Cyber siege of US Energy Department
US Inspector General Gregory Friedman hopes to lock down security on the Energy Department's interconnected computer networks, after auditors called 132 security breaches serious enough to report to law enforcement in fiscal 2006, 22 percent more than in the prior year
The department's 69 organizations support as many as eight separate intrusion and analysis groups, which do not use a common incident-reporting format and do not always retain crucial information about cyberattacks, the IG said in a report released today. Some sites opt out of monitoring their networks or even disable the sensor equipment.
Energy has found such cyber weaknesses before but "does not specifically require that incidents be reported to law enforcement or counterintelligence officials," the report said.
The IG recommends:
- Developing and implementing an enterprisewide cyber incident management strategy
Taking a consistent approach to developing or revising policies across all Energy organizations - Finding a way to periodically test and evaluate the department's overall performance in cybersecurity incidents.
The Office of the Chief Information Officer's Computer Incident Advisory Capability has been watching cybersecurity and providing computer forensics services to the department since 1989, at a cost of $6.8 million in fiscal 2006, the IG report said. Nevertheless, other groups, such as the National Nuclear Security Administration's Information Assurance Response Center and smaller organizations at various Energy sites, compete with CIAC for authority and funding.
www.gcn.com
