In-brief: The Wall Street Journal alleges that hackers with links to Iran may have compromised a small dam in Rye, New York. If true, the incident is just the latest evidence of information security vulnerabilities in U.S. critical infrastructure.
Danny Yadron over at the Wall Street Journal has an interesting scoop this morning alleging that hackers associated with Iran probed computer systems used to control the operation of a small dam outside of New York City.
The report cites unnamed “former and current U.S. officials saying that the Bowman Avenue Dam in Rye, New York was the target of hackers who used a cellular modem connection to attack and “probe” the device. If true, the attack is just the latest evidence of efforts to probe or otherwise compromise critical infrastructure in the U.S.
Information on the 2013 attack has been classified. However, the Wall Street Journal pieced together a rough outline of the incident based on a public notice of the event and after speaking to unnamed officials.
According to the Journal’s report, the incident came to light in the course of U.S. government monitoring of computers they believed were linked to groups of hackers in Iran. The same groups had been linked to denial of service attacks and other incidents directed at U.S. financial firms like Capital One Financial, PNC Financial Services Group and SunTrust Banks, the Journal reported.
Reading between the lines, government or intelligence officials got wind of mention of a compromise of a “Bowman” dam, but weren’t able to determine which dam the attackers were referring to. There are, the Journal notes, 31 dams in the U.S. with the word “Bowman” in their name. (Who knew?)
Initial suspicion was that the hackers were targeting systems at the Arthur R. Bowman Dam in Oregon – a 245 foot tall earthen dam that is used for irrigation and flood prevention near Prineville Oregon.
More investigation revealed that the actual target was much smaller: the Bowman Avenue Dam in Rye, New York, which is used for flood control. According to this story, that dam was recently upgraded, adding a sluice gate and sensors that will automatically open and close the gate to prevent flooding downstream of the dam.
In a statement, the Department of Homeland Security refused to comment on the Wall Street Journal report, but said that it “continues to coordinate national efforts to strengthen the security and resilience of critical infrastructure.” “The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) responds to cyber incidents, vulnerabilities and threats that can impact industrial control systems which operate critical infrastructure across the United States,” DHS said.
Attacks on critical infrastructure from state-sponsored “advanced persistent threat” (or APT) actors isn’t a new problem. In March, for example, a DHS report revealed that there were 245 incidents involving critical infrastructure in 2014. Amont those were cases of malicious software infections on control systems that were believed to be “air gapped” – or physically isolated from the Internet and the use of previously unknown or “zero day” vulnerabilities in industrial control system software.
In that report, DHS found 55% involved APT or sophisticated actors. Hactivists, malicious insiders and cyber criminals were behind other incidents. In many other cases, asset owners were unable to determine who or what was attacking them, the report said.