Protection Against a Specific Type of Cyberattack

Due to the importance of protecting the Tennessee Valley Authority (TVA) operations from external cyber events, we audited TVA’s protection mechanisms for a specific cyberattack.  Our objective was to determine if TVA’s protection mechanisms to prevent or protect against a specific type of cyberattack were adequately designed, properly implemented, and operating effectively.  Specifics are being withheld from public release due to their sensitive nature in relation to TVA’s cybersecurity.  We made two recommendations to TVA management.