I recently read a 58 page report by the U.S. Government Accountability Office from May 2008 related to the Tennessee Valley Authority that calls them vulnerable to disruption by cyber attack:
Until TVA fully implements security program activities, it risks a disruption of its operations as a result of a cyber incident…possibly resulting in loss of life, physical damage, or economic losses.
Apparently only one in four of their workers was given the required security training, while almost nine million people in the Tennessee Valley depend on the TVA for energy. You will often hear me bring up these details in presentations about the NERC Critical Infrastructure Protection (CIP) standards.
Meanwhile, I just noticed that the first action by President Obama’s Environmental Protection Agency (EPA) Administrator Lisa Jackson is on the TVA for a Coal Ash spill:
The December spill spurred increased attention to coal-waste issues around the country. The 1.1 billion gallons of slurry flooded more than 300 acres of land and damaged homes in the area surrounding the Tennessee Valley Authority pond, and clean-up could cost up to $825 million.
That is ten times the Exxon Valdez spill. What is most amazing about the new direction of the EPA is that it actually seems to be talking about these environmental issues in terms of National Security:
“Environmental disasters like the one last December in Kingston should never happen anywhere in this country,” said EPA Administrator Lisa Jackson in a statement. “That is why we are announcing several actions to help us properly protect the families who live near these facilities and the places where they live, work, play and learn.”
After the TVA spill the New York Times ran a “Collapse of the Clean Coal Myth” story last January.
It was an accident waiting to happen and an alarm bell for Congress and federal regulators. Senator Barbara Boxer of California noted that coal combustion in this country produces 130 million tons of coal ash every year — enough to fill a train of boxcars stretching from Washington, D.C., to Australia. Amazingly, the task of regulating the more than 600 landfills and impoundments holding this ash is left to the states, which are more often lax than not.
Compare and contrast the GAO report with the coal ash issues and you start to see how security is really a process and a state of mind influencing behavior more than any particular technology or control. Let’s hope the GAO warnings on Cyber Security, along with the NERC compliance deadlines, give enough traction to TVA security management to prevent an even larger disaster.
I have started up a whole new group blog on why we should move beyond coal:
http://burycoal.com/blog/
Perhaps you would be interested in contributing something?