The U.S. Department of Energy still hasn’t done enough to strengthen its cybersecurity protections, exposing critical systems to compromise and putting data at risk, according to a report issued last month by the agency’s inspector general.

In his annual report on the status of the agency’s cybersecurity efforts, Inspector General Gregory Friedman did note that the DOE has taken some steps to strengthen its security processes. However, the audit also found that key vulnerabilities persist, including some that the inspector general’s office and a congressional committee have highlighted in the past.

The agency has received failing grades for its cyber­security efforts in each of the past five years in a report card issued by the House Committee on Government Reform and its chairman, Rep. Tom Davis (R-Va.). Only the U.S. Department of Agriculture has had a record as bad as the DOE’s over the past five years, as noted by the committee.

This is a curious story given the sophisticated work the labs do in this realm and the apparent high demand foreign powers have for DOE data. It would seem that there is a left-hand/right-hand issue playing out because were they talking to each other DOE would be one of the few if not the only government entities that scored an “A” on congressional scorecards.

Maybe a little less persecution of staff a little more internal sharing . . .

About the Author

Michael Tanji

Michael Tanji spent nearly 20 years in the US intelligence community. Trained in both SIGINT and HUMINT disciplines he has worked at the Defense Intelligence Agency, the National Security Agency, and the National Reconnaissance Office. At various points in his career he served as an expert in information warfare, computer network operations, computer forensics, and indications and warning. A veteran of the US Army, Michael has served in both strategic and tactical assignments in the Pacific Theater, the Balkans, and the Middle East.