IG cites Energy cybersecurity weaknesses

IG Report: “Management challenges at the Department of Energy”

The Energy Department’s unclassified cybersecurity program has several weaknesses that could affect critical systems, but officials are reportedly working on improving those areas, the department’s inspector general said.

After examining information technology departmentwide, Inspector General Gregory Friedman wrote in a new report released yesterday that there were problems ensuring authorized access to information resources, determining whether duties and responsibilities for processing financial transactions were properly segregated, and verifying that modifications to applications and systems were properly approved and managed.

He wrote that the department also didn’t complete contingency planning for several systems in case of an emergency.

“These problems persisted for several reasons,” Friedman wrote. “First, the department did not provide adequate oversight to ensure that previously reported problems were promptly corrected. Second, the department did not provide adequate oversight to ensure field offices [including contractors] properly implemented all federal cybersecurity requirements.”

But senior managers are focused on upgrading cybersecurity, which would improve along with several other initiatives, according to the report.

In other IT areas, Friedman wrote that Energy’s enterprise architecture did not fully define current and future IT requirements, and questioned whether the various enterprise architectures of the program offices fit in with the department’s overall design. Energy didn’t define “the roles, responsibilities and authorities necessary to development and implement a departmentwide architecture,” or establish the scope, timetable and associated costs, he wrote.

Friedman added there is little assurance that mobile communications devices and services were managed cost effectively.

“At three of the eight sites visited, our audit work disclosed that the department could have saved as much as $1.12 million annually by adopting more efficient methods for using and managing communication devices and services,” he wrote.

IT was one of several management challenges, including contract administration, project management, financial management and reporting, highlighted in the IG’s report.

In the contract administration and project management areas, the report notes that department officials are paying closer attention to those issues and have taken steps to improve them.

Department officials are also working to improve the Standard Accounting and Reporting System (STARS), the new accounting and financial reporting system. Although it was implemented in April, Friedman wrote that officials encountered reporting difficulties, errors, unreconciled accounting data and data conversion challenges from the old system to STARS.

However, he wrote that officials have addressed many of the transaction processing backlogs and are trying to resolve the data integrity and conversion issues. Also, the department established a Chief Financial Officer Issue Resolution Tiger Team to develop a plan of action and milestones in this area, Friedman wrote, adding that the team is expected to submit a report to the deputy secretary soon.