Did DOE Rush to Give Away Stimulus Compromise National Security?

The hurry to take advantage of funds appropriated through the Recovery Act for “shovel ready” projects impelled the federal agencies – especially the Department of Energy – to hastily allocate the money, and as a result taxpayer money flowed to projects marred by fraud, corruption, poor workmanship, failing companies, and crony corporate socialism.

And now DOE Inspector General Gregory Friedman has discovered the rush to distribute stimulus money may have compromised national security. In an audit report of the department’s management of the Smart Grid Investment Grant Program, which received $3.5 billion to modernize and improve the reliability of the U.S. power grid, the IG found that grant recipients’ plans to prevent “malicious cyber attacks” were often inadequate.

“In our review of security plans,” the report said, “we noted that the plans did not always include sufficient information related to risk assessments and/or other important elements, and, that they did not fully address many of the weaknesses initially identified by the Department.”

Friedman’s office undertook the audit after it found holes in the Federal Energy Regulatory Commission’s monitoring processes of cyber grid security, and after the Government Accountability Office discovered weaknesses in the “implementation and enforcement of Smart Grid cyber-security guidelines.” The shortcomings were identified in two separate reports issued a year ago.

In the new IG report, auditors found that three of the five cyber-security plans studied were incomplete, with insufficient explanations of controls and implementation. The IG also determined that of the 99 cyber-security measures submitted as part of grant applications, more than one-third were found lacking. Auditors attributed the deficiencies to DOE’s desire to issue Recovery Act funds swiftly.

“The issues we found were due, in part, to the accelerated planning, development, and deployment approach adopted by the Department for the SGIG program…,” the report said. “We also found that the Department was so focused on quickly disbursing Recovery Act funds that it had not ensured personnel received adequate grants management training. Without improvements, there remains a risk that the goals and objectives of the Smart Grid program may not be fully realized.”

For its part, DOE’s Office of Electricity Delivery and Energy Reliability responded that while the “bulk electricity system” has security standards, “there are no federal or state cyber-security standards or regulations that define cyber processes or practices for electric distribution systems.” Digging deeper into the government jargon handbook, the IG contended that the Smart Grid Investment Grant Program, which received the stimulus funds, required “detailed descriptions of the recipient’s risk assessment and mitigation processes and other standards to which the projects would adhere.”

Ironically, the Obama administration in the past year has issued a series of reports and releases that address the issue of grid cyber-security. Last February DOE announced the launch of a new cyber-security initiative for the electrical grid. In June last year the administration issued “A Policy Framework for the 21st Century Grid: Enabling Our Secure Energy Future.” DOE followed in September with its “Roadmap to Achieve Energy Delivery Systems Cybersecurity.” Then the beginning of this month DOE launched its “Electric Sector Cyber-security Risk Management Maturity” project, which may have been inspired by the pending release of the IG’s critical report.

Since the grant process of Recovery Act funds began in 2009, Inspector General Friedman has regularly issued reports and given testimony that addressed lax oversight, conflicts of interest, insufficient documentation, and an overall unpreparedness of DOE to administer the sudden influx of billions of dollars to be awarded to recipients. In November he told members of the House Oversight and Government Reform Committee that “the Loan Guarantee Program had not properly documented, and as such could not always readily demonstrate, how it resolved or mitigated relevant risks prior to granting loan guarantees.” That lapse, and/or the administration’s desire to grant favor to Obama cronies like Solyndra investor George Kaiser, led to a taxpayer-backed loan of $535 million which vanished after the suspect solar company went bankrupt late last year.

Friedman also painted a picture of an entire cabinet agency unprepared for the flood of stimulus money it was suddenly given to distribute, and incapable of tracking it both administratively and ethically.

“To date, our Recovery Act-related investigations have resulted in over $2.3 million in monetary recoveries as well as five criminal prosecutions,” Friedman testified. “This includes a series of cases involving fictitious claims for travel per diem resulting in the recovery of $1 million alone in Recovery Act funds.”

Friedman also told Congress members at the time that DOE was overwhelmed by the sudden influx of billions of dollars from the Recovery Act, which came with the expectation that “shovel ready” jobs would receive rapid funding so as to stimulate employment growth.

“The concept of ‘shovel ready’ projects became a Recovery Act symbol of expeditiously stimulating the economy and creating jobs,” Friedman said. “In reality, few actual ‘shovel ready’ projects existed.”

That didn’t stop the money from flowing to unworthy ventures. One example he cited in the weatherization program found that a contractor favored employees and relatives as beneficiaries, which disadvantaged qualified elderly and handicapped applicants.

That program, already known as a boondoggle thanks to outside watchdogs, was just the beginning. Friedman told the committee his office had initiated more than 100 criminal investigations, which involved “various schemes” that included “the submission of false information, claims for unallowable or unauthorized expenses, and other improper uses of Recovery Act funds.” The Inspector General also was not optimistic that his burden would lessen any time soon, since Recovery Act funds are only beginning to be spent. He told the committee he expects investigations to “continue for some time.” 

That the push to step up the delivery of stimulus funds to applicants led to a compromise in accountability does not inspire confidence. It’s disconcerting enough that DOE overseers were lax in their scrutiny, leading to taxpayer support for unworthy recipients such as bankrupt Solyndra and Ener1 (which filed for bankruptcy last week), in addition to the fraudsters who applied for weatherization program grants. 

If public money flowed to the criminal element in other programs, and now cyber-security scrutiny of the Smart Grid program was not what it should be, then the whole Recovery Act enterprise is suspect — and it goes beyond just the waste of taxpayer money.

Paul Chesser is an associate fellow for the National Legal and Policy Center.