Dept. of Energy cybersecurity slammed

WASHINGTON, Jan. 28 (UPI) -- Cybersecurity at the U.S. Department of Energy, which guards the nation's most important scientific secrets, is hampered by conflicting and overlapping roles.

A report by Energy Inspector General Gregory Friedman says that "as many as eight independent cyber security intrusion and analysis organizations" were at work in the department, reporting to either "program elements" or "facility contractors."

Their "missions and functions we found to be, at least partially, duplicative and not well coordinated," reads the report, released Friday.

The eight organizations lacked "a common incident reporting format and did not always ensure that essential attack-related information needed for investigative or trending purposes was reported or retained," Friedman found.

Departmental sites, like the various national laboratories it runs, "could choose whether to participate in network monitoring activities performed by these organizations," and some even "selectively disabled network sensors or 'opted out' of network monitoring activities," found the auditors.

Friedman also found that even though department leadership acknowledged these weaknesses, it "had not adequately addressed these and related issues through policy changes."

As an example the report cited the failure of the department's recently issued cybersecurity incident guidelines to make reporting of such incidents to law enforcement or counterintelligence agencies mandatory.