Inspector general: 2 US dams at risk of 'insider threats'June 12, 2018 5:42pm

SACRAMENTO, Calif. (AP) — Two dams critical to U.S. national security are at high risk for "insider threats" that could impair operations because of poor computer security practices such as too many employees having access to administrator accounts and failures to routinely change passwords, according to a new inspector general report.

An evaluation released Monday by the U.S. Department of the Interior doesn't name the two dams, and spokeswoman Nancy DiPaolo cited national security concerns. But they are among five dams operated by the U.S. Bureau of Reclamation that are considered "critical infrastructure," meaning their destruction or impairment could hurt national security. Those five dams are Shasta and Folsom Dams in California, Glen Canyon Dam in Arizona, Grand Coulee Dam in Washington and Hoover Dam, which straddles Nevada and Arizona.

The United States and other countries have accused Russian hackers of trying to infiltrate critical infrastructure such as power plants, elevating the sensitivity around making sure U.S. systems are secure.

The inspector general's report found the two dams are at low-risk of outside cyber infiltration — but at high risk of threats from within. They're run remotely through a computer system that controls generators, valves and gates at the dams from a U.S. Bureau of Reclamation operations center. The agency disputed some of the findings.

Among the factors cited as security risks: Too many people have access to administrative accounts, employees aren't changing their passwords often enough, account access isn't always revoked when employees leave, and the agency isn't conducting robust enough background checks for employees with high-level privileges. For example, the evaluation found nine of 30 administrator accounts hadn't been used in more than a year.

The report characterized the issues as "significant control weaknesses that could be exploited by insiders."

Administrative access would give an employee the ability to compromise the system by installing malware to disrupt dam operations, installing back-door access for others, deleting or modifying crucial programs, revoking access for others and deleting or modifying control logs to "conceal malicious activity," according to the report.

The inspector general offered five recommendations, including eliminating the use of group accounts that allow multiple workers access and conducting more rigorous background checks on certain employees.

The U.S. Bureau of Reclamation disputed several of the findings. It said the number of people with privileged administrative access is necessary to provide 24/7 support to the dams and that system administrators are required to log their use of group accounts. The bureau said it follows federal guidelines for conducting background checks.

The inspector general conducted interviews with operations center and dam staff in April 2017.

Page 1 of 1

More Stories Like This

FILE - In this July 31, 2014, file photo, an artificial turf soccer field sits in the middle of the Karnes County Residential Center in Karnes City, Texas. The immigration detention facility has been retooled to house adults with children who have been apprehended at the border. The Trump administration is calling for the expanded use of family detention for immigrant parents and children who are stopped along U.S.-Mexico border, a move described by advocates as a cruel and ineffective attempt to deter families from coming to the United States. (AP Photo/Eric Gay, File)
Administration seeks to expand immigrant family detention
Lawsuit: Green-card holders face bias in US military policyA civil liberties group is suing the Trump administration over a policy that requires green-card holders to pass a background check before they can start military service
In this photo taken June 8, 2017, accused leaker Reality Winner leaves the U.S. District Courthouse in Augusta, Ga., following a bond hearing. Court records indicate Winner, charged with leaking U.S. secrets to a news outlet, has reached a deal with prosecutors. U.S. Department of Justice spokesman Ian Prior confirmed in an email Thursday, June 21, 2018, that former National Security Agency contractor Winner plans to plead guilty. (Michael Holahan/The Augusta Chronicle via AP)
Court records: Woman charged in leak case reaches plea deal
Lawsuit seeks lawyer access to immigrants in prisonA rights group has filed an emergency suit in federal court against top officials of U.S. immigration and homeland security departments, alleging they have unconstitutionally denied lawyers' access to immigrants being held in a federal prison in Oregon
Cage-free egg initiative qualifies for California ballotCalifornia voters will decide in November whether egg-laying hens must live cage free
California officials call for endangered listing for martenCalifornia fish and wildlife officials are recommending that a weasel-like animal whose habitat along the state's northern coast is threatened by pot cultivation be listed as endangered

Related Searches

Related Searches