Voice over Internet Protocol (VoIP) is being adopted by organizations big and small because of the many options this communications solution offers. With VoIP technology, customers are able to consolidate their resources, reduce their reliance on the public switched telephone networks, transmit data and voice over a single network, and dramatically reduce costs. One of the organizations that have implemented VoIP as part of its communication solution is the Department of Energy (DOE). The DOE deployed VoIP networks at more than 14 locations around the country at a cost of more than $56 million to harness all the potential that VoIP offers.
A recent story on blogs.rollcall.com looked at the recent audit the DOE's inspector general conducted regarding the agency's deployment of VoIP. According to the actual audit, the main objective was to determine if the DOE was efficient in the planning and implementation of its VoIP telecommunications network as well as using best security practices.
The audit was conducted from November 2012 to June 2014, at various DOE offices including Oak Ridge National Laboratory, the Y-12 National Security Complex, East Tennessee Technology Park, Oak Ridge Associated Universities and the Oak Ridge Office; Pacific Northwest National Laboratory, Richland Operations Office and the Hanford Site; the Los Alamos National Laboratory; and at Sandia National Laboratories.
The audit evaluated the Department's policies and procedures regarding the communications equipment; costs associated with the Department's implementation of VoIP networks; and protective measures to determine if both physical and cyber-related vulnerabilities had been considered for the Department's communications infrastructure. Additionally it determined whether a risk-based approach had been implemented to assist in the security of communications equipment; it reviewed actions taken to address prior findings and recommendations relevant to this audit area; and it identified opportunities for improving the Department's management of its unclassified communications resources.
Based on these assessments, the inspector general determined there were opportunities to improve the efficiency and enhance the cyber-security of the VoIP networks. They recommended the Under Secretary for Nuclear Security, the Deputy Under Secretary for Science and Energy, and the Deputy Under Secretary for Management and Performance, in coordination with the Department's and National Nuclear Security Administration's Chief Information Officers to:
1. Develop and implement an enterprise-wide telecommunications strategy that leverages existing resources; encourages communication, cooperation and planning by and among programs and sites; and eliminates unnecessary duplication and excess capacity; and
2. Ensure effective performance monitoring to strengthen cyber security over VoIP systems and networks, including correcting, through the implementation of appropriate controls, the cyber security weaknesses identified in this report.
Whether it is the DOE or a small business, security is a very important component in today's digital environment. Because VoIP uses the Internet, it is vulnerable to the same threats any online portal faces, and it is therefore incumbent for organizations to employ the best available security solutions to ensure that everyone who uses the VoIP network is protected.