The Department of Energy (DoE) needs to invest in and implement enterprise-wide data analytics capabilities in order to better identify and mitigate risk, according to a new report from the DoE Office of Inspector General (OIG).
The OIG notes that DoE’s private sector peers are turning to technology and using data analytics to improve their own risk posture. If DoE wants to keep pace with the private sector, the OIG says the agency needs to “act now” to use data analytics to modernize its own operations.
“Although the department considers enterprise-wide risks in its decision making, it does so in a fragmented fashion by aggregating risks identified by each element rather than by examining risks from an enterprise-wide perspective,” the report says.
“This element-based approach, which reflects the department’s decentralized management and operating culture, yields gaps in information that could be detected with the use of enterprise-wide, data-informed analytical models and processes,” it adds. “These information gaps create blind spots in the universe of data that, if captured, could be used to more efficiently identify, track, and respond to risks across the department.”
The OIG said that it has previously brought up the benefits of integrated data analytics to the department. The department’s submissions for the fiscal year (FY) 2026 President’s Budget offer an opportunity “to take concrete action,” the report says.
Additionally, the OIG says that the Office of Management and Budget (OMB) and the Office of the National Cyber Director (ONCD) issued public budget guidance for cybersecurity priorities in the FY2025 and FY2026 President’s budgets.
Both documents request agencies to address government-wide cybersecurity risks in their budgets. In fact, the current guidance requires, “Agency budget submissions should demonstrate how agencies are reducing risk.”
The report does not contain formal recommendations, but the OIG is offering several considerations for DoE. These include that it start with the identification and treatment of the highest enterprise-wide risks, continue with analysis and integration of risks defined by the elements, and then expand to the execution of risk management governance practices as the underlying capabilities mature.
This approach includes reviewing its alignment with OMB’s published budgetary guidance among other guidance, according to the OIG.
In response to the report, DoE said “DoE’s budget reflects the priorities of the department’s leadership.” Nevertheless, the department said it will “continue to consider and determine future enhancements and beneficial applications of data analytics across the department to further integrate risk management at the enterprise level.”
