The Office of the Inspector General audited cyber security of the Tennessee Valley Authority's (TVA) gas secure rooms that provide remote logical access to all TVA gas fired plants. We found the architecture, current standard programs and processes, and draft standard operating procedures contain appropriate information as suggested by best practices. However, we found the logical controls for the gas secure rooms could be strengthened. Specifically, we found issues with the (1) network devices at the gas secure rooms and a sample of combined cycle and combustion turbine plants and (2) workstations and servers at the gas secure rooms. Additionally, we found the gas secure rooms were not being used for access as originally intended. TVA management agreed with our findings and recommendations.
Report File
Date Issued
Submitting OIG
Tennessee Valley Authority OIG
Other Participating OIGs
Tennessee Valley Authority OIG
Agencies Reviewed/Investigated
Tennessee Valley Authority
Report Number
2017-15452
Report Description
Report Type
Audit
Agency Wide
Yes
Number of Recommendations
7
Questioned Costs
$0
Funds for Better Use
$0