In further cyber espionage news, it has been revealed that the US Army Corps of Engineers’ National Inventory of Dams (NID) database has been the victim of a recent cyber espionage incident. The database holds sensitive information detailing the structure and vulnerabilities of more than eight thousand dams across the US. Attackers are likely to have accessed the data either to acquire privileged intellectual property regarding the dam’s construction and operation, but are more likely to have been conducting reconnaissance of vulnerabilities.
While no official suspect has been identified, unnamed US intelligence officials have indicated that the attack is again believed to have originated from China. Breaches of this nature are a concern, as it raises the potential for future cyber attacks against such installations. The destructive manipulation of machinery by cyber means was demonstrated in the 2010 Stuxnet malware attacks against Iranian nuclear processing facilities at Natanz. US officials have in the past identified hydroelectric plants as vulnerable to similar attacks, citing the instance of the 2009 accident at a Russian hydroelectric plant at Sayano–Shushenskaya (on that occasion a failure in automatic control systems caused by a fire resulted in a turbine explosion and extensive flooding, killing 75 people).
In a further incident demonstrating the potential vulnerability of physical installations to cyber attack, researchers in the US have demonstrated security failings in commonly used building management systems. These systems are used to manage and monitor a building’s mechanical and electrical components, including air-conditioning, plumbing and fire systems. In the test, the researchers were able to gain access to the system controlling Google’s office in Sydney, Australia.