Evaluation of the U.S. Department of the Interior’s Cybersecurity Practices for Protecting Critical Infrastructure

We completed our work for the second part of our series evaluating the U.S. Bureau of Reclamation’s (USBR’s) operational and technical practices for protecting hydropower dams categorized as critical infrastructure from emerging cyber threats. The second part of this evaluation was limited to another USBR industrial control system that provides monitoring, alarming, and process control to ensure the safe and reliable operations of the water and power facilities for another dam. We determined that additional efforts on this project are not needed. Further, the recommendations in our first report in this series – to improve the USBR’s account management and personnel security practices – apply to all of USBR’s hydropower dams.