informa
Commentary

TVA 's Scary Security Lapses Have Big Lessons For Small And Midsize Businesses

The news that the Tennessee Valley Authority (TVA) -- the largest U.S. public electric utility -- is riddled with security lapses should give pause to cybersecurity watchers and worriers everywhere. And the nature of those lapses should be a reminder to every business in the country.
The news that the Tennessee Valley Authority (TVA) -- the largest U.S. public electric utility -- is riddled with security lapses should give pause to cybersecurity watchers and worriers everywhere. And the nature of those lapses should be a reminder to every business in the country.According to Government Accountability Office (GAO) findings, the TVA's network has next to no fully patched, fully secured workstations and, perhaps more ominously, vulnerabilities were found in the TVA's control systems.

What does this have to do with us? (Other, of course, than the fact that a vulnerable electric grid leaves our businesses and institutions and everything else vulnerable to attack?)

Among the underlying causes of TVA vulnerabilities was the increasing shift of the utility's network to Internet connections.

Couple that with lax (to say the least) patch policies, missing or outdated anti-virus and firewall protections and you get what the GAO found: potential for danger, potential for national security disaster.

The point here for your business is one we've all made multiple times, and will continue to: once you connect your network to the Internet your network is not only on its way to doing business anywhere, the darker sides of all those anywheres are on their way to doing in your business, if they can.

The sort of security audit that the GAO performed on TVA systems is exactly the same sort of scrutiny you should bring to bear on every node of your own network, and bring it to bear on an ongoing basis.

Doing so will go a long way to keeping your systems up and running -- and safe.

As long, that is, as there's electricity to keep them up and running in the first place.

The GAO report "TVA Needs to Address Weaknesses in Control Systems and Networks" is accessible here as a text file.

The report is available here as a .pdf.

Recommended Reading: