ترول ایرانی

گالری عکس

Stimulus Energy Grants Increased Cyber Vulnerability

Saw this on Twitter being highlighted by my friend Michael Turk, who’s both an icon in the world of GOP eCampaign work (he started the first state party website in New Mexico in the mid-90s when the web was young and is the “Bill Walsh” in terms of the “Who’s Who” of GOP eCampaign specialists) and an expert in the world of telecommunications and new technology.

Frankly, it should concern anyone who’s ever been online.

The Department of Energy’s rush to award stimulus grants for projects under the next generation of the power grid, known as the Smart grid, resulted in some firms receiving funds without submitting complete plans for how to safeguard the grid from cyber attacks, according to an inspector general’s report.

“Officials approved cyber security plans for Smart Grid projects even though some of the plans contained shortcomings that could result in poorly implemented controls,” states the report. “We also found that the Department was so focused on quickly disbursing Recovery Act funds that it had not ensured personnel received adequate grants management training.”

According to the report, 36 percent of the grant applications submitted were lacking one or more elements in their cybersecurity plans. Three out of the five cybersecurity plans reviewed by the IG were incomplete, and often didn’t address weaknesses previously identified by the Energy Department.

“We acknowledge that the security plans will evolve as systems are developed and implemented. However, this practice may be problematic in that any existing gaps in a recipient’s security environment could allow system compromise before controls are implemented,” the report states.

“Likewise, approved elements that were not well-defined in the plan could leave the system susceptible to compromise even after the cyber security plan had been fully implemented.”

The IG recommended the Energy Department ensure grantees’ cybersecurity plans are complete, containing thorough descriptions of potential risks and mitigation strategies.

Yes, you read that right.  In the mad rush to give companies a check, the Energy Department willingly let cybersecurity go down the toilet to entities who either had little or no plans for securing their work.

Happy online shopping folks.  (Of course, lax control on one’s credit card numbers online is probably the least of the potential problems here.  Maybe I can talk Kurt into giving the military point of view on this news…)

Be Sociable, Share!