Strengthening Cyber Security

What Needs to Be Done | Key Reports

DOE expected to spend about $250 million in fiscal year 2008 to implement cyber security measures necessary to protect its information technology resources. However, a series of high-profile incidents at one of DOE's major laboratories has called the department's cyber security efforts into question. Identified problems include the following:

  • Certification and accreditation of DOE information systems across its facilities is not complete. Without proper certification and accreditation, DOE lacks assurance that its information systems and the data they contain are secure.
  • DOE also has yet to establish a complex-wide inventory of information systems.

While DOE has taken action to establish stronger cyber security policies and to revitalize its cyber security program, risks to the integrity of DOE’s classified and unclassified information systems remain higher than acceptable.

^ Back to topWhat Needs to Be Done

DOE needs to better link cyber security resource requirements and funding decisions to risk assessments and strengthening policies to reduce foreign nationals’—particularly those from sensitive countries—access to unclassified networks at DOE facilities.

Highlights of GAO-08-1001 (PDF)

^ Back to topKey Reports

Information Security

Actions Needed to Better Protect Los Alamos National Laboratory's Unclassified Computer Network
GAO-08-1001, Sep 26, 2008
More Reports More Results Toggle
GAO Contact
Portait of Gene Aloise

Eugene E. Aloise

Director, Natural Resources and Environment

aloisee@gao.gov

(202) 512-6870