An official website of the United States government
Here's how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Brought to you by the Council of the Inspectors General on Integrity and Efficiency
Federal Reports
Report Date
Agency Reviewed / Investigated
Report Title
Type
Location
Environmental Protection Agency
Management Implication Report: Cybersecurity Concerns Related to Drinking Water Systems
The passive assessment covered 1,062 drinking water systems for cybersecurity vulnerabilities that serve over 193 million people across the United States. Scan results for October 8, 2024, identified 97 drinking water systems serving approximately 26.6 million users as having either critical or high-risk cybersecurity vulnerabilities. Although not rising to a level of critical or high-risk cybersecurity vulnerabilities, an additional 211 drinking water systems, servicing over 82.7 million people, were identified as medium and low by having externally visible open portals. If malicious actors exploited the cybersecurity vulnerabilities identified in this passive assessment, they could disrupt service or cause irreparable physical damage to drinking water infrastructure. While attempting to notify the EPA about the cybersecurity vulnerabilities, the OIG found that the EPA does not have its own cybersecurity incident reporting system that water and wastewater systems could use to notify the EPA of cybersecurity incidents.
The U.S. Department of Agriculture Office of Inspector General’s Annual Plan for Fiscal Year 2025 describes how OIG plans to accomplish its mission of promoting economy, efficiency, effectiveness, and integrity in the delivery of USDA programs during the fiscal year.
The report contains an unmodified opinion on Natural Resources Conservation Service’s (NRCS) financial statements as of September 30, 2024 and 2023, as well as an assessment of NRCS’ internal controls over financial reporting and compliance with laws and regulations.
The NRC OIG contracted with Sikich to audit the FY 2024 financial statements of the United States Nuclear Regulatory Commission (NRC). Sikich found:
• The financial statements as of and for the fiscal year ended September 30, 2024, are presented fairly, in all material respects, in accordance with accounting principles generally accepted in the United States of America;
• The NRC maintained, in all material respects, effective internal control over financial reporting as of September 30, 2024; and,
• No reportable noncompliance for fiscal year 2024 with provisions of applicable laws, regulations, contracts, and grant agreements we tested.
The report contains an unmodified opinion on Federal Crop Insurance Corporation/Risk Management Agency's (FCIC/RMA) financial statements as of September 30, 2024, as well as an assessment of FCIC/RMA’s internal controls over financial reporting and compliance with laws and regulations.
