Astorino says county was never told of cyber attack on dam
WASHINGTON – Westchester County officials were never told by their federal partners on a joint terrorism task force about a 2013 cyber attack on a dam owned by the city of Rye, County Executive Rob Astorino said Tuesday.
"To not have this information is unbelievable,'' Astorino said. "I personally want an answer from Homeland Security or whatever agency is responsible in the federal government to know why there was a breakdown in communications, why this information was not shared and what will be fixed going forward. Because one thing we should have learned from 9/11 right up to San Bernardino, is that all agencies should be communicating with one another in order to prevent these situations or to deal with them afterwards.''
The Wall Street Journal, citing current and former unnamed U.S. officials, reported Monday that Iranians hacked a cellular modem in the 2013 attack on the Bowman Avenue Dam in Rye Brook.
Westchester County is part of the New York City-area Joint Terrorism Task Force, which consists of federal, state and local law enforcement agencies. There are 104 such task forces across the country.
Other lawmakers said Tuesday the hacking incident raises concerns about whether other infrastructure -- such as the Indian Point nuclear plant -- is vulnerable.
Sen. Chuck Schumer, D-N.Y., will hold an 11 a.m. news conference Wednesday at the dam to call on the U.S. Department of Homeland Security to immediately investigate the vulnerability of critical infrastructure such as power grids and dams.
Rye Mayor Joe Sack confirmed Tuesday that controls at the Rye Brook dam were hacked in 2013, saying federal investigators talked to city leaders in September that year as part of their probe, but did not disclose the suspected source of the hack. Sack was a member of the City Council at the time.
The dam’s sluice gate is only about 6 feet wide, Sack said, and was not operable at the time of the hack. He said the hack posed no danger to human life.
“We only open the sluice gate when there’s an extreme weather event," Sack said. "There would have had to be a lot of unique significant circumstances to allow someone to cause mischief.’’
Astorino said the fact that lives were never in jeopardy isn't the point.
"The fact is, we sit on the joint terrorism task force and we should have been notified of this,'' he said. "And I need to know why we weren’t. If we sit in our silos and not talk to each other, why do we even have a joint terrorist task force? With all due respect, this isn’t Sioux City. This is the New York City area, the No. 1 terrorist target maybe in the world.’’
And a cyber attack on other nearby infrastructure could pose a threat.
“When we look at other potential targets such as Indian Point or a natural gas pipeline running near Indian Point — like the proposed Spectra Algonquin Pipeline — it's clear that we must do more to assess and address potential vulnerabilities to a cyber attack,’’ Rep. Eliot Engel, D-the Bronx, said.
The owner of the Indian Point plant said the plant's safety and control systems aren't connected to the internet.
"There is no external access to the plant's operating systems,'' Entergy spokesman Jerry Nappi said in a statement. "Further, more than $100 million has been invested in security at Indian Point since 9/11/01 to strengthen and enhance all aspects of the facility's defensive capabilities including intrusion detection and weaponry. The federal Nuclear Regulatory Commission has oversight over security and cyber security programs and has stated Indian Point is safe.''
The Bowman Avenue Dam is part of Rye’s effort to reduce flooding of residential basements and the first floors of homes in Indian Village and downtown.
In Rye, an uplifting solution to rising waters
Engel, ranking Democrat on the House Foreign Affairs Committee, described the alleged Iranian hack as “par for the course,’’ given that Iran is a leading state sponsor of terrorism.
Rep. Nita Lowey, D-Harrison, whose congressional district includes the dam, said the reported cyber attack “underscores the urgent need for a national cyber security strategy that protects individuals, businesses and our communities.’’
A spokesman for the Department of Homeland Security declined comment Tuesday on the alleged hacking incident.
DHS spokesman S.Y. Lee said the department “continues to coordinate national efforts to strengthen the security and resilience of critical infrastructure, working with our federal and industry partners across the country to raise awareness about evolving threats and promote measures to reduce risks to systems we all rely on.’’
Obama reassures Jewish groups on Iran deal
That effort includes an Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) which “responds to cyber incidents, vulnerabilities and threats that can impact industrial control systems which operate critical infrastructure across the United States,” Lee said in an email.
Contact Brian Tumulty at btumulty@gannett.com Twitter: @NYinDC