Iranian hackers who targeted American financial institutions two years ago were also apparently curious about a small dam in upstate New York—and officials are worried what this means for the security of US industrial infrastructure overall, the Wall Street Journal reports. The hackers reportedly infiltrated the controls for the facility—IDed by Journal sources as the Bowman Avenue Dam near Rye—in 2013 through a cellular modem, per an unclassified Homeland Security document. And while the interlopers didn't wrest control of the dam, it appears they poked around quite a bit—underscoring how easy it is to break into the more than 57,000 systems for US power grids, pipelines, bridges, and dams, many of which are antiquated and virtually unprotected, the Journal notes. In fact, per a separate AP investigation, "sophisticated foreign hackers" have accessed about a dozen power networks here, attacks that the AP says the US public is rarely informed about.
US infrastructure is often run by creaky systems that were previously offline, which kept them relatively safe. But, "against the advice of hacking gurus," as the Journal notes, many companies started connecting their systems to the Internet without adequately securing them. And the number of such hacks has been creeping up since. Per Homeland Security data, over the 12 months ending Sept. 30, it took in and responded to 295 incidents, up from 245 the year before, per the Journal. Possible consequences: hackers causing a flood, explosion, or even bumper-to-bumper traffic, either by accident or intentionally. A Homeland Security official recently told energy execs at a conference that even ISIS "is beginning to perpetrate cyberattacks," per the Hill. In the Bowman Dam incident, the White House was informed because officials initially thought the hack was against Oregon's larger Arthur R. Bowman Dam, per the Journal. (The AP investigation chillingly reveals how hot a target the US power grid has been.)