The Department of Energy’s Ransomware Countermeasures and Response

Date Issued

Wednesday, May 29, 2024

Submitting OIG

Department of Energy OIG

Other Participating OIGs

Department of Energy OIG

Agencies Reviewed/Investigated

Department of Energy

Report Number

DOE-OIG-24-18

Report Type

Audit

Agency Wide

Yes

Number of Recommendations

Questioned Costs

Funds for Better Use

Open Recommendations

This report has 5 open recommendations.

Recommendation Number	Significant Recommendation	Recommended Questioned Costs	Recommended Funds for Better Use
5	No	$0	$0
Ensure that the contractual requirements included in applicable Department directives are flowed down to the support subcontractors or define specific reporting requirements for when an event occurs such as a ransomware attack.
4	No	$0	$0
Implement more effective oversight of data protection by the Information Technology Services Directorate, such as a review process, to determine what data should be backed up and ensure that appropriate corrective actions are taken.
3	No	$0	$0
Develop and conduct contingency plan and incident response testing exercises that include and/or mimic a ransomware event and incorporate the lessons learned into the site’s recovery and response capabilities.
2	No	$0	$0
"Develop and implement a process to perform continuous monitoring activities to fully evaluate third-party providers’ information technology environments for security changes or threats."
1	No	$0	$0
Conduct an analysis or risk assessment that evaluates ransomware threats and the cost to fully recover from a ransomware event, including considerations in the Department’s guidance on Analyzing Ransomware Risk: A Blueprint for Quantification.