Interior Dept.’s systems are being hacked regularly by China, exposing critical U.S. power infrastructure

(Cyberwar.news) China is thought to be behind scores of hack attacks aimed at Department of Interior computer systems, potentially exposing critical hydroelectric power plant data in the process.

As reported by FierceGovernmentIT, DOI’s information technology (IT) systems have been compromised at least 19 times by hackers and foreign intelligence services over the course of a few years, a recently released report from the agency’s internal watchdog stated.

“These security incidents resulted in the loss of sensitive data and disruption of bureau operations,” DOI Deputy Inspector General Mary Kendall said in a Nov. 10 memorandum and report (pdf) to Interior Secretary Sally Jewell.

The report laid out nine major management and performance challenges the department is facing. It also unveiled new information regarding IT security incidents and pulled together previously published Office of Inspector General reports regarding cloud computing, IT systems that are publicly accessible and compliance issues regarding the Federal Information Security Management Act of 2014.

At issue in particular are potential losses of data related to hydroelectric plants that fall under the purview of DOI’s Bureau of Reclamation, plants that are scattered throughout the United States. Earlier reports have noted that hackers allegedly tied to the Chinese government have stolen data on U.S. hydroelectric plants.

Specifically, U.S. intelligence officials believe Chinese hackers may have stolen U.S. Army data containing information about the vulnerabilities of thousands of dams located around the country.

The DOI inspector general’s report says that hackers originating from European-based IP addresses managed to lift an unknown amount of data while gaining control over two department public web servers in October 2014.

Later that same month and then again in December 2014, “hackers exploited vulnerable publicly accessible systems to steal user credentials with privileged (administrative) access to DOI systems,” and the “extent of these system breaches was never fully determined,” the report noted.

Further, the OIG said a May 2013 attack that originated from a China-based IP address was followed by a sustained presence within the DOI IT network, and that an unknown amount of data was taken and then malware uploaded before the breach was identified and contained a month later.

“Detection and response to cyber attacks are just as critical as prevention controls,” the OIG noted. “DOI’s response to any cybersecurity incident must be swift and effective to minimize any damage that might be caused, mitigate the system weaknesses that were exploited, and restore IT services.”

The OIG noted areas that need more attention – IT funding, policy changes and long-term strategic planning – in order to boost cyber security. Also, the reported noted that Interior has had difficulty in hiring cyber security pros.

As for the attacks against hydroelectric dam systems, an Army Corps of Engineers spokesman confirmed them in an interview with the Washington Free Beacon, but would not provide further details.

“The U.S. Army Corps of Engineers is aware that access to the National Inventory of Dams (NID), to include sensitive fields of information not generally available to the public, was given to an unauthorized individual in January 2013 who was subsequently determined not to have proper level of access for the information,” Pierce said in a statement to the Washington Free Beacon.

• Don’t forget to ‘like’ Cyberwar.news on Facebook! Click here

See also:

FierceGovernmentIT

Bureau of Reclamation

Absolute Rights