Cybersecurity Lacking At Three Major Power Marketing Administrations, Says Doe Ig

摘要

Despite recent steps taken to improve them, the security of computerized information systems used by three of DOE's power marketing administrations is still lacking, the agency's inspector general said in a report released last week. If not corrected, the shortcomings could lead to disruptions in major portions of the US electricity grid, said IG Gregory Friedman.rnAmong the problems found in the Southeastern, Southwestern and Western Area power administrations were inadequate security plans, insufficient testing of physical and cybersecurity controls and a lack of corrective action plans to resolve weaknesses in controls.rn"Problems with the certification of these systems - some of which are integral to controlling electrical transmission in major portions of the nation's power grids - were attributable to the PMAs' failure to fully adopt a risk-based approach for implementing security controls designed to satisfy federal requirements," Friedman said.