The computer networks operated by the commission that enforces cybersecurity standards for most of the nation's power plants are themselves vulnerable to cyberattacks, because it failed to comply with federal information security requirements, according to a report released by the Energy Department's inspector general. The Federal Energy Regulatory Commission -- which regulates significant portions of the U.S. energy industry, including deployment of security standards at power plants -- did not document information that could be deemed sensitive and how that data should be protected, according to an inspector general audit. The failure to do so violates National Institute of Standards and Technology requirements and the 2002 Federal Information Security Management Act to ensure such security controls are in place to protect sensitive information.

For more information:
http://www.nextgov.com/nextgov/ng_20091104_2381.php?oref=topnews