Cyber security at the US government's largest renewable power transmission agency has been found wanting by an Energy Department inspector general.
The Western Area Power Administration (WAPA), which sells and transmits power through 17,000 miles of lines and 296 substations, depends on information technology systems to manage its massive electrical power complex and finances, said US reports.
But the agency used a default password to protect its electricity scheduling database and regularly failed to update security software, according to a report by energy inspector general Gregory Friedman.
Commenting on the use of a default user name and password, the report said: "This high-risk vulnerability could have been exploited by an attacker from any internet connection to obtain unauthorised access to the internal database supporting the electricity scheduling system."
Intruders could also have accessed other computer stations at Western's offices and its customers' offices through the same vulnerability, the report said.
According to Friedman, nearly all of the 105 workstations that investigators evaluated had at least one high-risk vulnerability involving software security updates.
But the agency used a default password to protect its electricity scheduling database and regularly failed to update security software, according to a report by energy inspector general Gregory Friedman.
Commenting on the use of a default user name and password, the report said: "This high-risk vulnerability could have been exploited by an attacker from any internet connection to obtain unauthorised access to the internal database supporting the electricity scheduling system."
Intruders could also have accessed other computer stations at Western's offices and its customers' offices through the same vulnerability, the report said.
According to Friedman, nearly all of the 105 workstations that investigators evaluated had at least one high-risk vulnerability involving software security updates.
But the agency used a default password to protect its electricity scheduling database and regularly failed to update security software, according to a report by energy inspector general Gregory Friedman.
Commenting on the use of a default user name and password, the report said: "This high-risk vulnerability could have been exploited by an attacker from any internet connection to obtain unauthorised access to the internal database supporting the electricity scheduling system."
Intruders could also have accessed other computer stations at Western's offices and its customers' offices through the same vulnerability, the report said.
According to Friedman, nearly all of the 105 workstations that investigators evaluated had at least one high-risk vulnerability involving software security updates.
