By Dibya Sarkar
Dec. 20, 2005
The Energy Department's unclassified cybersecurity program has several
weaknesses that could affect critical systems, but officials are
reportedly working on improving those areas, the department's
inspector general said.
After examining information technology departmentwide, Inspector
General Gregory Friedman wrote in a new report released yesterday that
there were problems ensuring authorized access to information
resources, determining whether duties and responsibilities for
processing financial transactions were properly segregated, and
verifying that modifications to applications and systems were properly
approved and managed.
He wrote that the department also didn.t complete contingency planning
for several systems in case of an emergency.
"These problems persisted for several reasons," Friedman wrote.
"First, the department did not provide adequate oversight to ensure
that previously reported problems were promptly corrected. Second, the
department did not provide adequate oversight to ensure field offices
[including contractors] properly implemented all federal cybersecurity
But senior managers are focused on upgrading cybersecurity, which
would improve along with several other initiatives, according to the
In other IT areas, Friedman wrote that Energy.s enterprise
architecture did not fully define current and future IT requirements,
and questioned whether the various enterprise architectures of the
program offices fit in with the department's overall design. Energy
didn't define "the roles, responsibilities and authorities necessary
to development and implement a departmentwide architecture," or
establish the scope, timetable and associated costs, he wrote.
Friedman added there is little assurance that mobile communications
devices and services were managed cost effectively.
"At three of the eight sites visited, our audit work disclosed that
the department could have saved as much as $1.12 million annually by
adopting more efficient methods for using and managing communication
devices and services," he wrote.
IT was one of several management challenges, including contract
administration, project management, financial management and
reporting, highlighted in the IG's report.
In the contract administration and project management areas, the
report notes that department officials are paying closer attention to
those issues and have taken steps to improve them.
Department officials are also working to improve the Standard
Accounting and Reporting System (STARS), the new accounting and
financial reporting system. Although it was implemented in April,
Friedman wrote that officials encountered reporting difficulties,
errors, unreconciled accounting data and data conversion challenges
from the old system to STARS.
However, he wrote that officials have addressed many of the
transaction processing backlogs and are trying to resolve the data
integrity and conversion issues. Also, the department established a
Chief Financial Officer Issue Resolution Tiger Team to develop a plan
of action and milestones in this area, Friedman wrote, adding that the
team is expected to submit a report to the deputy secretary soon.
Earn your Master's degree in Information Security ONLINE
Study IA management practices and the latest infosec issues.
Norwich University is an NSA Center of Excellence.