The U.S. Department of Energy is routinely failing to secure unclassified IT systems in the nation’s critical infrastructure, an annual audit finds. The agency’s Inspector General report makes 54 different cybersecurity recommendations for the department’s CIO and security teams to follow. The audit is based on security evaluations conducted at 28 different Energy Department facilities. In one facility, for example, firewalls were misconfigured and allowed a general support network to inappropriately access two web servers on another network that support a primary industrial control system.”]
Source: https://www.cuinfosecurity.com/watchdog-finds-doe-falling-short-on-cybersecurity-a-13450