Rye dam cyberattack: 5 things to know
Seven Iranians have been charged with conducting what the U.S. Justice Department has called a coordinated series of cyberattacks on 46 major companies. One of those defendants has been charged for allegedly hacking the computer systems controlling a dam in Rye.
THE STORY: 7 Iranians charged in hacking, including Rye water supply
Here are five things to know about the cyberattack and Rye's Bowman Avenue Dam itself.
1. The attack provided access to water level info
Hamid Firoozi, one of the seven Iranians indicted Thursday by the U.S. Justice Department, repeatedly obtained unauthorized access to the computer systems running the Rye's Bowman Dam in Rye Brook that helps prevent flooding by the Blind Brook, according to the charges. That access allegedly gave Firoozi information on “the status and operation of the dam, including information about the water levels and temperature, and the status of the sluice gate, which is responsible for controlling water levels and flow rates,” according to a Justice Department press release. Blind Brook is not part of the New York City water system.
2. He could not control the dam itself
According to the Justice Department, Firoozi’s level of access between Aug. 28 and Sept. 18, 2013, should have granted him a measure of control over the dam itself, including the ability to remotely operate and manipulate sluice gate, which controls the flow of water. However, unbeknownst to Firoozi, the sluice gate had been manually disconnected for maintenance. preventing him from controlling the dam.
3. The dam is part of Rye's flood mitigation plan
According to a flood mitigation survey completed in 2008 which suggested the addition of the sluice gate, there are approximately 140 structures located within the 100-year floodplain beneath the dam. According to that 2008 report, the largest-ever Blind Brook flood happened during Hurricane Agnes in June 1972 “Flooding in the Blind Brook watershed resulted in substantial damage especially between Purchase Street and Highland Road.” The sluice gate was added to the dam in June 2013.
4. State officials did not know about the hack
Westchester County Executive Rob Astorino said late last year that he only learned about the cyberattack when the story broke in the news, almost three years after the attack itself. "The fact is, we sit on the joint terrorism task force and we should have been notified of this,'' he said. "And I need to know why we weren’t.” Rye officials, however, were notified and cooperated with the investigation. “In or about September 2013, the City of Rye was approached by the Department of Homeland Security (“DHS”) with regard to an investigation about apparent unauthorized access to the City’s computer system, specifically relating to the Bowman Avenue Dam,” Rye City Manager Marcus Serrano said in a prepared statement.
5. The dam is almost 100 years old
The original dam and upper pond, constructed in the 1900s, according to the 2008 flood study, were used for ice production. In 1941, the dam collapsed and was rebuilt. “Based on aerial photographs from 1925, the Bowman Avenue Dam site has changed considerably,” the study says. “Over the past 75-years, the upper pond has been significantly reduced in size … It has been estimated that the Upper Pond is approximately one-quarter its original size.” The lower pond was formed in 1976 when a quarry operation on the site was abandoned and, as such, or does not currently function as a flood control measure. The site is the only regional flood control facility owned and operated by the city.