Skip to main content

Information Security: TVA Needs to Enhance Security of Critical Infrastructure Control Systems and Networks

GAO-08-775T Published: May 21, 2008. Publicly Released: May 21, 2008.
Jump To:
Skip to Highlights

Highlights

The control systems that regulate the nation's critical infrastructures face risks of cyber threats, system vulnerabilities, and potential attacks. Securing these systems is therefore vital to ensuring national security, economic well-being, and public health and safety. While most critical infrastructures are privately owned, the Tennessee Valley Authority (TVA), a federal corporation and the nation's largest public power company, provides power and other services to a large swath of the American Southeast. GAO was asked to testify on its public report being released today on the security controls in place over TVA's critical infrastructure control systems. In doing this work, GAO examined the security practices in place at TVA facilities; analyzed the agency's information security policies, plans, and procedures in light of federal law and guidance; and interviewed agency officials responsible for overseeing TVA's control systems and their security.

Full Report

GAO Contacts

Office of Public Affairs

Topics

Anti-virus softwareComputer networksComputer securityComputer systemsComputer virusesCritical infrastructureCyber securityFacility securityFirewallsIndependent regulatory commissionsIndustrial facilitiesInformation infrastructureInformation managementInformation securityInformation security managementInformation security regulationsInformation systemsInternal controlsIntrusion detection systemsPasswordsPhysical securityPolicy evaluationProgram evaluationProgram managementRisk assessmentSecurity threatsSystem vulnerabilitiesSystems evaluationSystems integritySystems managementSystems monitoringTerrorismPolicies and proceduresProgram implementation