[SCADASEC] GAO: TVA Power Plants Vulnerable to Cyber Attacks
Joe Weiss
joe.weiss at realtimeacs.com
Wed May 21 09:58:00 CDT 2008
I thought I would bring up the irony of why I am not in Washington for
the hearings. I am attending the GridWise Conference in Santa Clara, CA
and am on a panel today to discuss cyber security of the "Smart Grid".
What is GridWise- it is the electric industry's approach to develop and
implement the "Smart Grid". The Smart Grid is the remotely accessible
grid consisting smart meters, remotely accessible thermostats, IP-based
automated substations, etc. It is ironic that hearings are being held
about vulnerabilities on one coast and a major conference is going on to
implement cyber vulnerable technologies on the other coast.
Joe
Joe Weiss PE, CISM
Applied Control Solutions, LLC
Cupertino, CA
(408) 253-7934
(408) 253-7974 Fax
(408) 832-5396 Cell
joe.weiss at realtimeacs.com
This message (with attachments) may be privileged, confidential, or
proprietary. If you are not the intended recipient, do not use or share
it, and delete it.
-----Original Message-----
From: scadasec-bounces at news.infracritical.com
[mailto:scadasec-bounces at news.infracritical.com] On Behalf Of Joe Weiss
Sent: Wednesday, May 21, 2008 6:43 AM
To: scadasec at news.infracritical.com
Subject: Re: [SCADASEC] GAO: TVA Power Plants Vulnerable to Cyber
Attacks
TVA as a Federal agency must meet NIST SP800-53. It is MORE STRINGENT
than any non-federal electric utility needs to meet. Also recognize that
NERC and the non-federal utilities are fighting NOT to have to meet NIST
SP800-53. This does not bode well for the cyber security of our electric
grid. More later on my blog at www.controlglobal.com
Joe
Joe Weiss PE, CISM
Applied Control Solutions, LLC
Cupertino, CA
(408) 253-7934
(408) 253-7974 Fax
(408) 832-5396 Cell
joe.weiss at realtimeacs.com
This message (with attachments) may be privileged, confidential, or
proprietary. If you are not the intended recipient, do not use or share
it, and delete it.
-----Original Message-----
From: scadasec-bounces at news.infracritical.com
[mailto:scadasec-bounces at news.infracritical.com] On Behalf Of Paul
Ferguson
Sent: Tuesday, May 20, 2008 11:06 PM
To: scadasec at news.infracritical.com
Subject: [SCADASEC] GAO: TVA Power Plants Vulnerable to Cyber Attacks
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Via The Washington Post.
[snip]
The Tennessee Valley Authority (TVA), the nation's largest public power
company, is vulnerable to cyber attacks that could sabotage critical
systems that provide electricity to more than 8.7 million people,
according
to a Government Accountability Office report to be released today.
The report was requested by a House Homeland Security panel on cyber
security, which is expected to hear testimony today from the Federal
Energy
Regulatory Commission about gaining additional authority to require
electric utilities to implement added cyber-security measures.
The GAO found that TVA's Internet-connected corporate network was linked
with systems used to control power production, and that security
weaknesses
pervasive in the corporate side could be used by attackers to manipulate
or
destroy vital control systems. As a wholly owned federal corporation,
TVA
must meet the same computer security standards that govern computer
practices and safeguards at federal agencies.
The GAO also warned that computers on TVA's corporate network lacked
security software updates and anti-virus protection, and that firewalls
and
intrusion detection systems on the network were easily bypassed and
failed
to record suspicious activity.
[snip]
More:
http://www.washingtonpost.com/wp-dyn/content/article/2008/05/20/AR200805
200
2354.html
Gives you the warm fuzzies, no?
- - ferg
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.3 (Build 3017)
wj8DBQFIM7u8q1pz9mNUZTMRAp/aAJ4z8JvLBOGTh6OkRj24dik3GNzA4ACgglte
CUR+PX0xZ8xhGar0poJZcjU=
=LfMn
-----END PGP SIGNATURE-----
--
"Fergie", a.k.a. Paul Ferguson
Engineering Architecture for the Internet
fergdawg(at)netzero.net
ferg's tech blog: http://fergdawg.blogspot.com/
_______________________________________________
To unsubscribe from this mailing list, please visit:
http://news.infracritical.com/mailman/listinfo/scadasec
To review our privacy statement, please visit:
http://www.infracritical.com/privacy.html
scadasec at news.infracritical.com
http://news.infracritical.com/mailman/listinfo/scadasec
_______________________________________________
To unsubscribe from this mailing list, please visit:
http://news.infracritical.com/mailman/listinfo/scadasec
To review our privacy statement, please visit:
http://www.infracritical.com/privacy.html
scadasec at news.infracritical.com
http://news.infracritical.com/mailman/listinfo/scadasec
More information about the scadasec
mailing list