Two Critical U.S. Dams at High Risk From Insider Cyber Threats
The U.S. Bureau of Reclamation, a part of the Interior Department, operates more than 600 of the some 100,000 dams in the United States, five of which are considered part of the national critical infrastructure. This means that the incapacitation or destruction of either the Glen Canyon Dam in Arizona, the Shasta or Folsom Dams in California, the Hoover Dam in Nevada, or the Grand Coulee Dam in Washington State would, in the Department of Homeland Security’s words, “have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof.”
The Interior Department’s Inspector General released a report (pdf) this week stating that two of the dams’ industrial control systems, while seeming secure from being attacked remotely, operate “at high risk from insider threats.” The report, which does not identify the two dams in question due to security concerns, lists a number of rudimentary cybersecurity practices that were not being followed. These included limiting system administrator access to the control systems and conducting rigorous background checks on individuals’ granted system privileges.