The breached database contains vulnerability information on all major dams in the US

May 2, 2013 07:57 GMT  ·  By

The systems of the US Army Corps of Engineers’ National Inventory of Dams (NID) were hacked back in January. Experts say the information contained in the breached database could be used in cyberattacks launched by terrorists or hostile states.

Unnamed intelligence officials have told The Washington Free Beacon that the Chinese government or the country’s military cyber warriors are most likely responsible for the attack.

There are around 8,100 major dams in the United States and vulnerability information on each of them can be found in the affected database.

Pete Pierce, a Corps of Engineers spokesman, has confirmed for the Free Beacon that an unauthorized individual was given access to information that’s not generally available to the public.

The said user’s access was revoked as soon as the breach was identified. The Corps of Engineers is now working on improving the database’s security protocols.

Shortly after the breach, an announcement was posted on the NID website, notifying users that all usernames and passwords had been reset “to be compliant with recent security policy changes.”

Over the past years, US officials have often warned about cyberattacks launched against critical infrastructure, including hydroelectric dams.

“This latest breach of the U.S. Army Corps of Engineers’ National Inventory of Dams is another loud siren warning critical infrastructure (CI) companies as well as the government that cyber threats to the CI are real and that security standards must be established, followed and enforced to protect our country,” Lila Kee, board member of the North American Energy Standard Board (NAESB) and GlobalSign’s chief product and marketing officer, told Softpedia.

“The energy sector and its electric segment are particularly vulnerable to cyberattack, especially considering that technology is rapidly gaining a larger role in critical infrastructure operations,” she added.

“Everyday evidence of nation-state foul play in the security of our CI grows. With the Department of Energy making a push to generate 80 percent of the nation’s electricity utilizing existing dams, cybersecurity standards must be a serious concern for the government and regulators.”

Updated to include insight from Lila Kee.