Free Newsletter
HOT TOPICS >> Cloud computing | Cybersecurity | Gov 2.0 | Fiscal 2013 | Mobile | Transparency | GAO reports
AGENCY NEWS >> Defense | NASA | Homeland Security | NIST | OMB | Veterans Affairs | NARA | GSA
Latest News
Media Partner
Free Newsletter
FierceGovernmentIT tracks the latest technological developments in the U.S. government. Join more than 17,000 federal/state decision makers and IT executives who get FierceGovernmentIT via email. Sign up today!
About | View Sample | Privacy
Whitepapers
- Cloud Computing: Threat or opportunity for VARs and MSPs? Special focus on cloud collaboration and messaging
- Innovative Solutions for Database and DBA Management
- The Top 4 Reasons Your Telecom Expense Management Provider Shouldn't Manage Your Wireless
- Storage Consolidation: Best of Both Worlds
- Efficiency On Demand
- Virtual Game Changer
Smart Grid grantees' cybersecurity plans lacked elements, says IG
More than a third of the cybersecurity plans submitted by recipients of Energy Department grants for smart grid development lacked some required elements, says the DOE inspector general.
In a report dated Jan. 20, the IG says Energy received a $3.5 billion appropriation under the Recovery Act in 2009 to distribute as grants, and ended up making awards to 99 recipients, with individual awards ranging in value from $397,000 to $200 million.
As part of the grant process, Energy required recipients to submit a cybersecurity plan that described the controls they intended to implement, but the IG says that an internal DOE review found 36 of the 99 plans fell short in one or more area. Energy awarded the grants anyway, telling recipients to update their plans.
Auditors, however, found that initial weaknesses haven't always been fully addressed "and did not include a number of security practices commonly recommended for federal government and industry systems."
For example, one recipient attested in its plan to having a risk assessment and mitigation process in place, but acknowledged having never conducted a formal risk assessment--meaning the recipient's systems are still open to an unacceptable level of risk, the IG says.
Energy officials told auditors that recipients were permitted to ramp up security controls over the 3-year lifespan of the grant projects, a practice the IG suggests seems to defeat the purposes of having a cybersecurity plan in the first place, since "any existing gaps in a recipient's security environment could allow system compromise before controls are implemented."
Department officials also noted to auditors that there currently exist no federal or state standards or regulations mandating processes or practices for electric distribution systems, a point the IG acknowledges. The grant program, the report adds, therefore offered a unique opportunity to promote strong cybersecurity in the electricity sector.
"We also believe that the department should take steps to ensure the submitted cyber security plans are complete, being implemented, and are updated as situations warrant," the IG adds.
For more:
- download the OIG report, OAS-RA-12-04 (.pdf)
Related Articles:
DoE unveils roadmap for making the power grid resistant to cyber threats
NIST Smart Grid roadmap calls for common data semantics
Smart grid cybersecurity standards still lacking, says GAO
SHARE WITH:
Home
| Subscribe | Advertise | Mobile Edition | RSS |
Privacy
| Site Map
| EditorsTHE FIERCEMARKETS NETWORKFierceEnergy | FierceSmartGrid | FierceFinance | FierceFinanceIT | FierceComplianceIT | FierceHealthcare | FierceHealthFinance | FierceHealthIT | Hospital Impact | FierceMobileHealthcare | FierceHealthPayer | FiercePracticeManagement | FierceEMR | FierceCIO | FierceCIO:TechWatch | FierceContentManagement | FierceMobileIT | FierceGovernmentIT | FierceGovernment | FierceHomelandSecurity | FierceBiotech | FierceBiotech Research | FiercePharma | FierceVaccines | FierceBiotechIT | FiercePharma Manufacturing | FierceMedicalDevices | FierceDrugDelivery | FierceCRO | FierceIPTV | FierceOnlineVideo | FierceTelecom | FierceEnterpriseCommunications | FierceBroadbandWireless | FierceDeveloper | FierceMobileContent | FierceWireless | FierceWireless:Europe | FierceCable© 2012 FierceMarkets. All rights reserved. |
 |
