The power grid program in question is in the Energy Department, and received a $3.5 billion infusion in the 2009 stimulus package. That money was awarded to 99 recipients, with individual grants ranging up to $200 million.
In a January report, the inspector general for the Energy Department found “shortcomings” in those recipients’ cybersecurity plans.
Though the projects are still being developed, the report noted that “existing gaps … could allow system compromise before controls are implemented.”
In one instance, the report said an unnamed recipient had never conducted a “formal risk assessment” — without which, “threats and weaknesses may go unidentified and expose the recipient’s systems to an unacceptable level of risk.”
The IG report said 36 of the 99 cybersecurity plans were “lacking” in at least one area. Though the Energy Department told the recipients to update their plans, the report found “the initial weaknesses had not always been addressed.” Read more