Hackers Breach Local Dam Security, Astorino Asks Why He Was Not Informed
Last week The Wall Street Journal reported that according to a former official the Bowman Avenue Dam near Rye Brook was breached by Iranian hackers in a test to see what they could access.
The article said the breach was not sophisticated and occurred during the same time frame that Iranian hackers were targeting U.S. financial institutions. The attackers were unable to get into the full dam system, but could take control of the flood gates. The incident remains classified, the official said.
Rye Brook Mayor Paul Rosenberg was quoted in the article saying, “The dam is used to control water flow when it rains to prevent flooding downstream. The dam is managed by a piece of software that is industry standard and very common.” Rosenberg said he doubted the hackers could have wreaked heavy damage or that Rye was a substantial target, but it worries him that hackers are looking for any opportunity they could find to cause damage.
The Department of Homeland Security, which knew about the cyberattack, would not comment on the dam intrusion for The Wall Street Journal article, but did note in a statement that its cybersecurity center serves as a hub for monitoring and mitigating such attacks.
The Iranian hactivist group SOBH Cyber Jihad was reported to have claimed responsibility for the Rye Brook cyberattack and said they kept quiet for two years because of a “state-level” warning not to go public with it “for the greater good.” They came forward after the Wall Street Journal report.
Officials in Rye said the Department of Homeland Security notified them about unauthorized access to the city’s computer system and followed up with a report in January. According to NBC News the intruder accessed and read files, including usernames and passwords, six times between Aug. 22 and Sept. 27, 2013.
Shocked when he heard the news and disturbed that he and other Westchester County officials had not been notified of the breach, County Executive Rob held a press conference Dec. 23. asking the Department of Homeland Security for details about the reported Iranian cyber-security breach at the Bowman Ave. Dam. He also demanded explanations about why the county wasn’t informed of the security risk.
“If this information was important enough to be reported to the White House then why wasn’t it reported to me and the county officials who would have been required to deal with the consequences of any terror attack?” asked Astorino. “It is unacceptable that in this day and age that I had to read about this in the newspaper. No amount of intelligence information is too small or insignificant when it comes to security.”
Despite being a member of the FBI Joint Terrorism Task Force, Westchester County was never alerted to the potential security risk. Since January 2010, a Westchester County police detective has been assigned full-time to the FBI Joint Terrorism Task Force to ensure access to the highest levels of intelligence information affecting Westchester and its citizens. Westchester is also part of a separate counter-terrorism zone that also includes Putnam County.
“Even though it was done with computers, this is considered a criminal break in,” said County Public Safety Commissioner George Longworth. “The link to a possible terror threat makes this extremely serious.”
In 2014 the Department of Homeland Security responded to 245 cyber incidents reported by critical infrastructure operators, 32 percent of which were in the energy sector and 27 percent of which were in critical manufacturing. Many of the compromises were carried about by simple “spearphishing” attacks, where employees are duped into clicking a malicious link by an email.