funsec mailing list archives

Previous By Date Next
Previous By Thread Next

GAO: TVA Power Plants Vulnerable to Cyber Attacks

From: "Paul Ferguson" <fergdawg () netzero net>
Date: Wed, 21 May 2008 06:16:01 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Via The Washington Post.

[snip]

The Tennessee Valley Authority (TVA), the nation's largest public power
company, is vulnerable to cyber attacks that could sabotage critical
systems that provide electricity to more than 8.7 million people, according
to a Government Accountability Office report to be released today.

The report was requested by a House Homeland Security panel on cyber
security, which is expected to hear testimony today from the Federal Energy
Regulatory Commission about gaining additional authority to require
electric utilities to implement added cyber-security measures.

The GAO found that TVA's Internet-connected corporate network was linked
with systems used to control power production, and that security weaknesses
pervasive in the corporate side could be used by attackers to manipulate or
destroy vital control systems. As a wholly owned federal corporation, TVA
must meet the same computer security standards that govern computer
practices and safeguards at federal agencies.

The GAO also warned that computers on TVA's corporate network lacked
security software updates and anti-virus protection, and that firewalls and
intrusion detection systems on the network were easily bypassed and failed
to record suspicious activity.

[snip]

More:
http://www.washingtonpost.com/wp-dyn/content/article/2008/05/20/AR200805200
2354.html

Gives you the warm fuzzies, no?

- - ferg

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.3 (Build 3017)

wj8DBQFIM7u8q1pz9mNUZTMRAp/aAJ4z8JvLBOGTh6OkRj24dik3GNzA4ACgglte
CUR+PX0xZ8xhGar0poJZcjU=
=LfMn
-----END PGP SIGNATURE-----


--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: