The GAO found that:
- The TVA's firewalls have been bypassed or are inadequately configured
- Passwords in use by TVA personnel are not effective
- Servers and work stations lack key patches and effective virus protection
- Intrusion-detection systems used by the TVA are not adequate
- Some locations lack enough physical security around control systems
Rep. James Langevin, a Rhode Island Democrat, is chairing an Emerging Threats, Cybersecurity, and Science and Technology subcommittee hearing Wednesday afternoon. Representatives of the TVA, the GAO, the federal commission and the electric reliability corporation are to appear before the subcommittee.
I find these results to be a little disturbing, but not terribly surprising. Information Systems security is a massively complex field, and changes on a daily basis. I also find it a little disturbing that we publish results detailing the exact vulnerabilities, almost as though we were trying to provide detailed attack plans to terrorists.
2 comments:
Why do these people publicize these horrible stories about their insufficiencies? Why can't this just get fixed without the terrorists and the whole freakin world know who stupid we are and how vulnerable we are, morons?
That's a good question. I think maybe the problem is that the TVA already knew about these problems... they'd been informed before, but hadn't done enough to remedy the situation. Hopefully this publicity will spur the TVA (and other utilities) to get off their butts and get this stuff fixed.
Post a Comment