A small dam in suburban New York was apparently the target of Iranian hackers back in 2013, says a new report in The Wall Street Journal. Most of the details of the apparent cyberattack on the Bowman Avenue Dam are still classified, but the Journal reports that the hackers likely accessed the system through a cellular modem.
The Bowman Avenue Dam is about 20 miles away from New York City, near the towns of Rye Brook and Port Chester. The dam is on the smaller side, and it’s used for flood control in the area. The hackers allegedly broke into the computer system but didn’t take control of the dam. Instead, the hackers kind of poked around and got a feel for the system. The attack was discovered while U.S. intelligence officers were tracking Iranian-linked cyberattacks on consumer-banking websites, and noticed a connection to an address with “Bowman” dam in the name. Intelligence agents, however, didn’t pinpoint the New York site immediately; according to the Journal, there are more than 30 dams in the U.S. that contain the name Bowman. It’s unclear how investigators finally confirmed the New York dam was the target.
The Bowman dam breach, however, isn’t the only recent assault on U.S. infrastructure. According to an Associated Press report, investigators discovered hackers — also believed to have ties to Iran — had accessed parts of the U.S. electric grid, taking passwords and creating detailed diagrams of specific power plants. The attack, however, is evidence of what some experts told the AP are multiple attacks (not necessarily all from Iran) in the past decade.
Many of the nation’s industrial systems were built in the pre-internet days, and as these companies transitioned and connected their systems online, they also left them vulnerable to cyberattackers. This has opened a huge, gaping hole in the nation’s security, especially if foreign actors or adversaries do take control of these systems and interrupt their functions — everything from causing floods to cutting off power to a large swaths of people. According to the Journal, about 57,000 of the U.S.’s industrial-control systems connect to the internet, more than any other country.
The threat of hacks from Russia and China still dwarf Iran. But Iran’s cyberwarfare capabilities have been building in recent years; this year, Iranian hackers also accessed the personal emails and social-media accounts of certain State Department officials. There have also been reports that ISIS operatives have tried, though so far unsuccessfully, to hack the U.S. power grid.