[SCADASEC] GAO: TVA Power Plants Vulnerable to Cyber Attacks
ljknews
ljknews at mac.com
Wed May 21 09:12:05 CDT 2008
At 6:42 AM -0700 5/21/08, Joe Weiss wrote:
> TVA as a Federal agency must meet NIST SP800-53. It is MORE STRINGENT
> than any non-federal electric utility needs to meet.
> Via The Washington Post.
> The GAO also warned that computers on TVA's corporate network lacked
> security software updates and anti-virus protection, and that firewalls
> and
> intrusion detection systems on the network were easily bypassed and
> failed
> to record suspicious activity.
That description indicates that TVA was not in compliance with
NIST SP 800-53 (required for both corporate and SCADA systems).
Being subject to 800-53 is no safer than being subject to
weaker standards. Only if one actually complies does the
nature of the standard matter.
--
Larry Kilgallen
More information about the scadasec
mailing list