Hackers traced to Iran infiltrated the control system of a dam just 25 miles from New York City in 2013, convincing the White House to double down in its still ongoing campaign to ramp up America’s defences against outside cyber-attacks.
Newly emerging details of the security breach at the Bowman Avenue Dam in Rye are giving the US public, already unnerved by the mass shootings in California, a first concrete glimpse of the kind of damage a few strokes at a remote keyboard could inflict. Earlier this year, President Barack Obama appealed to private corporations to cooperate with the government in trying to guard against cyber-attacks. While data theft was one focus of concern, the White House, in part because of the New York dam episode, was also increasingly alarmed about the vulnerability of key parts of the country’s infrastructure, not least its often rickety power grid.
In a special report, the Associated Press today said that on 12 occasions in the last decade hackers gained top-level access to key power networks, raising the spectre that acts of cyber-sabotage could plunge whole cities into darkness or deny power to key military installations. This autumn, officials with the Department of Homeland Security suggested that Isis had been trying to hack into US power companies as well as shopping centres and schools.
The Rye dam is relatively small, meant only to control the flow of what amounts to a large stream, Blind Brook, as it heads towards Long Island Sound. Made of concrete it is about 20ft tall. The hackers got into its control system, potentially allowing them to release larger volumes of upstream water without warning, through a cellular modem, The Wall Street Journal reported.
The White House initially thought a different dam had been compromised. The similarly named Arthur R Bowman Dam in Oregon is much bigger, standing at 245 feet, and a hack on the site would have been a far scarier scenario.
This attack occurred soon after Tehran learned that the US had damaged some of its nuclear facility computers by way of the Stuxnet computer worm, and came as Iranian hackers were also battering at the cyber-defences of many US banks.
“We are not where we need to be,” on protecting US infrastructure networks against cyber-assault, Alejandro Mayorkas, the deputy secretary of the Department of Homeland Security, told the AP. The US electricity grid may be particularly vulnerable because so much of it still relies on ageing computers that were installed and programmed long before potential cyber intrusions were a concern.
Iran, Russia, North Korea and China have all been implicated by US officials for hacking, including the breach of private emails and other confidential material at Sony Corporation a year ago. When infrastructure is the target, like a power station or, perhaps, a gas pipeline or train network, hackers can squirrel away information, including detailed drawings, for potential use later, for example if relations with the US deteriorate.
“If the geopolitical situation changes and Iran wants to target these facilities, if they have this kind of information it will make it a lot easier,” said Robert M Lee, a former US Air Force cyberwarfare operations officer. “It will also help them stay quiet and stealthy.”
During a speech at Stanford University in February, Mr Obama said: “There’s only one way to defend America from these cyber threats and that is through government and industry working together, sharing information as true partners.”Reuse content