SACRAMENTO, Calif. – Two dams is crucial for AMERICAN national security is at high risk for “insider threats” that can affect the activities as a result of poor computer security, such as the many employees who have access to the administrator of the accounts and failures to routinely change passwords, according to a new inspector general report.
An assessment released Monday by the U.S. Department of the Interior, not the name of the two dams, and the spokeswoman, Nancy DiPaolo cited national security concerns. But they are among the five dams operated by the U.S. Bureau of Reclamation which are considered “critical infrastructure”, which means that their destruction may damage or be harmful to the national security. Five dams are Shasta and Folsom Dams in California, Glen Canyon Dam in Arizona, the Grand Coulee Dam in Washington and the Hoover Dam, which by Nevada and Arizona.
The United States and other countries have accused Russian hackers trying to infiltrate critical infrastructure, such as power plants, increase the sensitivity around the creation of that AMERICAN systems are safe and secure.
The inspector general report found of the two dams with a low risk of outside cyber infiltration — but with a high risk of threats from within. They are run remotely via a computer system that controls generators, valves and gates on the dams of U. S. Bureau of Reclamation operations center. The agency disputed some of the findings.
Among the factors cited as safety risks: Too many people have access to the administrative accounts, employees are not changing their passwords often enough, access to the account is not always revoked when employees leave, and the agency shall not perform robust background checks for employees with a high level of privileges. For example, the evaluation found nine of 30 administrator accounts are still not in more than a year.
The report characterized the problems as “significant control weaknesses which can be exploited by the insiders.”
Administrative access would give an employee the possibility to compromise the system by installing malware to interfere with dam operations, the installation of a back-door open for others, deleting or modifying critical programs, the withdrawal of access, for others and for the removal or modification of audit logs to “hide harmful activities”, the report said.
The inspector general offered five recommendations, including the elimination of the use of the group offer the ability for multiple employees to access and perform stricter background checks on certain employees.
The U. S. Bureau of Reclamation is contesting some of the findings. It said that the number of people with a privileged administrative access is required to provide 24/7 support to the dams and system administrators are required to log use of group accounts. The agency said that it follows the federal guidelines for performing the background checks.
The inspector general conducted interviews with operations center and the dam in April 2017.