Bonneville Power Administration Control System's Computer Security

B-211147: Published: Mar 18, 1983. Publicly Released: Nov 14, 1983.

Additional Materials:

Contact:

Walter L. Anderson
(202) 275-5044
contact@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

As part of its study of automatic data processing management at the Bonneville Power Administration (BPA), GAO reviewed computer security at the control system's Dittmer computer center.

GAO found that, although BPA has made some progress toward developing and implementing a computer security program agencywide, it needs to do more. Recently, BPA appointed a computer protection program manager, identified critical and sensitive data processing systems, and assessed risks and threats to the computer center. However, during its review of the center, GAO found that: (1) written computer security procedures had not been developed or implemented; (2) an automatic fire suppression system had not been installed; (3) physical access to the facility was not appropriately restricted; and (4) a contingency plan for implementation in the event that the computer becomes nonoperational had not been fully developed. GAO concluded that BPA must correct these problems at the computer center before it can fully install a computer security program.

Recommendations for Executive Action

  1. Status: Closed - Implemented

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: The Administrator of BPA should, after the security program is implemented, direct the chief auditor to periodically review the computer center's security program's implementation and its compliance with Office of Management and Budget Circular A-71 Transmittal Memorandum Number 1 and Department of Energy Order 1360.2.

    Agency Affected: Department of Energy: Bonneville Power Administration

  2. Status: Closed - Implemented

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: The Administrator of BPA should develop a time-phased action plan and feedback procedures to: (1) complete the Dittmer computer center security procedures; (2) install a fire suppression system at the computer center; (3) evaluate Division of System Operations policies and procedures regarding physical access to the computer center; and (4) complete, implement, and test the computer center's contingency plan.

    Agency Affected: Department of Energy: Bonneville Power Administration

 

Explore the full database of GAO's Open Recommendations »

Sep 14, 2016

Sep 8, 2016

Aug 11, 2016

Aug 9, 2016

Aug 4, 2016

Jul 15, 2016

Jul 14, 2016

Jun 20, 2016

Mar 3, 2016

Looking for more? Browse all our products here