Well I found yet another agency with computer security problems amid the ever-growing list of government agencies which have not yet prioritized computer security. This time, according to an article in Computerworld Security Magazione,
The information systems used by the Federal Energy Regulatory Commission (FERC), an agency of the U.S. Department of Energy, are vulnerable to cyberattacks because cybersecurity programs now in place do not meet federal guidelines, according to a report by the Energy Department’s inspector general.
According to the cybersecurity audit report from the Office of the Inspector General with the United States Department of Energy,
While problems with access controls associated with strong password management had declined since our 2005 evaluation, testing revealed continuing problems with default, blank, or easily guessed passwords, and user account controls; and,
Security assessments performed in connection with system certification and annual security reviews had not been properly executed or were not adequately documented for each of the four systems we evaluated.
Unfortunately, these problems seem to be recurring:
The DOE has received failing grades for its cybersecurity efforts in each of the past five years in a report card issued by the House Committee on Government Reform and its chairman, Rep. Tom Davis (R-Va.). Only the U.S. Department of Agriculture has had a record as bad as the DOE’s over the past five years, according to the committee.
I wonder how many cyberattacks and thefts of confidential data it will take until the Department realizes that cybersecurity must not be taken for granted.