A U.S. official, on March 10, said a Justice Department probe has found Iran was responsible for a 2013 cyberattack on the control system at the 20-foot-tall Bowman Avenue Dam in Rye Brooke, N.Y., 20 miles from New York City.
The attackers were later identified in a classified Department of Homeland Security report as being the same Iranian group alleged to have been responsible for attacks on PNC Financial Services Group, SunTrust, and Capital One Financial.
The official was not authorized to speak publicly about the ongoing criminal investigation and spoke to The Associated Press on condition of anonymity.
First reported by the Wall Street Journal in 2015, the intrusion was made possible by a broadband cellular modem used to connect the small facility to the Internet. The targeted network scan for industrial control systems exposed to the Internet prompted a federal investigation.
The official said investigators have determined Iran was responsible for the incident and that an indictment would be handed down in the case from the U.S. attorney’s office in Manhattan. It was not clear whether the indictment would name specific people within the Iranian government.
Although Bowman Avenue Dam does not generate power, cyber criminals gained access to the scheme through a cellular modem and used the breach to probe the dam’s computer system.
Government intelligence agencies noticed the breach while conducting a broader investigation of computers believed to be linked to Iranian hackers.
Earlier in 2015, DHS revealed the extent of the problem by saying that its Industrial Control Systems Cyber Emergency Response Team responded to 245 “incidents” during the fiscal year ending in February. DHS said those incidents targeted manufacturing, energy, nuclear, transportation and water facilities.
According to the 2015 DHS Dams Sector-Specific Plan, an annex of the National Infrastructure Protection Plan, persistent risks in the Dams Sector include natural disasters, structural issues from internal and external erosion, and deliberate attacks on physical or cyber infrastructure.
The report also says, in part, “The cyber risk landscape may change as some owners and operators upgrade to modern control systems with standardized hardware or transition to remote monitoring and control processes.”
The Federal Energy Regulatory Commission recently raised concerns about another area that is not covered by federal cybersecurity rules: contractors who sell energy companies software and equipment. Attackers have used outside companies to pull off hacks against energy companies.
