An online database containing information on 79,000 dams throughout the US was compromised for several months by a hacker, according to a spokesman for the Army Corps of Engineers. Analysts reportedly traced the hack to China.
The database holds sensitive information, including
vulnerabilities, of every major dam throughout the country. News of
the breach was confirmed by The Washington Free Beacon through Pete
Pierce, a US Corps of Engineers spokesman, though he did not
provide additional details.
“The US Army Corps of Engineers
is aware that access to the National Inventory of Dams (NID), to
include sensitive fields of information not generally available to
the public, was given to an unauthorized individual in January 2013
who was subsequently determined to not have proper level of access
for the information,” Pierce told the Free Beacon.
The Free Beacon quotes unnamed intelligence officials familiar with
the incident as having traced the intrusion to China. As Wired
notes, however, using proxy servers it is possible to leave
misleading data trails pointing the finger at foreign nations.
The access breach is thought to have begun in January, but was only
identified in early April. The variety of data on the dams includes
estimated deaths occurring if one were to fail, designating certain
scenarios as “significant”
and “high” hazard
levels.
Michelle Van Cleave, a former consultant to the CIA, told the Beacon that the data breach appeared to be part of a greater effort to collect
“vulnerability and targeting data”for future cyber or military attacks.
“In the wrong hands, the Army Corps of Engineers’ database could be a cyber attack roadmap for a hostile state or terrorist group to disrupt power grids or target dams in this country,”said Van Cleave.
“Alarm bells should be going off because we have next to no national security emergency preparedness planning in place to deal with contingencies like that,”she added.
Catastrophic dam failures are a fairly rare event, though historically some breaches have caused significant loss of life and property. The 1977 failure of the Laurel Run dam in Pennsylvania, for example, caused 40 deaths and $5.3 million in damages. According to data produced by the Association of State Dam Safety Officials, smaller incidents have included 434 serious issues to dams, and 132 dam failures from January 2005 through January 2009.
Whether the data accessed by the Army Corps of Engineers represented a significant threat to US infrastructure remained unclear, though it could arguably be used to target facilities with cyber security vulnerabilities by a hostile group.