The Department of Energy’s non-classified IT systems have recently come under successful cyberattacks at least four times, costing the department more than $2 million, the DoE inspector general said in an audit made public Monday.
The report, part of the department’s annual Federal Information Security Management Act review, didn’t provide details on the cyberattacks, except to peg the cost of three of the four breaches at over $2 million.
“As noted by recent successful attacks at four department locations, exploitation of vulnerabilities can cause significant disruption to operations and/or increases the risk of modification or destruction of sensitive data or programs, and possible theft or improper disclosure of confidential information,” Inspector General Gregory Friedman wrote in the report.
In July, a sophisticated cyberattack shut down Internet and e-mail services at the Pacific Northwest National Laboratory, an Energy Department facility that conducts IT security research.
Though DoE had expanded efforts to mitigate these risks in the last fiscal year, which ended Sept. 30, more steps must be taken to strengthen department IT from attackers seeking to exploit vulnerabilities in applicatons and products, the inspector general audit said.
From GovInfoSecurity.com: http://www.govinfosecurity.com/p_print.php?t=a&id=4184