The Energy Department failed to enact proper cybersecurity controls at one of its radioactive waste management facilities, leaving the site potentially vulnerable to digital attacks, according to an internal watchdog.
The agency inspector general found the site’s digital security fell short of the standards outlined in the Federal Information Security Management Act, the government’s primary cybersecurity regulation. The unnamed facility lacked proper physical and logical access controls, and officials also failed to properly monitor networks, manage vulnerabilities and develop a contingency plan, according to the IG.
“The integrity, confidentiality and availability of systems and data managed by the site may be impacted by the vulnerabilities identified during our review,” auditors wrote in a summary of their findings. The public version of the report included few details on specific vulnerabilities.
Auditors attributed the vulnerabilities to shoddy oversight, calling out the site’s cybersecurity officials for not ensuring FISMA requirements were fully implemented. Department leaders also never created specific performance metrics to incentivize the site’s primary contractor to follow robust cybersecurity practices, they said.
Additionally, they found the facility’s cyber posture suffered because it didn’t have enough resources to implement proper security controls.
Our IP Address: