Federal Reports

Power plants rely on operational technology (OT) to ensure the plants can run without disruption. Due to the high risks associated with threat events against OT, we performed an audit of the Tennessee Valley Authority’s (TVA) OT cybersecurity at a combined cycle plant. Our objective was to determine if logical, physical, and general security controls were (1) appropriately designed to reduce cybersecurity risk and (2) operating effectively. We determined logical, physical, and some general controls were appropriately designed and operating effectively. However general security controls related to contingency planning, system inventory, system baselines, and cybersecurity monitoring needed improvement. Specifically, we identified:• Contingency plans were not documented. • OT inventory was incomplete.• System baselines were not in place.• Cybersecurity monitoring was incomplete.In addition, we determined a risk assessment had not been completed for the site’s OT systems.

U.S. Customs and Border Protection (CBP) spent $60 million of Infrastructure Investment and Jobs Act (IIJA) procurement, construction, and improvements (PC&I) funding on six contracts in fiscal years 2022 and 2023 to modernize and improve CBPowned land ports of entry (LPOEs). In FY 2022, CBP spent $16 million of IIJA PC&I funding for two contracts for maintenance and repairs at CBP-owned LPOEs. In FY 2023, CBP spent $44.5 million of IIJA PC&I funding for contracts to modernize six CBPowned LPOEs. In FY 2024, CBP plans to use IIJA PC&I funding for contracts to include work to address outstanding priority repairs at CBP-owned LPOEs.

NPS did not take sufficient steps to implement Justice40 and did not identify data necessary to track, monitor, and report the impact of DOI actions.