The GAO found that:
- The TVA's firewalls have been bypassed or are inadequately configured
- Passwords in use by TVA personnel are not effective
- Servers and work stations lack key patches and effective virus protection
- Intrusion-detection systems used by the TVA are not adequate
- Some locations lack enough physical security around control systems
Rep. James Langevin, a Rhode Island Democrat, is chairing an Emerging Threats, Cybersecurity, and Science and Technology subcommittee hearing Wednesday afternoon. Representatives of the TVA, the GAO, the federal commission and the electric reliability corporation are to appear before the subcommittee.
I find these results to be a little disturbing, but not terribly surprising. Information Systems security is a massively complex field, and changes on a daily basis. I also find it a little disturbing that we publish results detailing the exact vulnerabilities, almost as though we were trying to provide detailed attack plans to terrorists.