Saturday, January 23, 2021
  • SwiftR Switcheroo: Calling [Compiled] Swift from R!
  • DEF CON 28 Safe Mode IoT Village – Netspooky’s ‘Hella Booters, Why IoT Botnets Aren’t Going Anywhere’
  • Requiescat In Pacem, Henry Louis (Hank) Aaron 1934 – 2021
  • DEF CON 28 Safe Mode IoT Village – Sanjana Sarda’s ‘Kicking Devices, Taking CVEs: Zoomer Guide To Hacking’
  • Encoded Tyranny: Was Reagan’s “Shining City on a Hill” Intolerance for Dissent?

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
  • Library
  • Related Sites
    • MediaOps Inc.
    • DevOps.com
    • Container Journal
    • Digital Anarchist
    • SweetCode.io
  • Media Kit

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Security Bloggers Network 

Home » Security Bloggers Network » Hydroelectric Dams and ICS Security

Hydroelectric Dams and ICS Security

by Tripwire Guest Authors on June 27, 2018

A recent report from the office of the U.S. Department of the Interior’s Inspector General indicates that several hydropower dams are vulnerable to internal threats. Specifically, an evaluation was conducted of five hydropower dams operated by the U.S. Bureau of Reclamation (USBR) and categorized as “critical infrastructure.”

The USBR is the second largest hydroelectric power producer in the United States, with its plants serving over 3.5 million homes. Acknowledging their breadth of service, cyber threats directed at them could cause wide-reaching effects. In particular, threats to the industrial control system (ICS) that control physical outcomes of the dams could “adversely affect national security.”

One key finding of the Inspector General’s evaluation was that these dams are not at significant risk of threats from external hacking. The remaining threats, identified as being high-risk, are noted as coming from internal sources; in other words, the biggest cyber threats to these hydroelectric dams are their employees and former employees.

Directly at fault for these vulnerabilities are the USBR’s practices of account management and personnel security, with primary issues relating to ICS system administrator access, password security and background checks. Even when the ICS is separated from the internet at large and the organization’s business systems, these types of internal threats continue to leave the ICS at significant security risk.

System Administrator Access

One major vulnerability for the dams’ ICS systems comes from the way their administrator access is controlled and monitored. The evaluation found that most of the USBR Operations Center’s 25 employees had access to at least one other ICS account that was not defined by their position; only five of the 13 employees with system administrator access had official ICS administration-related duties.

According to principles established by the National Institute for Standards and Technology (NIST (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Tripwire Guest Authors. Read the original post at: https://www.tripwire.com/state-of-security/ics-security/hydroelectric-dams-and-ics-security/

June 27, 2018June 28, 2018 Tripwire Guest Authors Featured Articles, ICS, ICS Security, NIST, USBR
  • ← Visibility: An Essential Component of Industrial Cyber Security
  • Report: Australia’s Top Law Firms Lead the Way in the Use of Anti-Phishing Technologies →

TechStrong TV – Live

Watch latest episodes and shows
Featured Blog

Eric Kedrosky

The Future of Multi-Cloud Security: A Look Ahead at Intelligent Cloud Security Posture Management Solutions

Pam Sornson, JD – Contributed Writer

IAM Best Practices For DevOps

Eric Kedrosky

Identity Risk: Identifying a Misconfigured IAM Trust Policy

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

Is MDR Cybersecurity Training an Oxymoron?
How Utilities Can Mitigate Cyberthreats
Balancing Security and User Behavior in Remote Work
Bringing Source Code Security Up to Speed
Stealthbits Adds Data Privacy Engine
Why are Employees Most Vulnerable to Cyber Attacks?
IAM Best Practices For DevOps
Insider Threats Are on the Rise and Growing More Costly. You Need the Right Tools to Detect Them
You Have A New Message From a Hacker: Malicious Files Infiltrating Business File Transfer Portals
What Were BullPhish ID’s Top Phishing Scams of 2020?

