Type: Case Study
Department: Energy Information Administration (EIA)
Agency: U.S. Department of Energy (DOE)
Office of Information Technology (OIT) had no accepted or written policies for critical infrastructure management functions. Consequently, conflicting or unclear rules existed for decision-making and response actions, staff were unsure of their specific roles and responsibilities leading to finger pointing and disagreements, severe security incidents were not responded to in a timely or effective manner, and management had no framework for monitoring and enforcing compliance with Federal and Departmental regulations and requirements.