With November being National Critical Infrastructure Security and Resiliency Month, cyberattacks on electricity providers like the Tennessee Valley Authority (TVA) are being brought into focus, and a new report from TVA’s Inspector General raises some concerns about the organization’s ability to deal with potential ransomware attacks.
“In summary, we found TVA management generally has appropriate controls in place to prevent, detect, and respond to a ransomware incident. However, for the selected system, we found inappropriate administrative access,” the report notes. “In addition, we found improvements were needed in the Ransomware Incident Action Plan.”
With ransomware’s growth in recent years, the attack method was included in TVA’s high-risk cybersecurity threats category for the agency’s 2018 audit. Through the audit, the inspector general’s office examined a system with sensitive data that was classified as high risk.
On the whole, the inspector general’s office found mostly positive results, including “appropriate patching, up-to-date antivirus, and appropriate access control.” However, the office flagged identity management as a key area for improvement, with administrative accounts not being disabled as users left the agency or moved to new positions. The report recommended that the IT director review and disable accounts as appropriate – a recommendation with which TVA agreed.
Additionally, the inspector general found that “the Ransomware Incident Action Plan did not include instructions for changing passwords and deleting registry values following an incident, as recommended in best practice.” The audit led the inspector general’s office to recommend an update to the plan, which TVA agreed with as well.