Upcoming Webinars

Mon 25

Security Challenges and Opportunities of Remote Work

January 25 @ 1:00 pm - 2:00 pm
Tue 26

Preventing Code Tampering & Verifying Integrity Across Your SDLC

January 26 @ 1:00 pm - 2:00 pm
Thu 28

Protecting Cloud-Native Apps and APIs in Kubernetes Environments

January 28 @ 1:00 pm - 2:00 pm
Feb 03

Too Close to the Sun(burst): A Supply Chain Compromise

February 3 @ 11:00 am - 12:00 pm
Feb 04

Lessons from the FinTech Trenches: Securing APIs at Finastra

February 4 @ 3:00 pm - 4:00 pm
Feb 09

How 2020’s Top 5 Attacks Reveal the Coming Cyberthreats in 2021

February 9 @ 1:00 pm - 2:00 pm
Feb 10

Finding Vulnerabilities in Your Cloud Native Applications Before They Find You!

February 10 @ 11:00 am - 12:00 pm
Feb 11

How to Merge AppSec and DevOps Effectively for the Good of Software

February 11 @ 3:00 pm - 4:00 pm
Feb 17

Finding and Preventing Secrets in Code

February 17 @ 3:00 pm - 4:00 pm
Feb 18

Protecting Sensitive Customer Data in the New Remote Agent Environment

February 18 @ 3:00 pm - 4:00 pm

More Webinars

Download Free eBook

The State of Cloud Native Security 2020

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

What Are the 5 Elements of Trustworthy Digital Transformation?
CISO Suite Cybersecurity Data Security Governance, Risk & Compliance Identity & Access Industry Spotlight Security Awareness Security Boulevard (Original) 

What Are the 5 Elements of Trustworthy Digital Transformation?

January 22, 2021 Tom Kellermann | 1 day ago 0
5 Questions to Ask When Adopting a New SaaS Tool
Application Security CISO Suite Cybersecurity Data Security Governance, Risk & Compliance Industry Spotlight Security Boulevard (Original) 

5 Questions to Ask When Adopting a New SaaS Tool

January 22, 2021 Dudi Cohen | 1 day ago 0
3 Cybersecurity Challenges for Remotely Operating Critical Systems
Application Security Cybersecurity Endpoint Identity & Access Industry Spotlight Network Security Security Awareness Security Boulevard (Original) 

3 Cybersecurity Challenges for Remotely Operating Critical Systems

January 21, 2021 Bill Moore | 2 days ago 0

Top Stories

FBI to Investigate Parler, New Russian Host will be Revoked
Analytics & Intelligence Cloud Security Cyberlaw Cybersecurity Endpoint Featured Governance, Risk & Compliance Incident Response Network Security News Security Boulevard (Original) Spotlight Threat Intelligence Uncategorized 

FBI to Investigate Parler, New Russian Host will be Revoked

January 22, 2021 Richi Jennings | 1 day ago 0
Trump Hates Cloud, Because China Cyber?
Analytics & Intelligence Cloud Security Cyberlaw Cybersecurity Featured Governance, Risk & Compliance Identity & Access News Security Boulevard (Original) Spotlight Threat Intelligence 

Trump Hates Cloud, Because China Cyber?

January 21, 2021 Richi Jennings | 2 days ago 0
Capitol Rioters ID’ed With Help From Dating Apps
Cyberlaw Cybersecurity Featured Incident Response Mobile Security News Security Awareness Security Boulevard (Original) Social Engineering Spotlight Threat Intelligence 

Capitol Rioters ID’ed With Help From Dating Apps

January 18, 2021 Richi Jennings | Jan 18 0

Security Humor

via     the  Comic Noggins  of   Nitrozac     and     Snaggy     at     The Joy of Tech®   !

Joy Of Tech® ‘After Trump’

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy
  • DMCA Compliance Statement

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2021 MediaOps Inc. All rights reserved.
Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.