U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Ransomware

Report Information

Date Issued
Report Number
2018-15529
Report Type
Audit
Description
The Office of the Inspector General audited TVA’s controls in place to prevent, detect, and respond to ransomware incidents. In summary, we found TVA management generally has appropriate controls in place to prevent, detect, and respond to a ransomware incident. However, for one selected system, we found inappropriate administrative access. To strengthen access controls, TVA currently has an ongoing project to identify, track, and monitor administrative accounts, which is expected to be complete in 2020. In addition, we found improvements were needed in the Ransomware Incident Action Plan. TVA’s Cybersecurity updated the Ransomware Incident Action Plan during our audit.
Joint Report
Yes
Participating OIG
Tennessee Valley Authority OIG
Agency Wide
Yes (agency-wide)
Questioned Costs
$0
Funds for Better Use
$0
View report on Oversight.gov

Recommendations

No recommendations at this time.