Expand / Collapse search
Watch TV
Menu

This material may not be published, broadcast, rewritten, or redistributed. ©2024 FOX News Network, LLC. All rights reserved. Quotes displayed in real-time or delayed by at least 15 minutes. Market data provided by Factset. Powered and implemented by FactSet Digital Solutions. Legal Statement. Mutual Fund and ETF data provided by Refinitiv Lipper.

Politics

Watchdog finds cybersecurity 'shortcomings' with stimulus-backed power grid program

By Fox News
Published | Updated
Smart Grid Communication

Shown here are power lines in Essex Junction , Vt. (AP)

A multibillion-dollar stimulus push to modernize the nation's power grid is raising cybersecurity concerns, as the Department of Energy's official watchdog reports that dozens of grant recipients came to the table with inadequate security plans.

The finding comes amid new warnings about cybersecurity threats, and a rash of international cyber attacks.

The power grid program in question is in the Energy Department, and received a $3.5 billion infusion in the 2009 stimulus package. That money was awarded to 99 recipients, with individual grants ranging up to $200 million.

In a January report, the inspector general for the Energy Department found "shortcomings" in those recipients' cybersecurity plans.

Though the projects are still being developed, the report noted that "existing gaps ... could allow system compromise before controls are implemented."

In one instance, the report said an unnamed recipient had never conducted a "formal risk assessment" -- without which, "threats and weaknesses may go unidentified and expose the recipient's systems to an unacceptable level of risk."

The IG report said 36 of the 99 cybersecurity plans were "lacking" in at least one area. Though the Energy Department told the recipients to update their plans, the report found "the initial weaknesses had not always been addressed."

The report did not detail where exactly each company ran afoul of the guidelines, but said the cybersecurity plans are supposed to show how the recipients would prevent, detect and respond to security problems. The inspector general's office found three of the five cybersecurity plans it reviewed were "incomplete" and did not always explain how their security controls would be carried out.

The office blamed that and other concerns in part on the rush to implement the program.

"The issues we found were due, in part, to the accelerated planning, development, and deployment approach adopted by the Department for the SGIG program," the report said. "We also found that the Department was so focused on quickly disbursing Recovery Act funds that it had not ensured personnel received adequate grants management training."

The Energy Department has vowed to address the problem, in part by having experts review the cyber plans and recommend changes after making annual site visits.

In a November letter to the inspector general's office, Energy Assistant Secretary Patricia Hoffman said the grid office wants to "ensure that recipients do not place the power system at risk."

She said the office would make sure cybersecurity plans "are complete and are being implemented properly," and said grant recipients will be required to update their plans no later than April 30.

More from Politics