Watchdog raises concerns over Duke's request to recover $137M for cybersecurity upgrades