By Wilson P. Dizard III
The Energy Department's inspector general has found fault with
cybersecurity procedures in the Federal Energy Regulatory Commission's
unclassified cybersecurity program.
In a report  issued today, the IG noted that FERC officials have
continued to improve their cybersecurity program, and cited
improvements since a previous review in 2002.
However, the IG staff found several areas in which FERC was deficient,
* Access controls had in some cases not been implemented via strong
* Some software with known security flaws was not replaced, and some
users were at times provided access at higher levels than their
* Not all cybersecurity weaknesses were traced and resolved.
Auditors said FERC had overlooked the problems because officials had
failed to complete compliance evaluations required by general federal
requirements and agency-specific rules.
The report, however, omitted information on specific vulnerabilities
and how they might be fixed. FERC management said that it generally
concurred with the IG's findings and recommendations.
InfoSec News v2.0 - Coming Soon!