An inspector general report has found the Energy Department does not have a departmentwide cybersecurity incident management system, Fierce Government IT reports.
The DOE IG’s office also said the department and the National Nuclear Security Administration have a decentralized and fragmented approach to cybersecurity, including partially duplicative projects on incident management.
Both DOE and NNSA failed to establish a joint incident management operation even after a similar report was published in January 2008, the report said.
Greg Slabodkin writes the IG’s office cited the department’s incident management policy as having a negative impact on the ability of law enforcement and counterintelligence officials to respond to incidents.
The Energy Joint Cybersecurity Coordination Center’s incident reporting instructions are not detailed and open to interpretation, the IG’s office said.