Cybersecurity: The New First Line of Defense

In the face of ever-increasing cybersecurity threats worldwide, TVA operates a state-of-the-art Cybersecurity Operations Center within its Chattanooga office complex.

As the nation's largest public power utility, TVA works around the clock to ensure that information and industrial control systems are well protected, but cybersecurity threats are real. Over the past several years, TVA has heightened its cybersecurity capabilities and improved preparedness for cyber incidents that could impact the electric power grid.

Andrea Brackett, director of TVA’s Cybersecurity group, tells us more about how TVA works to predict, protect, detect and respond when it comes to cybersecurity.

Prepared 24/7

“Cybersecurity is a hot topic these days and frequently in the national news,” says Brackett. “In reality, it’s a challenge that we’ve seen growing for several years. For example, major breaches were announced last year by Equifax and Yahoo. The energy sector is another very popular target for cyber crime.”

That’s why, according to Brackett, TVA has invested heavily in state-of-the-art monitoring systems and equipment for a new Cybersecurity Operations Center that opened its doors in October 2017. This is where TVA’s core cybersecurity team monitors the cyber activities taking place across the company and collaborates to share intelligence and build mitigating strategies.

“The Cybersecurity Operations Center monitors systems 24/7 and closely tracks not only local and national cyber activity, but foreign threats as well, including those posed by nation states,” says Brackett. With cyber crime on the rise, TVA sees tens of thousands of attempts daily. TVA’s cybersecurity professionals have identified and blocked hacking activities including those conducted by nation states that pose ongoing threats.

Advanced Intelligence

“We are in a unique position as a federal utility,” explains Brackett. “We have a close and ongoing relationship with our federal intelligence community partners such as the FBI, Department of Homeland Security and Department of Energy. This advanced intelligence allows us as a federal entity to better prepare and respond to cyber threats often earlier than our industry peers.”

TVA adheres to an array of industry and government regulations, including those set forth by the Federal Information Security Management Act (FISMA), the National American Electric Reliability Corporation—Critical Infrastructure Protection (NERC-CIP) and the Nuclear Regulatory Commission (NRC) among others. These regulations add to Cybersecurity’s capabilities.

“Our comprehensive Cybersecurity program aligns with industry best-practices to predict, protect and respond to threats. As an industry we gather intelligence and collaborate with neighboring utilities and the Electricity—Information Security Analysis Center (E-ISAC) to stay alert and informed of emerging cyber threats.”

TVA has also provided outreach summits for local power companies to learn more about enhancing cybersecurity in their space.

Reliable Power for You

Brackett says that while a cyber attack is always a threat, TVA’s isolated and layered defense system is designed to ensure reliable electricity is available. “TVA has never experienced a power outage due to a cybersecurity attack. You are much more likely to see a power outage due to a weather related event or wildlife interference than a cyber event.”

Employees are the first line of defense against cyber threats and the key to success in TVA’s program, according to Brackett. “Not only do we have a well-trained and experienced staff, but we provide regular company-wide awareness training to all employees. We could not have a successful program without the support of those who work with TVA’s critical systems.” Among other things, employees learn the importance of identifying and reporting suspicious emails, using only secure USB drives and to never share their passwords with others.

“Although you may not visibly see our team out working in a power plant or on our transmission lines, they are an integral part of supporting these assets for safety and reliability of power in the Valley. If something does happen, we are equipped to deal with it quickly.”

The bottom line for power consumers? “We’re making sure that power is delivered to your home.”