Security Risks Facing Hydroelectric Dams Today

As renewable energy sources become more critical to maintaining the integrity of the U.S. grid, hydropower is taking its place in the spotlight. Today, hydropower is a widely available, flexible, and renewable resource that generates 6.6 percent of the nation’s electricity. Hydropower can both supply and store electricity, and is effective at delivering power during peak demand times and maintaining proper voltage levels across the grid. Pumped-storage hydropower can be released to generate electricity on demand and balance the grid. In the United States, pumped-storage hydropower serves as the nation’s largest form of utility-scale electricity storage, offering 20 gigawatts of capacity in its reserves. Protecting dams against hydropower security risks is paramount to ensuring a steady, constant supply of electricity and guarding consumers against service disruptions. With that being said, the need for critical infrastructure surveillance continues to grow.

Hydropower Security Risks

The catastrophic failure of a dam is difficult to achieve through conventional and unsophisticated means. When properly engineered, these intimidating structures are robust and designed to withstand extreme conditions. However, they are difficult to secure. Dams are most often located in remote areas; have a large footprint; and can be approached by land, water, or air. In addition, some dams are required to provide public access to certain areas of their facility. Adding to these hydropower security risks is the fact that more than half of the dams in the U.S. are privately owned and the need to maximize profits often conflicts with the need to spend money on infrastructure maintenance and site security. The two greatest physical threats to dams today are:

  • Aging infrastructure – a critical step in protecting hydroelectric infrastructure is the decommissioning of old dams. The average age of a U.S. hydroelectric dam is 64 years, and many are classified as being high risk. Decommissioning aging, high-risk damns can help mitigate risk and has the added benefit of improving ecosystems when rivers are allowed to run freely.
  • Keeping up with maintenance – it is crucial to repair dams that can be fixed. The risk of dam failure is increasing each year because engineering plans and risk management strategies are not keeping pace with deteriorating infrastructure or more frequent extremes in weather and climate.

Are Cyberattacks The Biggest Risk Facing Hydropower Today?

Every part of society has become more connected to the internet in recent years, including hydropower facilities. Dams supply electricity to the United States’ grid and power everything from homes to electrical devices. This digitalization brings with it an increased level of hydropower security risks, to guard against cyberattacks. Cyber threats directed at hydropower facilities could cause wide-reaching difficulties. In particular, threats to the systems that control the physical outcomes of U.S. dams could negatively affect national security. However, the biggest threat to this infrastructure is not a cyberattack from an outside source; its threats from insider sources that concern industry experts the most. The three major problems causing hydropower security risks from the inside come from current and former employees:

  • Lax system administrator access – in many facilities, people who should not have access to certain systems or data are included through group access. According to principles established by the National Institute for Standards and Technology (NIST), the principle of “least privilege” should be applied in order to maintain the highest level of security within an organization. That means only employees with official and related job duties should have access to certain systems.
  • Poor password security – even though securing these facilities is a matter of national importance, employees at hydroelectric plants often fail to change their passwords every 60 days. This basic practice is one of the easiest issues to resolve and is necessary in order to maintain strong cyber security.
  • Failure to require background checks – many facilities do not use the correct background check to vet potential employees, and – once hired – fail to mandate continuous evaluations as required by a 2012 law.

Securing Hydroelectric Power Against Threats

Failure to employ rigorous security measures means that dams and hydroelectric power facilities are threatened more by insider threats from current and former employees than they are by external ones from hackers. In order to fix these hydropower security risks, facility managers must:

  • Limit the number of employees with administrator access to systems and data unless that access is needed to perform their responsibilities.
  • Remove all group accounts with administrator access to the network and ensure that no unnecessary group accounts are created.
  • Make sure all accounts are deleted when an employee leaves or when their position no longer mandates access to a particular system.
  • Ensure that all employees regularly change their passwords to all secure accounts.
  • Implement background check procedures and provide follow-up evaluations on a regular basis with all employees.

By taking a strict approach to securing network systems against improper access by both insider and outsider threats, hydropower facility operators can guard against malicious attacks on their network. This ensures the safety of the infrastructure itself, as well as the stability of the nation’s electric grid.



To learn more about the hydroelectric security and surveillance options that are available through SentryPODS, click here.

Brent Canfield Owner of SentryPODS Surveillance Cameras

Brent Canfield

CEO and Creator of SentryPODS

Brent Canfield, CEO, and founder of Smart Digital and SentryPODS, founded Smart Digital in 2007 after completing a nine-year active-duty career with the United States Marine Corps. During the 2016 election cycle, he provided executive protection for Dr. Ben Carson. He has also authored articles for Security Info Watch.