Largest U.S. Government-Owned Utility Triages a Billion or More Cyberthreats Daily

The Tennessee Valley Authority in Chattanooga is one of the country’s richest targets for cyberterrorists with seven nuclear reactors and dozens of hydroelectric dams. It also provides electricity to a nearby nuclear weapons arsenal.
by Dave Flessner, Chattanooga Times/Free Press | October 18, 2019 AT 3:01 AM

(TNS) — As America's electricity grid has become more digitized with more web-based smart meters and devices, cybercriminals have targeted the energy sector as an attractive target.

The Tennessee Valley Authority — the biggest U.S. government-owned electric utility with seven nuclear reactors, 29 hydroelectric dams and service to the Oak Ride nuclear weapons arsenal — is one of the richest potential targets for cyberterrorists.

But within TVA's Chattanooga Office Complex, a small army of computer specialists work around the clock to protect the utility against cyberhacks. In TVA's cybersecurity operations center, nearly two dozen IT specialists stare at a bank of computer terminals and scan email messages, twitter feeds and network activity looking to spot any signs of cyberthreats. The 60-employee cybersecurity division monitors more than 1 billion activities a day across different digital platforms in TVA's 7-state region while also keeping in contact with government and private watchdog agencies for signs of possible cyberthreats from around the globe to the electric grid.

"Across all industries cybersecurity threats are increasing both in number and sophistication and the energy sector is one of the most sought after sectors for cyberattackers," said Andrea Brackett, a 26-year TVA employee who serves as director of TVA cybersecurity in Chattanooga. "We invest millions of dollars each year into our cybersecurity program and we make sure that we educate all TVA workers that part of their role is taking cybersecurity seriously and to be one of our layers of defense."

Two years ago, TVA opened its cybersecurity facility in its downtown office complex where workers view both their own computer screens and giant wall displays of twitter feeds, threat warnings and other potential cybercriminal activity across the 80,000 square miles in the Tennessee Valley. Workers constantly look for and correct potential problems from hackers or those phishing for access to information or to potentially damage the power system.

"Our threat intelligence unit here is constantly maintaining an awareness of what the cyberlandscape looks like, analyzing what attacks are happening not only across the electric sector but also industries as well," Chad Tyler, a senior information security specialist for TVA, said Wednesday during a tour of TVA's cybersecurity facilities as part of the agency's recognition of National Cybersecurity Awareness month. "We also have a sensor operations group, incident responders and a risk team to help us detect and assess the potential cyberthreats to our network."

As a government-owned utility, TVA is subject to more regulation and review than most investor-owned utilities, in part, because government identities are regarded as more of a potential target for state-sponsored terrorists wishing to attack the United States.

Like all wholesale electricity suppliers, TVA must comply with the safety and security standards of the North American Electric Reliability Corporation, the industry group that sets standards for transmission and power reliability.

But as a federal agency, TVA also must comply with the federal Information Security Modernization Act of 2014 and follow the executive branch orders for government agencies through the U.S. Department of Homeland Security, which rates each government agency every year.

"We're improving and working all the time to get better," Brackett said.

TVA also works with other utilities to meet standards and evaluate new programs by the Department of Energy for cybersecurity. Last year, the U.S. Department of Energy created the Office of Cybersecurity, Energy Security and Emergency Response with a $28 million annual budget to research technologies that help prevent, detect and mitigate cyberattacks, with an emphasis on communication and cloud-based operations.

The World Energy Council reports that there has been a "massive" increase in the number of successful cyberattacks in recent years. In response, President Trump in 2017 issued an executive order demanding stronger cybersecurity of critical infrastructure. The Department of Energy has released a five-year strategy to combat the risk of power disruptions caused by cyberattacks, focusing on threat-sharing, supply chain risks, and research and development of more resilient energy systems.

TVA's own internal watchdog, the Office of Inspector General, also evaluates TVA cybersecurity activities. An audit of TVA web sites and email earlier this year found that among 116 TVA registered internet domains tested for email security requirements, 115 did not meet Department of Homeland Security standards for cybersecurity. Brackett said the problems identified by the inspector general have since been corrected.

By 2023, TVA plans to relocate the power operations center now located in the basement of its downtown power headquarters in Chattanooga to a new $300 million facility being built in southern Meigs County as part of one of the biggest upgrades of TVA's power grid in the utility's 86-year history. The more rural location is designed to be more secure for the power control center, but Brackett said the cybersecurity operations will stay downtown.

"The new center will provide us additional opportunities to evaluate what kind of technologies we can use to protect the grid," she said.

The new secured power center planned near Georgetown is being built to help accommodate a new energy management system that will be supported by another $300 million expansion of the fiber optic lines TVA also is building along about 3,500 miles of its 16,000 miles of transmission lines.

©2019 the Chattanooga Times/Free Press (Chattanooga, Tenn.). Distributed by Tribune Content Agency, LLC.