https://www.nextgov.com/cybersecurity/2019/11/auditors-uncover-tens-thousands-critical-security-gaps-energy-facilities/161539/
By Jack Corrigan
Staff Correspondent
Nextgov
November 25, 2019
The Energy Department continues to botch the same cybersecurity practices year
after year, leaving unclassified systems in the nation’s nuclear facilities and
other critical infrastructure exposed to digital attacks, according to a
federal watchdog.
In general, the agency is capable of fixing vulnerabilities after they’re
uncovered, but officials have struggled to put in place policies to ensure they
aren’t repeating the same mistakes, the Energy inspector general said. In their
annual audit of the department’s cybersecurity program, investigators uncovered
multiple recurring weaknesses related to configuration management, access
controls, personnel training programs and security testing.
The audit also revealed substantial shortcomings in the department’s
vulnerability management practices, which left tens of thousands of “critical
and high-risk vulnerabilities” unaddressed within its digital ecosystem.
“Without improvements to address the weaknesses identified during our
evaluation, the department information systems and data may be at a
higher-than-necessary risk of compromise, loss and/or modification,” auditors
said in the report. “We and other independent reviewers continue to identify
vulnerabilities related to developing, updating and/or implementing policies
and procedures that may adversely affect the department’s ability to properly
secure its information systems and data.”
[...]
--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
