WASHINGTON (Reuters) - The U.S. Department of Energy has been hit by recent successful cyber attacks and needs to do more to protect its computer systems, the department’s internal watchdog said in a report on Monday.
The report by the department’s inspector general did not disclose who launched the cyber attacks or the consequences at four affected locations.
The Department of Energy (DOE) has dozens of agencies, regional offices and laboratories. Among other tasks, it manages the U.S. nuclear weapon stockpile through its National Nuclear Security Administration.
The audit found a growing number of weaknesses in the department’s computer systems.
The report said investigators found 60 percent more weaknesses in the DOE’s computer systems than during a similar audit in 2010, making this the second year in a row that the number of problems has jumped. The DOE fixed only 11 of 35 weaknesses identified in the prior audit, the report said.
“Continued vigilance is necessary due to the recent department incidents and increased cyber attacks by both domestic and international sources,” the report said, noting that the department’s computer systems are “routinely threatened with sophisticated cyber attacks.”
The report, which covered the 2011 fiscal year that ended September 30, did not state when the attacks occurred, other than describing them as “recent successful attacks.”
It also did not state explicitly that the National Nuclear Security Administration had been a target of the attacks, but the agency defended itself.
The National Nuclear Security Administration criticized the report for failing to recognize the effectiveness of its “layered” approach to cybersecurity, calling some of the problems identified in the report “isolated issues.”
“We are concerned that a casual reader of this report might not fully understand that the findings, while important, do not represent demonstrated risks,” Kenneth Powers, the agency’s associate administrator for management and budget, said in a letter to the DOE Inspector General.
The report said the department has begun to fix many of the problems identified in the audit.
Cybersecurity has become a major issue across the U.S. government, with attacks against all agencies’ systems up almost 40 percent last year, the report said.
The audit, conducted between February and October, found examples of poor management of computer access codes and passwords and failure to use up-to-date security measures on some computers and systems to protect against viruses and hackers.
A department spokesman was not immediately available for comment on Monday.
Editing by Will Dunham