Thursday, May 22, 2008

TVA Facilities Vulnerable to Cyber Attacks

CNN reported yesterday afternoon about a new study conducted by the GAO that shows that the TVA is inadequately protected from cyber attacks. The TVA operates 52 power plants in the southeastern U.S., including nuclear, hydropower, and coal facilities.

The GAO found that:
  • The TVA's firewalls have been bypassed or are inadequately configured
  • Passwords in use by TVA personnel are not effective
  • Servers and work stations lack key patches and effective virus protection
  • Intrusion-detection systems used by the TVA are not adequate
  • Some locations lack enough physical security around control systems

Rep. James Langevin, a Rhode Island Democrat, is chairing an Emerging Threats, Cybersecurity, and Science and Technology subcommittee hearing Wednesday afternoon. Representatives of the TVA, the GAO, the federal commission and the electric reliability corporation are to appear before the subcommittee.

I find these results to be a little disturbing, but not terribly surprising. Information Systems security is a massively complex field, and changes on a daily basis. I also find it a little disturbing that we publish results detailing the exact vulnerabilities, almost as though we were trying to provide detailed attack plans to terrorists.


Anonymous said...

Why do these people publicize these horrible stories about their insufficiencies? Why can't this just get fixed without the terrorists and the whole freakin world know who stupid we are and how vulnerable we are, morons?

Matt Metcalf said...

That's a good question. I think maybe the problem is that the TVA already knew about these problems... they'd been informed before, but hadn't done enough to remedy the situation. Hopefully this publicity will spur the TVA (and other utilities) to get off their butts and get this stuff fixed.