http://www.gcn.com/vol1_no1/daily-updates/27489-1.html By Wilson P. Dizard III GCN Staff 09/30/04 Weaknesses in the Energy Department's cybersecurity allowed hackers to successfully penetrate its systems 199 times last year in intrusions that affected 3,531 systems, the department's inspector general said. Energy continues to have difficulty finding, tracking and fixing previously reported cybersecurity weaknesses quickly, the IG said in a report, "The Department's Unclassified Cyber Security Program - 2004." [1] The report praised the department for improving its cybersecurity efforts, but pointed to continuing gaps in its virtual defenses, such as: * Incomplete certification and accreditation of major systems * Missing contingency plans for restoring systems after an emergency * Continuing problems with access control, segregation of responsibilities for financial processing and correction of known security vulnerabilities. "Without continuing vigilance in this area, it is likely that future attacks will continue to jeopardize the availability and integrity of critical IT assets," the auditors said. The IG urged the department to track corrective actions needed to fix cybersecurity weaknesses, verify the effectiveness of the actions, strengthen methods of assuring that department employees understand the organization's IT policies, and ensure that all major systems are certified and accredited. The report said Energy management's proposed actions were "responsive to our recommendations," without elaborating on or presenting the actions. The IG report did not describe specific IT vulnerabilities. [1] http://www.ig.doe.gov/pdf/ig-0662.pdf _________________________________________ Donate online for the Ron Santo Walk to Cure Diabetes - http://www.c4i.org/ethan.html
This archive was generated by hypermail 2.1.3 : Fri Oct 01 2004 - 04:09:26 PDT