Sensitive Army database of U.S. dams compromised; Chinese hackers suspected
The Washington Free Beacon, May 1, 2013
U.S. intelligence agencies traced a recent cyber intrusion into a sensitive infrastructure database to the Chinese government or military cyber warriors, according to U.S. officials.
The compromise of the U.S. Army Corps of Engineers’ National Inventory of Dams (NID) is raising new concerns that China is preparing to conduct a future cyber attack against the national electrical power grid, including the growing percentage of electricity produced by hydroelectric dams.
According to officials familiar with intelligence reports, the Corps of Engineers’ National Inventory of Dams was hacked by an unauthorized user believed to be from China, beginning in January and uncovered earlier this month.
The database contains sensitive information on vulnerabilities of every major dam in the United States. There are around 8,100 major dams across waterways in the United States.
. . . . . . . .
The database categorizes U.S. dams by the number of people that would be killed if a dam fails. They include “significant” and “high” hazard levels.
Michelle Van Cleave, the former National Counterintelligence Executive, a senior counterintelligence policymaker, said the database compromise highlights the danger posed by hackers who are targeting critical U.S. infrastructure for future attacks.
“In the wrong hands, the Army Corps of Engineers’ database could be a cyber attack roadmap for a hostile state or terrorist group to disrupt power grids or target dams in this country,” Van Cleave said in an email.
“You may ask yourself, why would anyone want to do that? You could ask the same question about why anyone would plant IEDs at the Boston Marathon.”
Van Cleave said the intrusion appears to be part of an effort to collect “vulnerability and targeting data” for future cyber or military attacks.
“Alarm bells should be going off because we have next to no national security emergency preparedness planning in place to deal with contingencies like that,” she said.
Gen. Keith Alexander, commander of the U.S. Cyber Command, warned in a 2011 speech that cyber attacks were escalating from causing disruptions to actual destructive strikes, including cyber attacks on hydroelectric dams.
Alexander provided what he said were indirect examples of two types of anticipated cyber attacks. The first was a cyber strike that could produce a cascading power failure like the August 2003 electrical power outage in the Northeast United States caused by a tree falling on a high-voltage power line
The second involved the catastrophic destruction of a water-driven electrical generator at Russia’s Sayano-Shushenskaya dam, near the far eastern city of Cheremushki, in August 2009. One of the dam’s 10 650-megawatt hydro turbine generators, weighing more than 1,000 tons, was mistakenly started by a computer operator 500 miles away.
As a result, the generator began spinning, rose 50 feet in the air, and exploded, killing 75 people and destroying eight of the remaining nine turbines at the dam.
Phi Beta Iota: There is no Chinese threat. The only threat to our dams is our own government — strike one: refusing to invest in infrastructure maintenance and replacement for the last several decades (if a dam fails, we will blame it on the Chinese but it is actually our malfeasance); strike two: refusing to heed the 1994 warning, in writing to the White House, about the importance of investing in cyber-security then (instead of now, when we are not only investing in the wrong things, those doing the investing have no idea what the right thing is); and strike three: depleting our blood, treasure, and spirit on elective wars that enrich the few at the expense of the many, leaving nothing for necessary and responsible domestic stabilization and reconstruction. We are hosed — we are our own enemy. This is NOT a Chinese threat, this is “made in the USA” treason. Incidentally, the Chinese bought all the CD-ROMS with all of the port and dam and other Army Corps of Engineer artifact information years ago. The raw fact is that nothing that any outsider might do to any given dam can compare with the enormous inevitable costs to US citizens of their own government’s malfeasance in relation to infrastructure and cyber-stability, never mind security.
Open Everything – Interview with Robert David STEELE Vivas. Part 5 This part of the interview reflects Steele’s thoughts on computer security, biohacking, cyber warfare exemplified by Stuxnet, and online authenticity models.