Energy Utilities Ramp Up Security

Since Sept. 11, the IT security needs of the Tennessee Valley Authority-which already were massive-became even more important.

In the wake of the Sept. 11 attacks last year, the IT security needs of the Tennessee Valley Authority—which already were massive—became even more important, said Anthony Smith, the authoritys IT security senior manager.

Generating enough revenue to run itself without federal assistance, the TVA—the nations largest public power producer—generates up to 30,000 megawatts of power each year, from 11 coal plants, 29 hydroelectric plants, three nuclear plants, one pump storage plant and backup combustion turbines. TVA serves seven states, 8.3 millions people, and 150 local, municipal and cooperative energy sellers.

"What we found is the largest element in IT security is training and education," said Smith, in Knoxville.

The authoritys 700 IT employees have been schooled, through classroom instruction, campaigns and even contests, in how to recognize "social engineering" security tactics, such as crackers who try to obtain physical access to passwords.

"[Another] thing that weve begun to do is partner with other federal agencies, to see what theyve done" in areas like anti-virus software, intrusion detection and vulnerability testing, Smith said.

He wouldnt provide details of TVAs actual IT infrastructure, but said its tested regularly.

"We have labs, where we simulate these are the types of attacks youd see, and how to mitigate those threats. Thats an ongoing process," he said. In addition, "were having to work hand-in-hand with the physical security people."

To accomplish that, TVA is using both off-the-shelf and customized IT tools, and has classified plans for the military bases it serves.

Overall, since Sept. 11, "we have definitely stepped up our posture," Smith said. In particular, the authority is working to keep in compliance with the Government Information Security Reform Act, he said.

Advice and criticism of power plant security and technologys role comes from varied sources. At the Union of Concerned Scientists, a non-profit, politically neutral technology safety advocate, nuclear safety engineer David Lochbaum has a laundry list of suggestions for improving plant safety, many of which incorporate the use of IT resources. Lochbaum knows the issues first-hand, having spent 17 years in the industry.