October 25, 2010

The Federal Energy Regulatory Commission's Unclassified Cyber Security Program – 2010

The Federal Energy Regulatory Commission (Commission) is responsible for regulating and overseeing the interstate transmission of natural gas, oil and electricity in addition to numerous other natural gas and hydroelectric projects. The regulations set forth by the Commission are designed to meet the economic, environmental and safety interests of the Nation. The Commission gathers and analyzes massive amounts of data regarding the energy markets, using a wide range of information technology (IT) resources. As with other Federal agencies or private institutions, the threat of a breach or loss of IT assets or information they contain continues to increase as cyber attacks become more sophisticated and prevalent. To protect against such threats, the Commission expected to spend over $3.5 million during Fiscal Year (FY) 2010 to secure its IT assets. The Federal Information Security Management Act of 2002 (FISMA) provides direction to agencies on the management and oversight of information security risks. Under FISMA's requirements, the Office of Inspector General conducts an annual independent evaluation to determine if the Commission's unclassified cyber security program is properly aligned with FISMA. This report presents the results of our evaluation for FY 2010.

Topic: National Security & Safety