[SCADASEC] GAO: TVA Power Plants Vulnerable to Cyber Attacks
Kevin Lackey
jabberwoq at gmail.com
Wed May 21 12:15:17 CDT 2008
Being compliant with a standard does not in anyway infer secure. It just
infers compliance with the standard.
Kevin
On Wed, May 21, 2008 at 8:12 AM, ljknews <ljknews at mac.com> wrote:
> At 6:42 AM -0700 5/21/08, Joe Weiss wrote:
>
> > TVA as a Federal agency must meet NIST SP800-53. It is MORE STRINGENT
> > than any non-federal electric utility needs to meet.
>
>
> > Via The Washington Post.
>
> > The GAO also warned that computers on TVA's corporate network lacked
> > security software updates and anti-virus protection, and that firewalls
> > and
> > intrusion detection systems on the network were easily bypassed and
> > failed
> > to record suspicious activity.
>
> That description indicates that TVA was not in compliance with
> NIST SP 800-53 (required for both corporate and SCADA systems).
>
> Being subject to 800-53 is no safer than being subject to
> weaker standards. Only if one actually complies does the
> nature of the standard matter.
> --
> Larry Kilgallen
>
> _______________________________________________
> To unsubscribe from this mailing list, please visit:
> http://news.infracritical.com/mailman/listinfo/scadasec
>
> To review our privacy statement, please visit:
> http://www.infracritical.com/privacy.html
>
> scadasec at news.infracritical.com
> http://news.infracritical.com/mailman/listinfo/scadasec
>
More information about the scadasec
mailing list