Cybersecurity

Report: Iran hacked into a New York dam in 2013

Iranian hackers infiltrated a small New York dam in 2013 in a previously undisclosed incident, according to The Wall Street Journal.

{mosads}Investigators said that the hackers didn’t take control of the system, but were probing its defenses. The White House was alerted when officials initially believed the intrusion occurred at a much larger facility in Oregon.

The still-classified breach occurred amid a wave of Iranian hacks on U.S. banks and just three years after a computer worm believed to be built by the U.S. and Israel damaged nuclear infrastructure in Iran.

The incident fits a pattern openly described by U.S. officials who warn that hackers from Russia, Iran and China are testing U.S. critical infrastructure networks for vulnerabilities.

National Security Agency Director Michael Rogers told lawmakers last fall that China and “one or two” other countries would be able to shut down portions of critical U.S. infrastructure with a cyberattack. Researchers suspect Iran to be on that list.

In fiscal 2015, the Department of Homeland Security (DHS) responded to 295 hacking incidents related to industrial controls, up from 245 the year previous, the Journal reports.

If hackers moved from grid-mapping to a deliberate attack, the consequences could be devastating. A blackout across 15 states and Washington, D.C., could cost the economy hundreds of billions, raise mortality rates at hospitals and cut the nation’s water supply, according to a recent study.

Experts say utilities are unprepared to cope with the threat of such an attack. Much of the technology governing industrial systems is outdated and in many cases connected directly to at-risk office networks.

The U.S. has more than 57,000 industrial-control systems connected to the Internet. The DHS has issued repeated public warnings to utilities that their networks are at risk.

A top DHS official recently told energy firm executives at a conference that ISIS “is beginning to perpetrate cyberattacks.”

The incident in New York also raises questions about the murky set of guidelines surrounding cyberwarfare.

Experts say there are three distinct kinds of cyber intrusions: corporate espionage intended to financially benefit foreign companies, hacks intended to do damage to infrastructure and traditional intelligence-gathering efforts performed by nation states.

Lawmakers have called for clear standards governing the U.S. response to different incidents, in some cases pressing the intelligence community to create such guidelines.

“We don’t know what constitutes an act of war, what the appropriate response is, what the line is between crime and warfare,” Rep. Jim Himes (D-Conn.) said in a House Intelligence Committee hearing in September.