The Islamic Republic of Iran hacked into the control system of a dam near New York City two years ago, according to The Wall Street Journal (“Iranian Hackers Infiltrated New York Dam in 2013,” Dec. 20, 2015). WSJ reported that the incident sparked “concerns that reached to the White House, according to former and current U.S. officials and experts familiar with the previously undisclosed incident.” The Journal broke the news of this still classified dam intrusion through interviews and an unclassified Homeland Security document, among other sources.
The paper reported that systems of the type hacked by Iran “control the flow in pipelines, the movements of drawbridges and water releases from dams. A hacker could theoretically cause an explosion, a flood or a traffic jam.” The attacks occurred during a period of intensive computer hacking by the Iranian government, targets of which included U.S. banks, such as Capital One Financial Corp., PNC Financial Services and SunTrust Banks.
According to an unclassified Homeland Security summary of the dam intrusion, Iranian hackers were thought to have gained access via a cellular modem. The hackers did not take control of the dam, but rather probed the system.
The breach was noticed by U.S. intelligence agencies who were monitoring computers linked to Iranian hackers. WSJ reports:
“Intelligence analysts then noticed that one of the machines was crawling the Internet, looking for vulnerable U.S. industrial-control systems. The hackers appeared to be focusing on certain Internet addresses….Eventually, investigators linked one address to a ‘Bowman’ dam.”
Since there are 31 different dams in the U.S. that include the word “Bowman” in their names, officials originally worried that the Bowman Dam in Oregon had been compromised. That is a 245-foot-tall structure that prevents flooding in Prineville, population of 9,200. At this point, the White House was notified.
However, the breach was traced eventually to the Bowman Avenue Dam, a 20-foot-tall structure near the village of Rye Brook, N.Y.
In a separate but related Associated Press story that ran in The Boston Globe and appeared on the ABC News Web site (“U.S. electrical grid vulnerable to hackers,” December 21), reporters Garance Burke and Jonathan Fahey noted that “digital clues pointed to Iranian hackers” infiltrating the United States power grid. The hackers had “already taken passwords, as well as engineering drawings of dozens of power plants, at least one with the title ‘Mission Critical.’ The drawings were so detailed that experts say skilled attackers could have used them, along with other tools and malicious code, to knock out electricity flowing to millions of homes. The breach involved Calpine Corp., a power producer with 82 plants operating in 18 states and Canada.”
AP reported that cyber breaches of the power grid provide potential enemies with the information and ability to “strike at will.”
USA Today, The Baltimore Sun, The Washington Post and The New York Times, among others, did not cover this Iranian cyber-attack on U.S. infrastructure which had resulted in a White House briefing. While the dam intrusion is still classified, unclassified summaries by Homeland Security and The Wall Street Journal report itself give information that other outlets could have provided to their readers.
CAMERA recently noted (“Iran Increases Cyber-attacks against the United States; Where’s the Coverage,” November 30) that Iran has increased its cyber-attacks against the United States—although much of the media has failed to take note.
“The public,” Burke and Fahey of the Associated Press wrote,” almost never learns the details of these types of attacks—they’re rare but also more intricate and potentially dangerous than data theft. Information about the government’s response to these hacks is often protected and sometimes classified; many are never even reported to the government.”
Perhaps another reason the public “never learns” about cyber-attacks on the power grid is due to their being unreported by the news media.
Where was the coverage?