The U.S. Department of Energy still hasn’t done enough to strengthen its cybersecurity protections, exposing critical systems to compromise and putting data at risk, according to a report issued last month by the agency’s inspector general.
In his annual report on the status of the agency’s cybersecurity efforts, Inspector General Gregory Friedman did note that the DOE has taken some steps to strengthen its security processes. However, the audit also found that key vulnerabilities persist, including some that the inspector general’s office and a congressional committee have highlighted in the past.
The agency has received failing grades for its cybersecurity efforts in each of the past five years in a report card issued by the House Committee on Government Reform and its chairman, Rep. Tom Davis (R-Va.). Only the U.S. Department of Agriculture has had a record as bad as the DOE’s over the past five years, as noted by the committee.
This is a curious story given the sophisticated work the labs do in this realm and the apparent high demand foreign powers have for DOE data. It would seem that there is a left-hand/right-hand issue playing out because were they talking to each other DOE would be one of the few if not the only government entities that scored an “A” on congressional scorecards.
Maybe a little less persecution of staff a little more internal sharing . . .