TVA responds to audit showing non-compliance with DHS digital requirements
There are 2 billion activities in a given day all across Tennessee Valley Authority's digital platforms, making it an ideal place for hackers. TVA officials say they see thousands of hacking attempts daily.
TVA's website says employees work 24 hours a day, monitoring those trying to hack into the network.
No matter how many employees are working on TVA's cybersecurity, it still failed in the eyes of the Office of the Inspector General.
The Department of Homeland Security (DHS) has set security standards, and TVA failed to comply with most of them.
The audit performed by the Office of the Inspector General shows 116 TVA registered internet domains were tested for e-mail security requirements. The audit shows 115 of those internet domains failed.
The report cites those 115 domains were not in compliance with DMARC policies, which were put in place to reduce the risk of cyber attacks.
Twenty of the 55 TVA websites that can be accessed by anyone did not meet the required encryption settings. Those settings were designed to protect a user's data between them and the website.
Two years ago, TVA unleashed a new cyber security center where according to its website, team members would share intelligence and build mitigating strategies to deter cyber crime.
Those strategies are now being re-visited.
Andrea Brackett, Director of TVA Cybersecurity, issued the following statement:
"All issues identified during the TVA Office of the Inspector General audit have been remediated or a mitigation plan has been developed. Additionally, TVA cybersecurity works with the department of homeland security (DHS) on a continuous monitoring basis to identify vulnerabilities and potential weaknesses in systems. TVA cybersecurity has classified these findings as low risk to TVA."
Brackett also said in a statement, "TVA is committed to improving the processes and procedures consistent with the OIG's recommendations."
The report shows TVA's management agrees on all of the inspector general's recommendations.
The following is the full audit from the OIG:
Stay with the WRCB app for updates to this story.