Monday, July 23, 2018
  • Week 29 Cyberattack Digest 2018 – SingHealth, Telefonic, LabCorp and others
  • NATIONAL SECURITY BUREAU Virus Removal – Restore .exe Files
  • Lostrabbitmedia.com Hijacker Removal
  • SentinelOne Recognized as One of CRN’s 2018 Emerging Vendors
  • Mobile Menace Monday: Adware MobiDash gets stealthy

Security Boulevard

The home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chats
    • CISO Conversations
  • Library

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
Security Bloggers Network 

Home » Security Bloggers Network » Hydroelectric Dams and ICS Security

Hydroelectric Dams and ICS Security

by Tripwire Guest Authors on June 27, 2018

A recent report from the office of the U.S. Department of the Interior’s Inspector General indicates that several hydropower dams are vulnerable to internal threats. Specifically, an evaluation was conducted of five hydropower dams operated by the U.S. Bureau of Reclamation (USBR) and categorized as “critical infrastructure.”

The USBR is the second largest hydroelectric power producer in the United States, with its plants serving over 3.5 million homes. Acknowledging their breadth of service, cyber threats directed at them could cause wide-reaching effects. In particular, threats to the industrial control system (ICS) that control physical outcomes of the dams could “adversely affect national security.”

One key finding of the Inspector General’s evaluation was that these dams are not at significant risk of threats from external hacking. The remaining threats, identified as being high-risk, are noted as coming from internal sources; in other words, the biggest cyber threats to these hydroelectric dams are their employees and former employees.

Directly at fault for these vulnerabilities are the USBR’s practices of account management and personnel security, with primary issues relating to ICS system administrator access, password security and background checks. Even when the ICS is separated from the internet at large and the organization’s business systems, these types of internal threats continue to leave the ICS at significant security risk.

System Administrator Access

One major vulnerability for the dams’ ICS systems comes from the way their administrator access is controlled and monitored. The evaluation found that most of the USBR Operations Center’s 25 employees had access to at least one other ICS account that was not defined by their position; only five of the 13 employees with system administrator access had official ICS administration-related duties.

According to principles established by the National Institute for Standards and Technology (NIST (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Tripwire Guest Authors. Read the original post at: https://www.tripwire.com/state-of-security/ics-security/hydroelectric-dams-and-ics-security/

June 27, 2018June 28, 2018 Tripwire Guest Authors 0 Comments Featured Articles, ICS, ICS Security, NIST, USBR
  • ← Visibility: An Essential Component of Industrial Cyber Security
  • Report: Australia’s Top Law Firms Lead the Way in the Use of Anti-Phishing Technologies →
Featured Blog

4 days ago

Why Drupalgeddon 2.0 May Still Be A Threat To Your Website

6 days ago

3 Essential Steps for Your Vulnerability Remediation Process

2 weeks ago

Best Practices for Open Source Governance

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

Cyberespionage Campaign in Ukraine Uses Free and Custom RATs
Exposed: Exactis’ Database of 340 Million Consumer Records
McAfee to Advance Cybersecurity AI via the Cloud
Cisco’s Latest Patches Address Critical Flaws, Hardcoded Password
Key Traits Employers Seek from Information Security Professionals
Rome Wasn’t Built in a Day, but This Botnet Was, Using CVE-2017-17215
Skype Classic to End Soon – Users Forced to Update to Skype 8
Four Vulnerabilities in Cisco Policy Suite Fixed (CVE-2018-0374)
C-Suite Cyber Security Awareness May Be the Key to Taking a Bite Out of Breaches
2018 Popular SIEM Starter Use Cases

Upcoming Webinars

Tue 24

DevOps Security: Build-Time Identification of Security Issues — A case study with Jenkins, Docker, and AWS

July 24 @ 11:00 am - 12:00 pm
Thu 26

Draft and Develop: A Solution to the Cyber Security Skills Shortage

July 26 @ 11:00 am - 12:00 pm
Tue 31

Mastering Machine Learning for Security Professionals: A Discussion

July 31 @ 1:00 pm - 2:00 pm

More Webinars

Download Free eBook

Mastering Hybrid Cloud Security

CISO Conversations

CISO/Security Vendor Relationship Podcast

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

Key Traits Employers Seek from Information Security Professionals
Careers Cybersecurity Industry Spotlight Security Boulevard (Original) 

Key Traits Employers Seek from Information Security Professionals

July 20, 2018 Jane Thomson | 3 days ago 0
It’s Time to Rethink Privileged Account Management
Cybersecurity Identity & Access Industry Spotlight Security Boulevard (Original) 

It’s Time to Rethink Privileged Account Management

July 18, 2018 Mark Klinchin | Jul 18 0
Control, Defend and Extend Container Security
Cybersecurity DevOps Industry Spotlight Security Boulevard (Original) 

Control, Defend and Extend Container Security

July 10, 2018 Kirsten Newcomer | Jul 10 0

Top Stories

Router Compromise Enables $1 Million Bank Cyberheist
Featured Network Security News Security Boulevard (Original) Spotlight Threats & Breaches Vulnerabilities 

Router Compromise Enables $1 Million Bank Cyberheist

July 23, 2018 Lucian Constantin | 4 hours ago 0
Barracuda Networks Extends WAF Reach to Google Cloud Platform
Cloud Security Cybersecurity Featured News Security Boulevard (Original) Spotlight 

Barracuda Networks Extends WAF Reach to Google Cloud Platform

July 20, 2018 Michael Vizard | 3 days ago 0
Cisco’s Latest Patches Address Critical Flaws, Hardcoded Password
Featured Identity & Access Network Security News Security Boulevard (Original) Spotlight Vulnerabilities 

Cisco’s Latest Patches Address Critical Flaws, Hardcoded Password

July 20, 2018 Lucian Constantin | 3 days ago 0

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2018 Mediaops Inc. All rights reserved.
Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.