A U.S. Department of Energy nuclear site is noticeably lacking on the cybersecurity front, which could jeopardize data and systems there, according to an inspector general audit made available this month.
A report memo does not specify the site in question, citing the "sensitive nature of the vulnerabilities identified during our audit." Officials were provided detailed information about the gaps, according to the July 19 memo, which was addressed to DOE Office of Environmental Management leadership.
The site's management concurred with recommendations made, according to the memo, and said changes were planned.
Nothing in the memo indicates the audited – and troubled – installation was the Savannah River Site.
The audit was initiated to determine if the site's cybersecurity program was on par with federal and Energy Department standards. It wasn't.
"We identified weaknesses related to vulnerability and configuration management, logical and physical access controls, contingency planning, and continuous monitoring," reads the memo from Sarah Nelson, the assistant inspector general for technology, financial and analytics.
Information systems at the examined site are used to support the cleanup mission there, chiefly for human resources, contracting, finance and logistics purposes.
A limited amount of cybersecurity resources hampered efforts at the site, per the memo.
Environmental Management, established in 1989, oversees the ongoing remediation of 16 sites across the country. That includes SRS.