Summary: As part of its study of automatic data processing management at the Bonneville Power Administration (BPA), GAO reviewed computer security at the control system's Dittmer computer center.
GAO found that, although BPA has made some progress toward developing and implementing a computer security program agencywide, it needs to do more. Recently, BPA appointed a computer protection program manager, identified critical and sensitive data processing systems, and assessed risks and threats to the computer center. However, during its review of the center, GAO found that: (1) written computer security procedures had not been developed or implemented; (2) an automatic fire suppression system had not been installed; (3) physical access to the facility was not appropriately restricted; and (4) a contingency plan for implementation in the event that the computer becomes nonoperational had not been fully developed. GAO concluded that BPA must correct these problems at the computer center before it can fully install a computer security program.
