The country still doesn’t seem to be taking the whole cybersecurity thing all that seriously, no matter how many times it’s brought up in Congress and on cable news. Of if we are taking it seriously, we need to get some better geeks. Ed talked about the Juniper breach previously and that should have been enough to put a scare into everyone. There are more than a few bad actors out there and they seem to be able to tap into both government and civilian computer systems. The intersection of the two can sometimes be even more frightening, as we saw this week when it was revealed that Iran had briefly infiltrated the controls of a dam in upstate New York. (Daily Caller)
Iranian hackers infiltrated the control system of a dam approximately 20 miles from New York City in 2013, according to a Sunday report by the Wall Street Journal.
When the White House was alerted, officials wrongly believed a much larger facility in Oregon had been hacked. The Iranian hackers likely gained access to the New York dam through a cellular modem, according to the Wall Street Journal. The hackers did not take control of the dam, but probed and attempted to map the system.
Any kind of improper access to dams can be dangerous, as demonstrated by the explosion of the Sayano-Shushenskaya hydroelectric dam in Russia in 2009, which killed 75 people and caused an environmental catastrophe.
A small dam in the Hudson Valley probably doesn’t sound like much of a big deal, but having some malevolent character taking over control of the flood gates could be a disaster in the making, particularly if it happens at a much larger facility. In the event of a complete failure you could be looking at severe flooding and loss of life. Also, most of the higher tech dams in the country are tied up in powering the electrical grid and it’s just one more avenue into causing a significant and potentially sustained power outage.
The Federal Energy Regulatory Commission issued a warning last year saying that all it would really take to cripple the United States entirely would be for terrorist to destroy nine power grid substations and coordinate that with an attack on a single transformer manufacturer. (That includes the possibility of physical attacks on very lightly secured substations as well as cyber attacks.) The result could be up to 18 months without power, the internet, phone communications and even basic services such as fresh water. The country could be effectively collapsed without anyone ever firing a shot.
If it’s that feasible for somebody in Tehran to take control of an energy generating dam, we probably need to get off the stick and stop just talking about this. Unfortunately that will require cooperation between the government and the private energy sector, which complicates the question immediately. But the alternative – basically doing nothing – could be far, far, worse.