continuing the progress we’ve made in strengthening the department’s unclassified cybersecurity program, including enhancing our cybersecurity posture through the RightPath initiative, improving training programs and developing risk management plans,” a spokeswoman said.
“The department appreciates the Inspector General’s recommendations and is taking actions to implement the findings and continue improving how the department manages and protects its cyber information systems,” she added.
The review found that 16 problems remained from the 2011 review, including four first identified in 2010. Friedman said the weaknesses related to “access controls, vulnerability management, integrity of web applications, planning for continuity of operations, and change control management.”
Some of the problems were found at the department’s headquarters offices, which he said included the lack of periodic reviews of user accounts and access privileges and weak user names and passwords, among other problems.
A total of 157 network systems were found to be operating without current security upgrades and patches, and 41 network servers operating on systems that were no longer supported by the vendor. At eight locations, applications were discovered that allowed malicious data to be input, a weakness that could be used to launch attacks against other users, Friedman reporter.
He said the problems remained because the department had not fully developed and implemented security controls and had not monitored performance. The issue has become more important as the pace of cyberattacks ramps up, Friedman stressed, to 3,000 incidents over the last four years.
By Andrew P. Napolitano
The president's men trash the Constitution to pursue antagonists
Independent voices from the TWT Communities
One man’s perspective. Exploration and commentary designed to challenge the conventional thinking of day on the political issues affecting our nation.
A conservative commentator and satirist takes on the worlds of politics and entertainment in pursuit of truth, justice and all things America.
Politics, economics, and business from a real world perspective.
Columns from Voices around the World talking about the events, people, politics and social issues that concern us wherever, and whoever, we are.
Benghazi: The anatomy of a scandal
Vietnam Memorial adds four names
Cinco de Mayo on the Mall
NRA kicks off annual convention