SACRAMENTO, Calif. — Two dams critical to U.S. national security are at high risk for "insider threats" that could impair operations because of poor computer security practices such as too many employees having access to administrator accounts and failures to routinely change passwords, according to a new inspector general report.
An evaluation released Monday by the U.S. Department of the Interior doesn't name the two dams, and spokeswoman Nancy DiPaolo cited national security concerns. But they are among five dams operated by the U.S. Bureau of Reclamation that are considered "critical infrastructure," meaning their destruction or impairment could hurt national security. Those five dams are Shasta and Folsom Dams in California, Glen Canyon Dam in Arizona, Grand Coulee Dam in Washington and Hoover Dam, which straddles Nevada and Arizona.
The United States and other countries have accused Russian hackers of trying to infiltrate critical infrastructure such as power plants, elevating the sensitivity around making sure U.S. systems are secure.
The inspector general’s report found the two dams are at low-risk of outside cyber infiltration — but at high risk of threats from within. They’re run remotely through a computer system that controls generators, valves and gates at the dams from a U.S. Bureau of Reclamation operations center. The agency disputed some of the findings.
Separately, NextGov reported on June 11 that the Interior Department awarded two companies — Booz Allen Hamilton and Spry Methords — spots on a $45 million contract to secure dams from cyberattacks.
Among the factors cited as security risks in the IG report: Too many people have access to administrative accounts, employees aren’t changing their passwords often enough, account access isn’t always revoked when employees leave, and the agency isn’t conducting robust enough background checks for employees with high-level privileges. For example, the evaluation found nine of 30 administrator accounts hadn’t been used in more than a year.
While experts say the U.S. has never had a significant incident as a result of a cyber breach at one of these facilities, the repercussions of a successful attack could range from merely inconvenient to deadly.
The report characterized the issues as “significant control weaknesses that could be exploited by insiders.”
Administrative access would give an employee the ability to compromise the system by installing malware to disrupt dam operations, installing back-door access for others, deleting or modifying crucial programs, revoking access for others and deleting or modifying control logs to “conceal malicious activity,” according to the report.
The inspector general offered five recommendations, including eliminating the use of group accounts that allow multiple workers access and conducting more rigorous background checks on certain employees.
The U.S. Bureau of Reclamation disputed several of the IG findings. It said the number of people with privileged administrative access is necessary to provide 24/7 support to the dams and that system administrators are required to log their use of group accounts. The bureau said it follows federal guidelines for conducting background checks.
The inspector general conducted interviews with operations center and dam staff in April 2017.