March 30, Infosecurity – (National) Serious cybersecurity lapses found at Pacific Northwest electricity supplier. The Department of Energy (DOE) identified serious cybersecurity gaps at the Bonneville Power Administration, which supplies wholesale electric power to regional utilities in the Pacific Northwest, Infosecurity reported March 30. An audit by DOE’s Office of the Inspector General (OIG) found Bonneville did not implemented controls designed to address known IT system vulnerabilities. “Specifically, technical vulnerability scanning conducted on nine applications used to support business functions such as financial management, human resources, and security management identified a significant number of high-risk weaknesses in the areas of access controls, patch management, and validation of user input,” according to the audit. In addition, OIG’s testing of five operational security control systems identified issues with configuration management, access controls, and contingency and security planning. A number of IT system development efforts suffered from cost, scope, and schedule overruns due to weaknesses in project planning and management.
Ali Loney, on March 30, 2012