The Office of the Inspector General performed an audit of TVA’s transmission network cybersecurity. The audit scope was limited to a specific type of connectivity within TVA’s transmission network. The audit objective was to determine the level of cybersecurity in place for this type of connectivity.
We determined the connectivity within TVA’s transmission network had a high level of cybersecurity in place commensurate with the level of associated risk. In addition, our testing of internal controls identified process improvements related to configuration management. We recommend the Senior Vice President, Grid, update configuration management processes to improve periodic reviews.