Local officials provided insight into the safety of area infrastructure and systems after the Trump administration blamed the Russian government for a string of cyberattacks aimed at nuclear power plants, as well as water and electrical systems.
“We recognize that cybersecurity threats are increasing in number, sophistication and consequence, and energy companies and government agencies are often targeted,” TVA spokesman Scott Fiedler said via email.
The New York Times reported last week that officials and private security firms in the United States saw the attacks as a sign that Russia could disturb U.S. systems and that attackers got access to important control systems at unidentified power plants.
The hackers were not able to sabotage or shut down any systems that operate the plants, and local officials said they have systems in place to prevent attacks.
Fiedler said officials have to keep some information secret to avoid giving attackers their “playbook,” but he said that—as the nation’s largest public power provider and a significant player in the U.S. bulk electric system—TVA has a multilayered system in place to protect from cyberattacks.
In addition to its “multitiered threat analysis capabilities,” TVA performs continuous monitoring and vulnerability assessments.
The most critical systems are housed in a special, isolated network that’s separate from corporate networks and inaccessible to the internet, Fiedler said.
“By segmenting the networks we can add a significant level of security,” he said. “Basically what we do is completely wall-off core information assets entirely from common-user computers and the internet.”
TVA is a government agency, which also provides officials with the ability to gather intelligence and stay updated on emerging cyber threats.
TVA partners with the FBI and the Department of Homeland Security to stay abreast of cyber threats and works with industry groups, such as the Edison Electric Institute.
“We also train our employees on cybersecurity best practices and to recognize phishing scams,” he said.
EPB has similar systems in place to avoid cyberattacks.
“EPB utilizes cutting-edge software and hardware to constantly monitor and guard against cyberattacks,” spokesman John Pless said via email. “In addition, we have proactively implemented multiple layers of security measures and are committed to maintaining secure, reliable and high-quality services to our customers.”
In October 2017, the U.S. Department of Homeland Security and the Federal Bureau of Investigation issued a warning that detailed advanced persistent threats to targets, including utilities, according to a Tennessee American Water report.
“It is not a question of if our critical infrastructure will be targeted, but when and to what extent,” also according to the report.
The utility, which reaches more than 12 million customers in 16 states, has invested in “intelligent” infrastructure and advanced IT networks, among other protections.
Technology opens systems to the potential for cyberattacks, but also enable protections.
For example, the technology has been used to develop intelligent water systems to protect the supply, detect leaks and recover more quickly from disruptions.
“Cybersecurity is top of mind for Tennessee American Water,” Director of Operations Kevin Kruchinski said in a prepared statement. “That is why our Technology and Innovation team stays on the forefront of the issues, partners with agencies and continuously works to stay ahead of threats.”