System Access Security – Gas Operations

Due to the importance of protecting operational technology from cybersecurity threats, we audited the security of a specific type of system access at the Tennessee Valley Authority’s (TVA) gas sites.  Our objective was to determine if a specific type of system access supporting Gas Operations was securely configured and monitored to mitigate cybersecurity threats.  We made eight recommendations to TVA management.  The specifics are being withheld from public release due to their sensitive nature in relation to TVA’s cybersecurity.