Skip to main content
SpringerLink
Log in
Book cover

Securing Electricity Supply in the Cyber Age pp 129–142Cite as

Deficient ICT Controls Jeopardize Systems Supporting the Electric Grid: A Case Study

  • Chapter
  • First Online:

Part of the book series: Topics in Safety, Risk, Reliability and Quality ((TSRQ,volume 15))

Abstract

Information and communications technologies (ICT) supporting critical infrastructures, including the electric grid, face increasing risks due to cyber threats, system vulnerabilities, and the serious potential impact of attacks or malfunction, as demonstrated by reported incidents. If these technologies are not adequately secured, their vulnerabilities could be exploited and critical infrastructures could be disrupted or disabled, possibly resulting in loss of life, physical damage, or economic losses. The US Government Accountability Office (GAO) examined the controls implemented by the Tennessee Valley Authority (TVA) - the United States’ largest public power company - to protect ICT including control systems and networks used to operate critical infrastructures. GAO’s examination identified numerous vulnerabilities that placed TVA’s control systems and networks at increased risk of unauthorized modification or disruption by both internal and external threats, and numerous actions that TVA can take to mitigate these vulnerabilities. This case study summarizes the results of GAO’s examination of the controls over TVA’s critical infrastructure control systems.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD   109.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

     A pumped-storage plant uses two reservoirs, with one located at a much higher elevation than the other. During periods of low demand for electricity, such as nights and weekends, energy is stored by reversing the turbines and pumping water from the lower to the upper reservoir. The stored water can later be released to turn the turbines and generate electricity as it flows back into the lower reservoir.

  2. 2.

     An intrusion detection system detects inappropriate, incorrect, or anomalous activity that is aimed at disrupting the confidentiality, availability, or integrity of a protected network and its computer systems.

  3. 3.

     Federal Information Security Management Act (FISMA) of 2002, which was enacted as title III, E-Government Act of 2002, Pub. L. No.107-347, 116 Stat. 2899, 2946 (Dec. 17, 2002).

References

  1. GAO: Critical Infrastructure Protection: Federal Efforts to Secure Control Systems Are Under Way, but Challenges Remain, GAO-07-1036 (2007)

    Google Scholar 

  2. GAO: Critical Infrastructure Protection: Multiple Efforts to Secure Control Systems Are Under Way, but Challenges Remain. GAO-08-119T (2007)

    Google Scholar 

  3. Watts, D.: Security and vulnerability in electric power systems. 35th North American Power Symposium, University of Missouri-Rolla, Rolla, MI, pp. 559-566, 2003

    Google Scholar 

  4. Amin, M.: Energy infrastructure defense systems. Special Issue of Proc. IEEE 93(5), 855-860 (2005)

    Google Scholar 

  5. Electric Power Research Institute: Report to NIST on the Smart Grid Interoperability Standards Roadmap (Contract No. SB1341-09-CN-0031 - Deliverable 7) (2009)

    Google Scholar 

  6. The White House: Cyberspace policy review: assuring a trusted and resilient information and communications infrastructure (2009)

    Google Scholar 

  7. National Institute of Standards and Technology: Guide to Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems Security: Recommendations of the National Institute of Standards and Technology, Special Publication 800-82 (2006)

    Google Scholar 

  8. Blair, D.: Annual threat assessment of the intelligence community for the senate committee on intelligence (12 Feb. 2009)

    Google Scholar 

  9. Tennessee Valley Authority: Fossil-fuel generation. http://www.tva.com/power/fossil.htm (2009). Accessed 23 June 2009

    Google Scholar 

  10. Tennessee Valley Authority: Nuclear energy. http://www.tva.com/power/nuclear/index.htm (2009). Accessed 23 June 2009

    Google Scholar 

  11. Tennessee Valley Authority: TVA’s dams and hydro plants. http://www.tva.com/power/pdf/hydro.pdf (2009). Accessed 23 June 2009

    Google Scholar 

  12. Tennessee Valley Authority: TVA’s Transmission http://www.tvakids.com/electricity/transmission.htm (2009). Accessed 26 June 2009

    Google Scholar 

  13. GAO: Federal Information System Controls Audit Manual, GAO-09-232G (2009)

    Google Scholar 

  14. Weiss, J.M.: Control systems cyber security - the current status of cyber security of critical infrastructures, testimony before the Committee on Commerce, Science, and Transportation, U.S. Senate (19 March 2009)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. U.S. Government Accountability Office, 441G St NW, Washington, D.C., 20548, USA

    Nabajyoti Barkakati & Gregory C. Wilshusen

Authors
  1. Nabajyoti Barkakati
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Gregory C. Wilshusen
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Nabajyoti Barkakati .

Editor information

Editors and Affiliations

  1. Fac. Technology, Policy & Management, Delft University of Technology, Delft, 2600 GA, Netherlands

    Zofia Lukszo

  2. Dept. Electrical Engineering (ESAT), Katholieke Universiteit Leuven, Kasteelpark Arenberg 10, Leuven, 3001, Belgium

    Geert Deconinck

  3. Fac. Technology, Policy & Management, Delft University of Technology, Jaffalaan 5, Delft, 2628 BX, Netherlands

    Margot P. C. Weijnen

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer Science+Business Media B.V.

About this chapter

Cite this chapter

Barkakati, N., Wilshusen, G.C. (2010). Deficient ICT Controls Jeopardize Systems Supporting the Electric Grid: A Case Study. In: Lukszo, Z., Deconinck, G., Weijnen, M. (eds) Securing Electricity Supply in the Cyber Age. Topics in Safety, Risk, Reliability and Quality, vol 15. Springer, Dordrecht. https://doi.org/10.1007/978-90-481-3594-3_7

Download citation

  • DOI: https://doi.org/10.1007/978-90-481-3594-3_7

  • Published:

  • Publisher Name: Springer, Dordrecht

  • Print ISBN: 978-90-481-3593-6

  • Online ISBN: 978-90-481-3594-3

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation