national infrastructure
Image credit: Stock

At the Tennessee Valley Authority's new cybersecurity centre, IT specialists constantly scan the power network and social media feeds looking for potential threats.

Working around the clock, they monitor any attempt to disrupt communication or power delivery across the Tennessee Valley Authority (TVA) network.

TVA state-of-the-art monitoring systems and equipment ensures the core cybersecurity team can monitor cyber activities across the company.

"Our Cybersecurity Operations Center tracks not only local and national cyber activity but foreign threats as well, including those posed by nation states," says TVA's senior manager of cybersecurity operations, Rob Arnold, highlighting the importance of collaboration and sharing of intelligence and building mitigation strategies.

"Our comprehensive cybersecurity programme aligns with industry best-practices to predict, protect and respond to threats," according to Andrea Brackett, director of TVA's cybersecurity group. "As an industry, we gather intelligence and collaborate with neighbouring utilities and the Electricity–Information Security Analysis Center to stay alert and informed of emerging cyber threats."

In the 2017 Federal Information Security Modernisation Act of 2014 audit of cybersecurity systems and policies TVA was judged to be "managed and mature" scoring a rating of 4 out of 5 points.

TVA is considered a prime target for cyber attacks, being the biggest government-owned power utility and being connected to multiple nuclear reactors.

"There are all kinds of threat actors that attempt to test us on a daily basis, but I think we are in a really great spot with all kinds of layering of defenses to make sure that we're protecting our operational assets from different types of cyber attacks that could happen, whether that is from the internet or internally from within TVA," says Brackett. "We've not had any events that have impacted our operational capability."

"We are in a unique position as a federal utility," Brackett continues. "We have a close and ongoing relationship with our federal intelligence community partners such as the FBI, Department of Homeland Security and Department of Energy. This advanced intelligence allows us as a federal entity to better prepare and respond to cyber threats – often earlier than our industry peers."

"Cyber threats now represent a greater threat to the United States than physical threats," Kristjen Nielsen, Homeland Security Secretary recently warned. "Our digital enemies are taking advantage of all of us. They are exploiting our open society to steal, to manipulate, to intimidate, to coerce, to disrupt and to undermine."

The TVA cyber team has grown to more than 38 full-time employees, supported by an additional 20-30 contract workers, all focused on identifying and blocking hacking attempts against the utility.

“As the nation's largest power provider, we work around the clock to monitor our network to protect it from cyber threats,” a TVA spokesperson confirmed. “... We perform continuous monitoring, penetration testing and vulnerability assessments.”

According to Brackett, TVA's employees are its first line of defence. "Not only do we have a well-trained and experienced staff, but we provide regular company-wide awareness training to all employees," she says. "Every employee is required to have cybersecurity training and then we do significant training for those with elevated roles."

This includes teaching employees "the importance of identifying and reporting suspicious emails, using only secure USB drives and to never share their passwords with others."

Bracket said TVA's "isolated and layered defence system" offers a strong defence against cyber attacks.

"You are much more likely to see a power outage due to a weather-related event or wildlife interference than a cyber event," she says.