Energy Information:

Department of Energy Security Program Needs Effective Information Systems

IMTEC-92-10: Published: Oct 22, 1991. Publicly Released: Nov 27, 1991.

Additional Materials:

Contact:

Joel C. Willemssen
(202) 512-6253
contact@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

Pursuant to a congressional request, GAO reviewed information systems that support the Department of Energy's (DOE) security program, focusing on whether: (1) key information systems provide security managers with the information they need to ensure an effective security program; and (2) changes are needed to improve more efficient and effective systems.

GAO found that: (1) although the Office of Safeguards and Security's (OSS) information systems contain departmentwide data on security weaknesses and incidents, they lack the capability to analyze the data because the software was not designed to identify patterns and trends; (2) the Office of Security Evaluations' information system that tracks security weaknesses is also unable to analyze data for patterns and trends; (3) most field offices and most of the 10 security contractors reviewed lacked automated information systems to analyze security incident data; (4) because they receive raw data, security managers find it difficult to identify patterns and trends, hindering their ability to ensure that the security program is effective; (5) OSS managers may be unable to determine whether security weaknesses or incidents are efficiently and effectively resolved because the data in the headquarters systems are often unreliable; (6) DOE is operating incompatible security information systems that are unable to electronically exchange data; (7) DOE has not performed a comprehensive assessment of its information and information technology needs to achieve its security mission and related long-term objectives; and (8) although DOE has attempted to solve security information needs, its efforts have been uncoordinated and driven by individual contractors, field offices, and headquarters security offices.

Recommendations for Executive Action

  1. Status: Closed - Implemented

    Comments: Although DOE agreed with the recommendation, the Department has not fully implemented it. DOE has a departmentwide security information system, the Safeguards and Security Information Management System. DOE believes that this system helps staff to plan and manage security information resources departmentwide. An informal working group oversees this system. However, because the senior designated official for IRM oversees all IRM activities, DOE does not believe that it needs to designate a single organization to manage security information resources. DOE does not intend to take further action on this recommendation.

    Recommendation: The Secretary of Energy should assign to a single organization the leadership responsibility to plan and manage security information resources departmentwide and ensure that this organization has the authority to integrate and reconcile the needs of various security organizations.

    Agency Affected: Department of Energy

  2. Status: Closed - Implemented

    Comments: Although DOE agreed with this recommendation, DOE did not fully implement it. DOE did not write a separate strategic plan for the security program as GAO recommended. Instead, it input information to its Information Management Strategic Plan, issued in July 1994. DOE does not plan any further action on this recommendation.

    Recommendation: The Secretary of Energy should direct this organization to work with responsible program offices, field offices, contractors, and departmental IRM officials to: (1) make a comprehensive, strategic assessment of departmentwide information and information technology needs for the security program; and (2) develop an information architecture that efficiently and effectively supports departmentwide missions and goals.

    Agency Affected: Department of Energy

  3. Status: Closed - Implemented

    Comments: Although DOE agreed with the recommendation, DOE did not fully respond to it. DOE issued its strategic IRM plan in July 1994; however, this plan does not address security information planning activities separately from other IRM activities. Further, DOE has not yet developed an overall IRM architecture. DOE plans no further action on this recommendation.

    Recommendation: The Secretary of Energy should ensure that the Director of Administration and Human Resources Management, the designated senior IRM official, provides the leadership needed to: (1) link security information planning activities to the DOE overall strategic IRM planning process; and (2) ensure that responsible managers acquire and implement information systems that conform to the data and technology requirements of the architecture.

    Agency Affected: Department of Energy

 

Explore the full database of GAO's Open Recommendations »

Sep 14, 2016

Sep 8, 2016

Aug 11, 2016

Aug 9, 2016

Aug 4, 2016

Jul 15, 2016

Jul 14, 2016

Jun 20, 2016

Mar 3, 2016

Looking for more? Browse all our products here