Shared from the 6/13/2018 The Sacramento Bee eEdition

Folsom, Shasta among dams at-risk of ‘insider threats’

Picture
RANDY PENCH Sacramento Bee

file

A federal report found the two dams of five in the West, including Folsom Dam, are at low-risk of outside cyber infiltration – but at high risk of threats from within. They’re run remotely through a computer system that controls generators, valves and gates at the dams from a U.S. Bureau of Reclamation operations center.

Two dams critical to U.S. national security are at high risk for “insider threats” that could impair operations because of poor computer security practices such as too many employees having access to administrator accounts and failures to routinely change passwords, according to a new inspector general report.

An evaluation released Monday by the U.S. Department of the Interior doesn’t name the two dams, and spokeswoman Nancy DiPaolo cited national security concerns. But they are among five dams operatedby the U.S. Bureau of Reclamation that are considered “critical infrastructure,” meaning their destruction or impairment could hurt national security.

Those five dams are Folsom and Shasta dams, as well as Glen Canyon Dam in Arizona, Grand Coulee Dam in Washington and Hoover Dam.

The United States and other countries have accused Russian hackers of trying to infiltrate critical infrastructure such as power plants, elevating the sensitivity around making sure U.S. systems are secure.

The inspector general’s report found the two dams are at low-risk of outside cyber infiltration – but at high risk of threats from within. They’re run remotely through acomputer system that controls generators, valves and gates at the dams from a U.S. Bureau of Reclamation operations center. The agency disputed some of the findings.

Among the factors cited as security risks: Too many people have access to administrative accounts, employees aren’t changing their passwords often enough, account access isn’t always revoked when employees leave, and the agency isn’t conducting robust enough background checks for employees with high-level privileges. For example, the evaluation found nine of 30 administrator accounts hadn’t been used in more than a year.

The report characterized the issues as “significant control weaknesses that could be exploited by insiders.”

Administrative access would give an employee the ability to compromise the system by installing malware to disrupt dam operations, installing back-door access for others, deleting or modifying crucial programs, revoking access for others and deleting or modifyingcontrol logs to “conceal malicious activity,” according to the report.

The inspector general offered five recommendations, including eliminating the use of group accounts that allow multiple workers access and conducting more rigorous background checks on certain employees.

The U.S. Bureau of Reclamation disputed several of the findings. It said the number of people with privileged administrative access is necessary to provide 24/7 support to the dams and that system administrators are required to log their use of group accounts. The bureau said it follows federal guidelines for conducting background checks.

See this article in the e-Edition Here