- Beijing may be working to undermine American national interests and infrastructure by stealing information about the operation of hydroelectric dams
- On two occasions within the past year, Chinese hackers have broken into the database that contains sensitive information about U.S. dams
- A National Weather Service employee, Hydrologist Xiafen “Sherry” Chen, has been charged in the second breaching incident
A pair of incidents within the past year involving Chinese nationals and U.S. hydroelectric dams have led some analysts to consider whether Beijing is working to undermine American national interests and infrastructure.
In May 2013, the International Business Times reported that Chinese hackers had accessed a sensitive U.S. Army database containing information about the vulnerabilities of thousands of dams located around the country. The U.S. Army Corps of Engineers’ National Inventory of Dams database hacking led to concerns that “information gathered in the attack could help China carry out a cyberattack on the national electric power grid,” IBT reported.
The website reported that an unauthorized user traced back to China conducted the hack attack in January, but the breach was not discovered until sometime in April. A Corps spokesman, Pete Pierce, confirmed the attack but would not provide any details to reporters.
“The U.S. Army Corps of Engineers is aware that access to the National Inventory of Dams (NID), to include sensitive fields of information not generally available to the public, was given to an unauthorized individual in January 2013 who was subsequently determined not to have proper level of access for the information,” Pierce said in a statement to the Washington Free Beacon.
Pierce added that once discovered officials immediately moved to block access, and that the NID began looking for ways to boost security to the database.
The second incident occurred earlier this year. Hydrologist Xiafen “Sherry” Chen, a National Weather Service employee, has been indicted for allegedly downloading restricted government files by accessing the same database.
FierceGovernmentIT.com reported that Chen was arrested Oct. 20 at the NWS’ Wilmington, Ohio, facility, according to a press release from the FBI. NWS is part of the National Oceanic and Atmospheric Administration (NOAA).
The website reported:
On various dates in May 2012, the 59-year-old illegally accessed restricted areas of a protected government computer database and downloaded sensitive files from the National Inventory of Dams, according to the indictment. The U.S. Army Corps of Engineers and the National Dam Safety Review Board maintain and control the database.
A month later, Chen reportedly gave false statements to officials from the Commerce Department’s Office of Security, which was investigating her activities, according to the indictment. She has since been charged with one count of theft of government property, which is punishable by up to 10 years in prison and comes with a fine as high as $250,000.
In addition, Chen was charged with one count of illegal access of a government computer database, along with two counts of making false statements to federal investigators. Each of those actions could bring an additional five-year prison sentence and another $250,000 fine.
She pleaded not guilty and will appear in federal court again on Oct. 29, a local Cincinnati news station reported Oct. 21.
In all, there are about 8,100 major dams in the U.S.; the NID has information about all of them, including the number of casualties expected if a dam were to fail. That fact alone concerns national security officials and intelligence analysts.
“In addition to causing a major disruption to the national power grid, hackers could access the systems that control a dam’s turbine generators. A computer mistakenly started one in a Russian damn in 2009, killing 75 people and destroying eight of the nine other turbines in the dam,” FierceGovernmentIT.com reported.