December 12, 2003

Implementation of Indications, Warning, Analysis and Reporting Capability

A significant number of the Department of Energy (Department) sites were not taking appropriate action to report computer attacks, probes, or compromises. Specifically, computer incidents were not always being reported to the Computer Incident Advisory Capability (CIAC) as required by Departmental guidance. Office of Inspector General Technology Crimes Section (Technology Crimes) and Federal counterintelligence officials were also not always notified of incidents as appropriate.