Inspector general: Two U.S. dams at risk of "insider threats"
SACRAMENTO, Calif. (AP) —
An inspector general report finds two dams, critical to U.S. national security, are at high risk for "insider threats" due to poor computer security.
The Monday report does not name the two dams, but they are among five considered "critical infrastructure." The five are Hoover, Shasta, Grand Coulee, Glen Canyon and Folsom dams.
The inspector general at the U.S. Department of the Interior conducted the evaluation.
It finds the two dams are at low risk of outside cyber infiltration, but high risk of threats from within.
Risk factors include too many people having access to administrator accounts, a failure to change passwords regularly and background checks that aren't rigorous enough.
The U.S. Bureau of Reclamation, which operates the dams, disputes some of the findings.
Erin Curtis, who works in public affairs for the Bureau of Reclamation, says they do face complex cyber challenges and recognize they need to take appropriate security measures.
"We implement several layers of defense to include alternative protection measures and we don't rely solely on information technology systems to ensure the safety of our facilities or the surrounding communities," said Curtis.
When asked if the bureau will be changing any policies to improve security now that this report has been released, Curtis said that question can't directly be answered.
"I can't answer that question directly. If you go into the report itself it does talk about how we'll be working with the OIG to resolve these differences so certainly we will continue to do that," added Curtis.
In response to whether or not Shasta County residents are safe, Curtis said, "You know, we take this very seriously and we understand that we'll be a key role in protecting the critical infrastructure and we're doing everything we can. This is an interactive process, we're never done".
Congressman Doug LaMalfa also issued a response to the report saying, "While we don’t currently know that either Shasta or Folsom Dams are the high-risk dams in question, it’s imperative that these issues are given the proper level of attention and quality solutions for the pressing cybersecurity threats our country faces."
LaMalfa added, "Beyond that, proper maintenance is equally important. We witnessed the results of poor maintenance firsthand with the Oroville Dam spillway incident last year. Regardless of which dams are at risk, these are all considered important infrastructure to our national security, and I’m glad the inspector general is looking into it.”
(Copyright 2018 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.)