U.S. Department of Energy Evaluation Report: The Department's Unclassified Cyber Security Program - 2006 [open pdf - 671KB]
"To help accomplish its strategic goals in the areas of defense, energy, science and the environment, the Department utilizes numerous interconnected computer networks and individual systems. Virtually all of the Department's systems are increasingly subjected to sophisticated attacks designed to circumvent security measures, trick unsuspecting users into divulging sensitive information or propagate harmful programs. A strong cyber security program is essential to minimizing adverse impacts on Department mission associated with successful attacks or intrusions and protecting operational, personally identifiable and other sensitive data from compromise. Overall, the Department expects to invest over $295 million in Fiscal Year (FY) 2006 to protect its annual $2 billion investment in information technology resources. The Federal Information Security Management Act (FISMA) provides a comprehensive framework for ensuring the effectiveness of security controls over information resources that support Federal operations and assets. As required by FISMA, the Office of inspector General conducts an annual independent evaluation to determine whether the Department's unclassified cyber security program adequately protects data and information systems. This memorandum presents the results of our evaluation for FY 2006. […] The Department had taken a number of steps to strengthen its cyber security posture. During the last year, it had launched a cyber security revitalization program and issued enhanced guidance designed to strengthen protective efforts. While these were positive steps, we continued to observe deficiencies that exposed its critical systems to an increased risk of compromise. In several respects, these findings parallel those reported in 2005."
Department of Energy, Office of Inspector General, Report No. DOE/IG-0738
Department of Energy, Office of Inspector General: http://energy.gov/ig/