Artificial Intelligence & Machine Learning,
Government,
Industry Specific
New Report Indicates Shortcomings in DOE’s Cybersecurity and AI Governance Amid Rapid Technological Advancement
The U.S. Department of Energy (DOE) is entering 2026 amidst growing concerns regarding its lagging governance in relation to the rapid deployment of technologies, specifically artificial intelligence (AI) and cybersecurity. A newly released inspector general report underscores these elements as critical management challenges facing the agency.
Highlighting AI and cybersecurity management as significant enterprise-wide gaps, the report indicates that the DOE’s centralized structure and contractor-reliant operational model hinder effective governance. Without enhanced coordination and oversight, the rising dependence on advanced digital systems could render critical infrastructure vulnerable to operational disruptions and security threats.
Cybersecurity has emerged as a predominant risk, particularly with increasing threats originating from state-sponsored actors and criminal organizations targeting vital infrastructure across the nation. The auditors specifically cite DOE’s decentralized security model as a contributing factor to these vulnerabilities, allowing local leadership substantial leeway to adjust controls based on mission demands.
This flexibility, however, has been detrimental to centralized oversight, limiting the ability of the Office of the Chief Information Officer to manage risk effectively at the enterprise level. Furthermore, the assessment reveals a lack of structured protocols to collect and analyze real-time cybersecurity data within the department, complicating efforts to identify systemic weaknesses and emerging threats.
The review also noted a disconnect where some facilities continue to assess against outdated federal cybersecurity requirements, despite the existence of updated guidance. Funding disparities have resulted in uneven implementation of new requirements, with some sites prioritizing local directives over overarching DOE standards. Such inconsistencies pose substantial risks to the security of the department’s operations.
The DOE has been expanding its applications of AI across various domains, including national security and energy management, leveraging technologies developed in national laboratories. Nevertheless, the report warns that the pace at which these technologies are being integrated is outpacing the establishment of a robust governance framework necessary for effective risk management.
Published in October, the DOE’s AI strategy outlines a range of ambitious initiatives such as automating permitting processes, improving energy systems modeling, and enhancing critical infrastructure security. However, the document also cautions that technological tools alone will not suffice to remedy the structural inadequacies identified in the report.
