Sheer Size Makes Government-Owned Utility a Prime Target for Hackers

The Tennessee Valley Authority is taking steps to secure its infrastructure against an ever-increasing array of cyberthreats.

by Dave Flessner, Chattanooga Times/Free Press / August 13, 2018

(TNS) — Within the Tennessee Valley Authority's new cybersecurity center in the utility's downtown Chattanooga Office Complex, two dozen IT specialists stare at their computer terminals and scan email messages, twitter feeds and network activity looking to spot any signs of cyberthreats.

Beneath a giant wall screen displaying areas of potential concern in TVA's 7-state region, cybersecurity experts monitor a portion of the 2 billion activities across TVA's digital platforms every day. Around the clock, workers monitor electronic messages, both from within TVA and those trying to hack into the utility's network, looking for any attempt to disrupt communication and power delivery across more than 16,000 miles of TVA transmission lines.

As America's biggest government owned power utility — and the operator of 29 power-generating dams, seven nuclear reactors and multiple connections to the Oak Ridge nuclear weapons production arsenal — TVA is regarded as one of the richest targets for cyberterrorists.

Andrea Brackett, director of TVA's Cybersecurity group, says the federal utility is vigilant and ready.

"There are all kinds of threat actors that attempt to test us on a daily basis, but I think we are in a really great spot with all kinds of layering of defenses to make sure that we're protecting our operational assets from different types of cyberattacks that could happen, whether that is from the internet or internally from within TVA," she said. "We've not had any events that have impacted our operational capability."

But the threats of cyberhacks into America's electric grid or digital communications and financial systems in the United States have risen to what Homeland Security Secretary Kirstjen Nielsen calls "a crisis mode" on cybersecurity. Following hacks last year at Equifax and Yahoo, the energy sector is regarded as another very popular target for cybercrime.

"Cyber threats now represent a greater threat to the United States than physical threats," Nielsen recently warned. "Our digital enemies are taking advantage of all of us. They are exploiting our open society to steal, to manipulate, to intimidate, to coerce, to disrupt and to undermine."

U.S. Energy Secretary Rick Perry was a bit more sanguine last week about the cyberthreats to America's power grid, however. Americans should not be unduly alarmed, he said, because the U.S. power grid is decentralized among hundreds of separate utilities and still relies on older technology, making the system harder to hack than in most other countries.

"We've got an old infrastructure, if you will, 50 or 60 years old in a lot of cases," Perry said. "In one way that kind of protects us because we've got some old technology in there. You've got some old analog equipment. On the other hand, all the digital, the new types of technology there is vulnerable to a cyberattack."

Despite concerns of attack from domestic or foreign threats, including new evidence of attempted Russian cyberattacks against American power utilities, Perry said "Americans should know that some of the best in the world are defending them."

With cybercrime on the rise, TVA sees tens of thousands of attempts daily to hack into, or at least test the resilience, of TVA networks. TVA's cybersecurity professionals have identified and blocked hacking activities including those conducted by nation states that pose ongoing threats.

A decade ago, TVA had less than a handful of full-time employees working on cybersecurity issues. The agency's cybersecurity staff now totals 38 TVA employees, supported by another 20 to 30 contract workers.

Employees are the first line of defense against cyberthreats and the key to success in TVA's program, Brackett said

"Not only do we have a well-trained and experienced staff, but we provide regular company-wide awareness training to all employees," she said. "Every employee is required to have cyber security training and then we do significant training for those with elevated roles."

TVA has invested heavily in state-of-the-art monitoring systems and equipment for a new Cybersecurity Operations Center that opened its doors in October 2017. TVA's core cybersecurity team monitors the cyberactivities taking place across the company and collaborates to share intelligence and build mitigating strategies.

"Our Cybersecurity Operations Center tracks not only local and national cyberactivity, but foreign threats as well, including those posed by nation states," said Rob Arnold, TVA's senior manager of cybersecurity operations.

TVA's status as a multi-purpose, government-owned utility makes it a potential target for terrorists, hackers and enemy states interested in disrupting power deliveries or causing floods or nuclear accidents at TVA dams and nuclear plants.

But as a federally owned corporation, TVA is also integrated with other federal agencies in monitoring and communicating about such threats.

"We are in a unique position as a federal utility," Brackett said. "We have a close and ongoing relationship with our federal intelligence community partners such as the FBI, Department of Homeland Security and Department of Energy. This advanced intelligence allows us as a federal entity to better prepare and respond to cyber threats often earlier than our industry peers."

TVA adheres to both industry and government regulations, including those set forth by the Federal Information Security Management Act (FISMA), the National American Electric Reliability Corporation—Critical Infrastructure Protection (NERC-CIP) and the Nuclear Regulatory Commission (NRC) .

Last year in the 2017 audit of cybersecurity systems and policies under the Federal Information Security Modernization Act of 2014, TVA was judged to be "managed and mature" and got a 4 rating on a 5-point scale.

TVA also works to monitor, train and upgrade cybersecurity for the 155 municipalities and power cooperatives that distribute TVA-generated power across the Tennessee Valley.

Phillip Burgess, a communications director for the Tennessee Valley Public Power Association in Chattanooga, said TVA distributors have always placed a priority on protecting customers' information from hackers.

"But with technological advances being employed by hackers, we have expanded our efforts to ensure that our facilities are secure from sophisticated attacks that could potentially shut down or adversely impact delivery of electricity to our customers," Burgess said. "We monitor cybersecurity issues, and provide education and information sharing opportunities for our members."

Just this week, TVPPA hosted an engineering and operations conference that dealt, in part, with cybersecurity.

At the national level, the Department of Homeland Security announced last month plans to open the National Risk Management Center in New York City to guard the nation's banks, energy companies, and other industries from major cyberattacks that could cripple critical infrastructure. Among electric utilities, the Electricity—Information Security Analysis Center (E-ISAC) gathers and shares intelligence among energy companies about emerging cyberthreats.

While a cyberattack is always a threat, Bracket said TVA's isolated and layered defense system offers a strong defense against hack attacks.

"You are much more likely to see a power outage due to a weather related event or wildlife interference than a cyberevent," she said.

©2018 the Chattanooga Times/Free Press (Chattanooga, Tenn.) Distributed by Tribune Content Agency, LLC.