|
 |
 |
|
Stimulus grants left power grid vulnerable to cyber attacks
The Department of Energy's rush to award stimulus grants for projects under the next generation of the power grid, known as the Smart grid, resulted in some firms receiving funds without submitting complete plans for how to safeguard the grid from cyber attacks, according to an inspector general's report.
"Officials approved cyber security plans for Smart Grid projects even though some of the plans contained shortcomings that could result in poorly implemented controls," states the report. "We also found that the Department was so focused on quickly disbursing Recovery Act funds that it had not ensured personnel received adequate grants management training."
According to the report, 36 percent of the grant applications submitted were lacking one or more elements in their cybersecurity plans. Three out of the five cybersecurity plans reviewed by the IG were incomplete, and often didn't address weaknesses previously identified by the Energy Department.
"Likewise, approved elements that were not well-defined in the plan could leave the system susceptible to compromise even after the cyber security plan had been fully implemented."
The IG recommended the Energy Department ensure grantees' cybersecurity plans are complete, containing thorough descriptions of potential risks and mitigation strategies.
The Energy Department generally concurred with the report's recommendations, but noted "that there are currently no federal or state standards or regulations that mandate cyber security processes or practices for electric distribution systems."
The Senate is expected to take up legislation this week that would establish federal cybersecurity regulations for electric grid providers and other industrial sectors deemed part of the nation's critical infrastructure.
Most Viewed RSS Feed »
