Chinese Woman Arrested for Downloading Files on Vulnerabilities in US Dams

October 27, 2014 Updated: October 27, 2014

A sensitive database that lists vulnerabilities in every major U.S. dam was breached last year in an attack traced back to the Chinese regime. The security breach had U.S. officials worried that China could be planning to attack America’s power grid.

Now, one year later, a Chinese woman was arrested for breaching that same network. Xiafen “Sherry” Chen, 59, was arrested on Oct. 20 for allegedly downloading the sensitive files on U.S. dams and for lying to federal investigators.

The registry Chen allegedly accessed and downloaded ranks the dams by the number of Americans who would die if they failed, according to Nextgov. It also lists vulnerabilities that could be exploited in the dams, which could be used by a hostile nation to attack the United States.

Chen is a hydrologist at the National Oceanic and Atmospheric Administration (NOAA) facility in Wilmington, Ohio. According to the two-page indictment, Chen “willfully and knowingly” stole the sensitive and restricted information from the database in May 2012.

The information Chen breached was the National Inventory of Dams (NID) database, which is maintained by the U.S. Army Corps of Engineers and the National Dam Safety Review Board.

The indictment does not mention Chen’s nationality, and does not say anything about espionage. Filing charges for espionage can be difficult, since it requires proof that the individual provided information to a foreign government.

Last year, however, Pete Pierce, a Corps of Engineers spokesman confirmed that someone without authorization gained access to the NID database in January 2013.

If the statement holds true, and if Chen breached the network in May 2012, it means someone connected to the Chinese regime had been granted access to the same database who has either not been named, or who has not been caught.

“The U.S. Army Corps of Engineers is aware that access to the National Inventory of Dams (NID), to include sensitive fields of information not generally available to the public, was given to an unauthorized individual in January 2013 who was subsequently determined to not have proper level of access for the information,” Pierce said in the statement, reported The Washington Free Beacon.

“[U.S. Army Corps of Engineers] immediately revoked this user’s access to the database upon learning that the individual was not, in fact, authorized full access to the NID,” he said.

Chen allegedly gave her false statements to officials of the Department of Commerce Office of Security on June 11, 2013, who according to a Justice Department press release were assigned to investigate her activities.

Chen is being charged with one count of theft of U.S. Government property, one count of illegally accessing a U.S. Government computer database, and two counts of making materially false statements to federal agents. She faces up to 20 years in prison and up to a $1,000,000 in fines.

Chen is still employed at NOAA, but according to Nextgov NOAA is reviewing whether to take administrative action against her.

Follow Joshua on Twitter: @JoshJPhilipp