Inside the Breach

(dramatic music) - [Mike] Rye Brook, New York is a small town located north of New York City that has less than 10,000 residents. The senior center runs a weekly Mahjong tournament and the library hosts classic movie Tuesdays. Rye Brook is hardly the type of place that you'd expect to be the epicenter of an international cybersecurity incident.

On the edge of town, a small stream named Blind Brook runs behind a title insurance company, a CVS, and a Chipotle, as it meanders its way around the town, before taking a four mile trip to empty into the Long Island Sound. About 100 years ago, the community built a dam on Blind Brook to help control flooding. The Bowman Avenue Dam isn't a large dam. It's only about 20 feet tall and it sits beside an interstate where cars fly by without even noticing its presence.

But the Bowman Avenue Dam made national news in March 2016, when federal prosecutors announced the indictment of an Iranian hacker on charges of conducting a cyber attack against the dam's control system. The attacker managed to take control of the computer system which presumably was connected to the internet for remote management purposes. Fortunately this attack didn't have any serious, direct consequences. The attacker was simply able to monitor information on water levels and temperature and determine whether the dam was open or closed.

Under normal circumstances, the attacker's level of access would have permitted him to open and close the dam potentially flooding nearby homes and businesses, but the village of Rye Brook was lucky. The gate control system had been disconnected before the attack during maintenance activity and was never reconnected. Now you might be wondering why we're talking about the Bowman Avenue Dam. The attacker didn't flood the town, and continues on as normal at Rye Brook. However this attack tells us a few important things.

First, connecting devices to the Internet of Things poses risk. When we connect a control system to the internet, it makes it possible for an attacker to probe that system's security. Second, there are attackers out there who want to target these systems. In this case, an Iranian attacker spent time and energy breaking into the system and maintained control for at least 20 days. We'll probably never know why the attacker chose this dam. Perhaps it was a dry run for a larger scale attack in the future.

Or maybe the attacker confused the small Bowman Avenue Dam in New York, with the much larger Arthur R. Bowman Dam in Oregon. But it really doesn't matter why the attacker targeted the Bowman Avenue Dam in Rye Brook. The reality is that he did target that dam, and this attack illustrates for us the very real threat against our physical infrastructure.