[ISN] DOE hacked 199 times last year
isn at c4i.org
Fri Oct 1 06:12:40 EDT 2004
By Wilson P. Dizard III
Weaknesses in the Energy Department's cybersecurity allowed hackers to
successfully penetrate its systems 199 times last year in intrusions
that affected 3,531 systems, the department's inspector general said.
Energy continues to have difficulty finding, tracking and fixing
previously reported cybersecurity weaknesses quickly, the IG said in a
report, "The Department's Unclassified Cyber Security Program - 2004." 
The report praised the department for improving its cybersecurity
efforts, but pointed to continuing gaps in its virtual defenses, such
* Incomplete certification and accreditation of major systems
* Missing contingency plans for restoring systems after an emergency
* Continuing problems with access control, segregation of
responsibilities for financial processing and correction of known
"Without continuing vigilance in this area, it is likely that future
attacks will continue to jeopardize the availability and integrity of
critical IT assets," the auditors said.
The IG urged the department to track corrective actions needed to fix
cybersecurity weaknesses, verify the effectiveness of the actions,
strengthen methods of assuring that department employees understand
the organization's IT policies, and ensure that all major systems are
certified and accredited.
The report said Energy management's proposed actions were "responsive
to our recommendations," without elaborating on or presenting the
actions. The IG report did not describe specific IT vulnerabilities.
More information about the ISN