The Federal Energy Regulatory Commission (Commission) is responsible for regulating and
overseeing the interstate transmission of natural gas, oil and electricity in addition to numerous
other natural gas and hydroelectric projects. The regulations set forth by the Commission are
designed to meet the economic, environmental and safety interests of the Nation. The
Commission gathers and analyzes massive amounts of data regarding the energy markets, using a
wide range of information technology (IT) resources. As with other Federal agencies or private
institutions, the threat of a breach or loss of IT assets or information they contain continues to
increase as cyber attacks become more sophisticated and prevalent. To protect against such
threats, the Commission expected to spend over $3.5 million during Fiscal Year (FY) 2010 to
secure its IT assets.
The Federal Information Security Management Act of 2002 (FISMA) provides direction to
agencies on the management and oversight of information security risks. Under FISMA's
requirements, the Office of Inspector General conducts an annual independent evaluation to
determine if the Commission's unclassified cyber security program is properly aligned with
FISMA. This report presents the results of our evaluation for FY 2010.
