Industry experts report that security challenges and threats are continually evolving as malicious activity has become more web-based and attackers are able to rapidly adapt
their attack methods. In addition, the number of data breaches continues to rise. In an
effort to mitigate and address threats and protect valuable information, the Department of
Energy anticipated spending about $275 million in Fiscal Year (FY) 2009 to implement
cyber security measures necessary to protect its information technology resources. These
systems and data are designed to support the Department's mission and business lines of
energy security, nuclear security, scientific discovery and innovation, and environmental
responsibility.
The Federal Information Security Management Act of 2002 (FISMA) provides direction
to agencies on the management and oversight of information security risks, including
design and implementation of controls to protect Federal information and systems. As
required by FISMA, the Office of Inspector General conducts an annual independent
evaluation to determine whether the Department's unclassified cyber security program
adequately protects its information systems and data. This memorandum and the
attached report present the results of our evaluation for FY 2009.
