China syndromeChina steals confidential data on the vulnerabilities of major U.S. dams

Published 24 October 2014

The U.S. Army Corps of Engineers’ National Inventory of Dams(NID) contains critical information on the vulnerabilities of the roughly 8,100 major dams in the United States. Between January and April 2013, U.S. intelligence agencies spotted several attempts by China’s People’s Liberation Army (PLA) cyber-espionage unit to access the NID database and steal its contents. On Monday, National Weather Service (NWS) hydrologist Xiafen “Sherry” Chen, 59 was arrested for allegedly breaching the NID security and stealing confidential data on U.S. dam vulnerabilities. The Justice Department has raised the alarm over multiple attempts by China to steal data on U.S. critical infrastructure through individuals with privileged access to confidential databases.

Foster Dam in Linn County. Oregon // Source: commons.wikimedia.org

The National Oceanic and Atmospheric Administration(NOAA) is reviewing whether to take administrative actions against National Weather Service (NWS) hydrologist Xiafen “Sherry” Chen, 59, after her arrest on Monday for allegedly breaching an Army database containing sensitive files on U.S. dams. Chen is charged with one count of theft of U.S. government property, two counts of making materially false statements to federal agents, and one count of illegally accessing a U.S. government computer database. If convicted, Chen faces up to twenty-five years in prison and a fine of up to $1 million.

According to court papers, while working at a Wilmington, Ohio NWS facility in May 2012, Chen allegedly “did steal and purloin certain sensitive, restricted and proprietary computerized fields of data involving critical national infrastructure contained in the National Inventory of Dams database maintained by the United States Army Corp of Engineers.” The violation was detected by NOAA’s security team, which then referred the case to the U.S. attorney’s office.

Nextgov points out that the two-page indictment does not provide insight on what Chen intended to do with the file, but the case comes at a time when the Justice Department is raising the alarm over multiple attempts by China’s People’s Liberation Army (PLA) cyber-espionage unit to steal data on U.S. critical infrastructure through individuals with privileged access to confidential databases. “If you have an employee simply looking at a database of sensitive information, that’s what we call a Tuesday — it happens all the time,” said Mark Rasch, former head of the Justice Department’s Computer Crime Unit. Rasch anticipates federal authorities will soon allege that the data breach was conducted on behalf of China. “They haven’t said it,” he said. “That’s the clear inference.”

Between January and April 2013, U.S. intelligence agencies traced a data breach of the same system to the Chinese government. The database containing the U.S. Army Corps of Engineers’ National Inventory of Dams (NID) has critical information on the vulnerabilities of the roughly 8,100 major dams in the United States. “In the wrong hands, the Army Corps of Engineers’ database could be a cyber attack roadmap for a hostile state or terrorist group to disrupt power grids or target dams in this country,” Michelle Van Cleave, the former National Counterintelligence Executive, wrote in an e-mail to theWashington Free Beacon in 2013.

“You may ask yourself, why would anyone want to do that? You could ask the same question about why anyone would plant IEDs at the Boston Marathon,” she wrote.

The federal indictment also alleges that on 11 June 2013, Chen made false statements to officials from the Department of Commerce Office of Security who were assigned to investigate her activities.

Federal officials have not stated whether Chen is connected to the 2013 data breach. “We really can’t say anything beyond what is contained in the indictment,” Todd Lindgren, FBI spokesman for the Cincinnati office, told Nextgov. “More may come out during the court proceedings.”

Cyber analysts note that either breach could have been part of a larger agenda. “What we typically see in areas of Chinese espionage is they will try multiple mechanisms to get in,” Rasch said. Both incidents “may or may not be part of the same concerted effort,” he added. “There has been a history of employees at U.S. companies being paid by the Chinese government to obtain information for China.”