To be fair, the TVA report came from the GAO and I've yet to read a GAO report on "cyber security" that wasn't bad news for the organization being audited. If they were to go to any other utility company in the world I'm sure they'd find similar issues as their standards are (rightfully so) very high.
That's not to say there aren't problems at TVA as I'm sure there are. NERC is more concerned on keeping the power running which includes things like life and health safety, flowing electricity between long distances and different companies, making sure generation is there, etc. Cyber security is on the list and if companies don't follow their CIP standard they face huge fines (up to $1m a day of non-compliance). Suffice to say power companies are an old lot here in the US and as such have an air of self-importance which leads to the "we know what's best" syndrome. After all, they have to keep the lights on and the hospitals running. On Sun, Jun 1, 2008 at 9:58 PM, Juha-Matti Laurio < [EMAIL PROTECTED]> wrote: > From Forbes.com: > > "..... > I think we could search far and wide and not find a more disorganized > response to a national security issue of this import," said Rep. James > Langevin (D-R.I.), chairman of the Subcommittee on Emerging Threats, > Cybersecurity and Science and Technology. > He pointed a finger to several groups: the DHS for giving scanty details of > its video-taped simulation; the power industry for working too slowly to > mitigate the threat; and the North American Electric Reliability > Corporation, an industry group, for failing in its role as the > self-regulatory body assigned to ensure a consistent national power supply. > "Everything about the way this vulnerability was handled … leaves me with > little confidence that we're ready or willing to deal with the cyber > security threat," he said. > > The House's criticisms focused primarily on the electric utility industry > group, NERC. They argued that the advisories issued by NERC are ineffective > and that it has repeatedly misled the House in its investigation of the > Aurora vulnerability." > --clip-- > > More at > > http://www.forbes.com/technology/2008/05/22/cyberwar-breach-government-tech-security_cx_ag_0521cyber.html > > And CNN's Study finds TVA vulnerable to hacking: > http://www.cnn.com/2008/US/05/21/cyber.attack/ > > "The Tennessee Valley Authority, which supplies power to almost 9 million > Americans, "has not fully implemented appropriate security practices to > protect the control systems used to operate its critical infrastructures," > leaving them "vulnerable to disruption," the Government Accountability > Office found." > --clip-- > > There are many readers (including me) happy now about living outside of > US... > > Juha-Matti > > _______________________________________________ > Fun and Misc security discussion for OT posts. > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec > Note: funsec is a public and open mailing list. >
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
