BPA places a very high priority on assuring the continued security and reliability of the electrical power grid, and an important element of that is our cyber security program. We have taken aggressive measures to mitigate cyber security risks, and we are confident in the precautionary measures we have taken.

After analyzing our cyber security risk management practices between October 2007 and August 2008, the Department of Energy Office of Inspector General made several recommendations on how we could strengthen our Certification and Accreditation documentation, one component of our cyber security program. BPA supports the OIG’s recommendations and will adopt a plan to address them within 180 days of the final report.

Because of the significant risks involved in operating the electrical grid, BPA is committed to continually improving our cyber security program and protections for information systems. Some of the measures we have taken over the last several years to improve our program include creating detailed security plans for new information systems, improving a Plan of Action and Milestone Program, and publishing detailed guidance on elements of our risk-based approach to cyber security.

• BPA’s response memo and attachment
• IG’s final report