Astorino Demands Answers in Rye Dam Cyber-Security Breach

Westchester County Executive Rob Astorino said at a press conference Wednesday that he and other county officials were not made aware of cyber-security breach of the Bowman Avenue Dam in Rye two years ago, even though The White House was briefed.

He said he is asking the Department of Homeland Security for details about the reported Iranian hacker breach, and he wants to know why the county wasn’t informed of the security risk.

The Wall Street Journal was the first to report about the breach, which has subsequently gained national attention because it could point to deficiencies in the nation’s infrastructure computer systems.

“If this information was important enough to be reported to the White House then why wasn’t it reported to me and the county officials who would have been required to deal with the consequences of any terror attack,” said Astorino in a statement. “It is unacceptable that in this day in age that I had to read about this in the newspaper. No amount of intelligence information is too small or insignificant when it comes to security.”

Despite being a member of the FBI Joint Terrorism Task Force, Westchester County was never alerted to the potential security risk, according to Astorino. Since January 2010, a Westchester County police detective “has been assigned full-time to the FBI Joint Terrorism Task Force to ensure access to the highest levels of intelligence information affecting Westchester and its citizens.” Westchester also is part of a separate counter-terrorism zone that also includes Putnam County.

Marcus Serrano, Rye City Manager, said in a statement that the “City of Rye was approached by the Department of Homeland Security with regard to an investigation about apparent unauthorized access to the City’s computer system, specifically relating to the Bowman Avenue Dam.”

However, Serrano’s statement does not discuss any conversations between the city and the county over the incident.

The Bowman Ave. Dam, located in the Village of Rye Brook, is owned by the City of Rye and controls water on the Blind Brook flowing south through the city. The dam, which is designed to mitigate flooding, has a computer-operated sluice gate. The Wall Street Journal’s story suggests that while the hackers never took control of the dam, they were able to penetrate the electronics system.

Serrano states that the sluice gate was not operational during the Homeland Security investigation into the breach.

“Even though it is done with computers, this is considered a criminal break in,” said Public Safety Commissioner George Longworth. “The link to a possible terror threat makes this extremely serious.”

Below is Serrano’s full statement:

In or about September 2013, the City of Rye was approached by the Department of Homeland Security (“DHS”) with regard to an investigation about apparent unauthorized access to the City’s computer system, specifically relating to the Bowman Avenue Dam.

The City cooperated with that investigation, and in or about January 2014, the DHS provided a report to the City, containing findings, conclusions and recommendations. At this time, to access this report, the City would refer interested parties directly to the DHS.

The Bowman Avenue Dam is a structure dating to the 1940’s which controls water on the Blind Brook, a water course which runs roughly southward thru the City and empties into the Long Island Sound. The Dam is located upstream from the City in the Village of Rye Brook, but is owned by the City.

In or about June 2013, a sluice gate was added to the Dam, in order to help control the flow of water and assist with flood mitigation during storm events. The gate was designed to be opened and closed via computer; however, despite a ribbon cutting ceremony, the gate was never fully operational, and remained non-functioning through the DHS investigation. In any event, based on information provided to us, at no time was the sluice gate ever manipulated by unauthorized users outside of the city.

Subsequent to and after taking certain security measures consistent with the DHS report, the City did implement the sluice gate for the first time during a storm event on or about April 30 to May 1, 2014. Following that storm event, the City has been analyzing resulting data to determine how best to utilize the sluice gate going forward. The City will use funding through the New York Rising program to retain an engineering firm to assist in that effort.

Photo: County Executive Rob Astorino during Wednesday’s press conference. Photo credit: Contributed