The GAO says the Tennessee Valley Authority must bolster its cybersecurity, citing risk that the power company's critical ops could be hackedInvestigators have found numerous instances in which the nation's largest public power company, the Tennessee Valley Authority (TVE), is "vulnerable to disruption" by cyberintrusions. The concern: Hackers could seize control of critical operations in TVA's many electric plants—including those that are nuclear powered—as well as its transmission grid, flood control, and water systems.
A report by the General Accountability Office (GAO), identified as 08-459SU and marked "for limited official use only," includes 73 specific recommendations for security fixes so sensitive they are to be withheld today when the GAO releases a public version with 19 general recommendations, all of which TVA agrees with.
The report's findings alarmed TVA's own executives. At a May 2 meeting with congressional investigators and U.S. Homeland Security Dept. officials, TVA urged GAO, the investigatory arm of Congress, to modify wording and make public few details rather than raise public concerns or risk providing a road map for hackers. The public version of the report, which was requested by Republicans and Democrats on congressional homeland security committees to follow up on previous concerns about cyberthreats, is to be released at a May 21 hearing at 2 p.m. ET. BusinessWeek obtained a draft.
Read More
