September 13, 2002

Remote Access To Unclassified Information Systems

Like most private sector and government organizations, the Department of Energy has an aggressive program to provide its Federal and contractor personnel with the ability to remotely access a number of unclassified information systems. Such access allows travelers, telecommuters and those who occasionally work off-site to more easily perform businessrelated functions from remote locations. Personnel are able, for example, to retrieve electronic mail, access business or other operational systems and administer systems or networks by using government or privately-owned computer equipment. Generally, remote access to the Department's networks is achieved through dial-in modems or through internet connections. While the benefits of such access are clear, there is a corresponding increase in certain inherent risks, most importantly, the potential for unauthorized access to the Department's information systems. Based on several recent investigative cases relating to attempts to intrude into the Department's systems, we initiated this audit designed to assess the Department's performance in managing the risk associated with remote access to unclassified information systems.