• Advertise
  • Subscribe
  • Forums
  • Buyer's Guide
  • Contact Us
  • Connect on LinkedIn
    1. Cybersecurity
    2. Information Security

    Audit Chides Texas Utility for Lax Security Procedures

    Nov. 17, 2004
    Personnel have not protected electronic networks well enough, say consultants, organization also needs to protect against internal sabotage

    The quasi-public organization that operates the Texas power grid remains at risk for internal sabotage and lacks adequate financial controls.

    That's the conclusion of two management audits of the Electric Reliability Council of Texas, released Tuesday at a board meeting. ERCOT manages the flow of electricity across the state's power lines.

    The audits also call for greater emphasis on financial management. "The findings were indeed humbling," ERCOT board member Vanus Priestley said.

    The audits come after a recent scandal at ERCOT's office in Taylor. Allegations of criminal wrongdoing by security personnel there led to criminal investigations, added regulatory scrutiny and calls for a possible state takeover of the organization.

    Several top ERCOT staffers -- including almost all those responsible for ERCOT's cyber-security -- have resigned or been fired.

    Board member Mike Espinosa said the new audits represent an attempt to fix the problems. "A lot of work will have to be done, but we will get there," he said.

    Ernst and Young, the consultant contracted by the Texas Public Utility Commission, found that ERCOT has not paid enough attention to risks to its electronic networks. It also said:

    ERCOT needs to improve computer security. Ernst and Young recommended hiring an experienced chief information security officer. Thomas F. Schrader, ERCOT's director, said he has begun interviews for such a position.

    ERCOT needs to do a better job of protecting against internal sabotage.

    A separate audit by consultant Deloitte & Touche found that ERCOT "lacks a formal set of policies, procedures and internal controls for most of its key business practices." Deloitte & Touche also listed several other problems:

    Financial management at ERCOT has not focused on policies "to ensure that everything is working in a well-controlled manner."

    ERCOT had not established formal employee training guidelines.

    Schrader promised quick action on those issues.

    Schrader also announced the resignation of Maxine Buckles, ERCOT's chief financial officer.

    ERCOT's $133.2 million budget is funded by a fee on residential utility bills that averages 44 cents.