New Energy Department cybersecurity office burned $2.1M on 'unused software': IG report

This week's Golden Horseshoe is awarded to the Department of Energy's cybersecurity office for spending $2.1 million for software it did not use, part of a broader pattern of deficiencies in budgetary oversight and workforce management planning.

A recent Office of Inspector General report investigated several allegations it received about questionable spending and a lack of internal controls at the DOE's Office of Cybersecurity, Energy, Security and Emergency Response, which was formed to protect the nation's energy infrastructure.

The investigation substantiated that "CESER purchased $2.1 million in cybersecurity data analysis software licenses which were to be used to monitor utility companies," according to the inspection report, and "only a limited number of the licenses were provided to monitor utility companies more than a year after acquiring the software."

As a result, CESER "spent $2.1 million more than necessary for unused software," the watchdog concluded.

The inspection also identified a broader pattern of lax internal financial controls and inadequate workforce management planning within CESER. 

Specifically, "written internal control policies and procedures were not developed for CESER to help ensure appropriate funds management," the IG found. "Further, a workforce management plan had not been developed, which could have guided the hiring of full-time budget personnel to oversee expenditures. These issues were particularly concerning because CESER's September 2019 Assurance Memo, which is required by the Federal Managers' Financial Integrity Act, asserted that CESER internal controls were operating effectively."

CESER, which was established in 2018 to protect America's energy infrastructure and address emerging threats, has received $275 million in funding since its inception. The agency's budget has increased each year, and in FY2021 it requested $185 million, up from $156 million in FY2020.