[ISN] IG cites Energy cybersecurity weaknesses

From: InfoSec News (isn@private)
Date: Tue Dec 20 2005 - 22:37:18 PST


http://www.fcw.com/article91775-12-20-05-Web

By Dibya Sarkar
Dec. 20, 2005 

The Energy Department's unclassified cybersecurity program has several 
weaknesses that could affect critical systems, but officials are 
reportedly working on improving those areas, the department's 
inspector general said.

After examining information technology departmentwide, Inspector 
General Gregory Friedman wrote in a new report released yesterday that 
there were problems ensuring authorized access to information 
resources, determining whether duties and responsibilities for 
processing financial transactions were properly segregated, and 
verifying that modifications to applications and systems were properly 
approved and managed.

He wrote that the department also didn.t complete contingency planning 
for several systems in case of an emergency.

"These problems persisted for several reasons," Friedman wrote. 
"First, the department did not provide adequate oversight to ensure 
that previously reported problems were promptly corrected. Second, the 
department did not provide adequate oversight to ensure field offices 
[including contractors] properly implemented all federal cybersecurity 
requirements."

But senior managers are focused on upgrading cybersecurity, which 
would improve along with several other initiatives, according to the 
report.

In other IT areas, Friedman wrote that Energy.s enterprise 
architecture did not fully define current and future IT requirements, 
and questioned whether the various enterprise architectures of the 
program offices fit in with the department's overall design. Energy 
didn't define "the roles, responsibilities and authorities necessary 
to development and implement a departmentwide architecture," or 
establish the scope, timetable and associated costs, he wrote.

Friedman added there is little assurance that mobile communications 
devices and services were managed cost effectively. 

"At three of the eight sites visited, our audit work disclosed that 
the department could have saved as much as $1.12 million annually by 
adopting more efficient methods for using and managing communication 
devices and services," he wrote.

IT was one of several management challenges, including contract 
administration, project management, financial management and 
reporting, highlighted in the IG's report.

In the contract administration and project management areas, the 
report notes that department officials are paying closer attention to 
those issues and have taken steps to improve them.

Department officials are also working to improve the Standard 
Accounting and Reporting System (STARS), the new accounting and 
financial reporting system. Although it was implemented in April, 
Friedman wrote that officials encountered reporting difficulties, 
errors, unreconciled accounting data and data conversion challenges 
from the old system to STARS.

However, he wrote that officials have addressed many of the 
transaction processing backlogs and are trying to resolve the data 
integrity and conversion issues. Also, the department established a 
Chief Financial Officer Issue Resolution Tiger Team to develop a plan 
of action and milestones in this area, Friedman wrote, adding that the 
team is expected to submit a report to the deputy secretary soon.



_________________________________________
Earn your Master's degree in Information Security ONLINE
www.msia.norwich.edu/csi
Study IA management practices and the latest infosec issues.
Norwich University is an NSA Center of Excellence.



This archive was generated by hypermail 2.1.3 : Tue Dec 20 2005 - 23:02:03 PST