Army Corps database on dams compromised

Sensitive information about the more than 8,000 dams in the United States -- including data on flaws in those structures -- has been given to an unauthorized person.

The incident occurred in January, but did not come to light until Wednesday, when news of the breach was reported in The Washington Free Beacon.

The U.S. Army Corps of Engineers (USACE), which oversees the database, said in a statement that it is aware that access to the National Inventory of Dams (NID), including sensitive information not generally available to the public, was given to an unauthorized individual in January 2013.

The individual was subsequently determined to not to have the proper level of access for the information, the Corps said, and their access to the database was revoked.

However, most information contained in the database is publicly accessible, the Corps added.

Citing officials familiar with the intelligence reports on the incident, The Beacon reported that the unauthorized user is believed to be from China.

It said that the database includes vulnerability information on every major dam in the United States. It's estimated that there are some 8,100 major dams in the nation.

The database also ranks dams by how many people would be killed if the dam fails.

Although the Corps has revoked the credentials of its unauthorized intruder, it's likely that its system is still infected, said Ira Victor, a digital forensics analyst with Data Clone Labs.

"They make these breaches sound like a smash and grab," Victor told CSO. "That notion is as outdated as a 486 PC."

The days of protecting data behind perimeter defenses that act like the wall of a castle are over, he said. "The reality is that in many of these cases the attackers are in the network persistently."

[Also see: Vulnerable terminal servers represent bigger security problem]

The Corps may also be surprised if it thinks revoking an intruder's credentials is going to flush the problem from their systems, he added. "If an attacker gets into the network as far as this one seems to have gotten, they typically steal the entire credentials database," Victor said.

The Corps seems to be aware of that risk and reportedly has changed all user names and passwords on the system.

In the Beacon report, a former advisor to the Executive Agent for Homeland Security, Michelle Van Cleave, said the breach was part of an effort to collect "vulnerability and targeting data" for future cyber or military attacks.

"In the wrong hands," she told The Beacon, "the Army Corps of Engineers' database could be a cyberattack roadmap for a hostile state or terrorist group to disrupt power grids or target dams in this country."

Another security expert, however, said the consequences of the breach are not as dire as some would have the public believe.

"Because there are widespread attacks going on right now, there appears to be a large harvesting operation going on," said Richard Stiennon, chief research analyst at IT-Harvest. "But I wouldn't attach a lot of significance to this target."

"When you lump it in with all the other things that are attacked constantly, it's more indicative of just grabbing information because it's there and the defenders aren't aware they even have to defend it," Stiennon said.

There are some things in the database that could have economic value to a nation-state -- especially one like China without the sophisticated civil engineering capability of the United States. "The database would give a country the model of a mature resource management program for irrigation, power and recreation," Stiennon said.

"That information is more valuable than using the data to identify attack targets," he added.

Read more about data protection in CSOonline's Data Protection section.

Join the CSO newsletter!

Error: Please check your email address.

Tags U.S. Armyapplicationssecurityphysical securitycritical infrastructuresoftwaredata protection

More about CSO

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John P. Mello

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place