Bonneville Power Administration Control System's Computer Security

Gao ID: B-211147 March 18, 1983

As part of its study of automatic data processing management at the Bonneville Power Administration (BPA), GAO reviewed computer security at the control system's Dittmer computer center.

GAO found that, although BPA has made some progress toward developing and implementing a computer security program agencywide, it needs to do more. Recently, BPA appointed a computer protection program manager, identified critical and sensitive data processing systems, and assessed risks and threats to the computer center. However, during its review of the center, GAO found that: (1) written computer security procedures had not been developed or implemented; (2) an automatic fire suppression system had not been installed; (3) physical access to the facility was not appropriately restricted; and (4) a contingency plan for implementation in the event that the computer becomes nonoperational had not been fully developed. GAO concluded that BPA must correct these problems at the computer center before it can fully install a computer security program.

Recommendations

Our recommendations from this work are listed below with a Contact for more information. Status will change from "In process" to "Open," "Closed - implemented," or "Closed - not implemented" based on our follow up work.

Director: Walter L. Anderson Team: General Accounting Office: Seattle Regional Office Phone: (202) 275-5044


The Justia Government Accountability Office site republishes public reports retrieved from the U.S. GAO These reports should not be considered official, and do not necessarily reflect the views of Justia.