[funsec] GAO: TVA Power Plants Vulnerable to Cyber Attacks
fergdawg at netzero.net
Wed May 21 01:16:01 CDT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Via The Washington Post.
The Tennessee Valley Authority (TVA), the nation's largest public power
company, is vulnerable to cyber attacks that could sabotage critical
systems that provide electricity to more than 8.7 million people, according
to a Government Accountability Office report to be released today.
The report was requested by a House Homeland Security panel on cyber
security, which is expected to hear testimony today from the Federal Energy
Regulatory Commission about gaining additional authority to require
electric utilities to implement added cyber-security measures.
The GAO found that TVA's Internet-connected corporate network was linked
with systems used to control power production, and that security weaknesses
pervasive in the corporate side could be used by attackers to manipulate or
destroy vital control systems. As a wholly owned federal corporation, TVA
must meet the same computer security standards that govern computer
practices and safeguards at federal agencies.
The GAO also warned that computers on TVA's corporate network lacked
security software updates and anti-virus protection, and that firewalls and
intrusion detection systems on the network were easily bypassed and failed
to record suspicious activity.
Gives you the warm fuzzies, no?
- - ferg
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.3 (Build 3017)
-----END PGP SIGNATURE-----
"Fergie", a.k.a. Paul Ferguson
Engineering Architecture for the Internet
ferg's tech blog: http://fergdawg.blogspot.com/
More information about the funsec