Abstract
Information and communications technologies (ICT) supporting critical infrastructures, including the electric grid, face increasing risks due to cyber threats, system vulnerabilities, and the serious potential impact of attacks or malfunction, as demonstrated by reported incidents. If these technologies are not adequately secured, their vulnerabilities could be exploited and critical infrastructures could be disrupted or disabled, possibly resulting in loss of life, physical damage, or economic losses. The US Government Accountability Office (GAO) examined the controls implemented by the Tennessee Valley Authority (TVA) - the United States’ largest public power company - to protect ICT including control systems and networks used to operate critical infrastructures. GAO’s examination identified numerous vulnerabilities that placed TVA’s control systems and networks at increased risk of unauthorized modification or disruption by both internal and external threats, and numerous actions that TVA can take to mitigate these vulnerabilities. This case study summarizes the results of GAO’s examination of the controls over TVA’s critical infrastructure control systems.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
A pumped-storage plant uses two reservoirs, with one located at a much higher elevation than the other. During periods of low demand for electricity, such as nights and weekends, energy is stored by reversing the turbines and pumping water from the lower to the upper reservoir. The stored water can later be released to turn the turbines and generate electricity as it flows back into the lower reservoir.
- 2.
An intrusion detection system detects inappropriate, incorrect, or anomalous activity that is aimed at disrupting the confidentiality, availability, or integrity of a protected network and its computer systems.
- 3.
Federal Information Security Management Act (FISMA) of 2002, which was enacted as title III, E-Government Act of 2002, Pub. L. No.107-347, 116 Stat. 2899, 2946 (Dec. 17, 2002).
References
GAO: Critical Infrastructure Protection: Federal Efforts to Secure Control Systems Are Under Way, but Challenges Remain, GAO-07-1036 (2007)
GAO: Critical Infrastructure Protection: Multiple Efforts to Secure Control Systems Are Under Way, but Challenges Remain. GAO-08-119T (2007)
Watts, D.: Security and vulnerability in electric power systems. 35th North American Power Symposium, University of Missouri-Rolla, Rolla, MI, pp. 559-566, 2003
Amin, M.: Energy infrastructure defense systems. Special Issue of Proc. IEEE 93(5), 855-860 (2005)
Electric Power Research Institute: Report to NIST on the Smart Grid Interoperability Standards Roadmap (Contract No. SB1341-09-CN-0031 - Deliverable 7) (2009)
The White House: Cyberspace policy review: assuring a trusted and resilient information and communications infrastructure (2009)
National Institute of Standards and Technology: Guide to Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems Security: Recommendations of the National Institute of Standards and Technology, Special Publication 800-82 (2006)
Blair, D.: Annual threat assessment of the intelligence community for the senate committee on intelligence (12 Feb. 2009)
Tennessee Valley Authority: Fossil-fuel generation. http://www.tva.com/power/fossil.htm (2009). Accessed 23 June 2009
Tennessee Valley Authority: Nuclear energy. http://www.tva.com/power/nuclear/index.htm (2009). Accessed 23 June 2009
Tennessee Valley Authority: TVA’s dams and hydro plants. http://www.tva.com/power/pdf/hydro.pdf (2009). Accessed 23 June 2009
Tennessee Valley Authority: TVA’s Transmission http://www.tvakids.com/electricity/transmission.htm (2009). Accessed 26 June 2009
GAO: Federal Information System Controls Audit Manual, GAO-09-232G (2009)
Weiss, J.M.: Control systems cyber security - the current status of cyber security of critical infrastructures, testimony before the Committee on Commerce, Science, and Transportation, U.S. Senate (19 March 2009)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer Science+Business Media B.V.
About this chapter
Cite this chapter
Barkakati, N., Wilshusen, G.C. (2010). Deficient ICT Controls Jeopardize Systems Supporting the Electric Grid: A Case Study. In: Lukszo, Z., Deconinck, G., Weijnen, M. (eds) Securing Electricity Supply in the Cyber Age. Topics in Safety, Risk, Reliability and Quality, vol 15. Springer, Dordrecht. https://doi.org/10.1007/978-90-481-3594-3_7
Download citation
DOI: https://doi.org/10.1007/978-90-481-3594-3_7
Published:
Publisher Name: Springer, Dordrecht
Print ISBN: 978-90-481-3593-6
Online ISBN: 978-90-481-3594-3
eBook Packages: EngineeringEngineering (R0)