To: Estevan López1 (Commissioner of the Bureau of Reclamation)

From: Cameron Corbin (Lead Hoover Dam Security Auditor)

RE: Updated perimeter and system security needed following growing number of domestic terrorists.

The Hoover Dam is considered one of the most critical infrastructures under the command of

the Bureau of Reclamation and with a budget of 1.17 billion dollars2 allocated from the U.S. Department

of the Interior, the Bureau is fortunately able to allocate resources when need be. The Hoover Dam

generates on average about 4 billion kilowatt-hours of hydroelectric power each year for the states of

Nevada, Arizona, and California and serves the power needs of over 1.3 million people.3 The dam is also

a main source of water for 28.5% of Southern California and is crucial to continue functioning at the

current capacity due to prolonged drought conditions in the area that have persisted for over four years

now. The Bureau has enlisted the power of one of the largest international security companies, G4S,

alongside the Hoover Dam Police who report directly to the bureau are responsible for all areas of

security including network, physical, and tourist security.4 Although this system has worked for many

years, I fear that due to recent events of increased domestic terrorism and the radicalization of what

appeared to be normal American Muslims such as occurred with the recent San Bernardino mass

shooting as well as numerous other examples including the Ft. Hood Shooting back in 2009 we must

make drastic changes to our security policy. Besides the physical threat of a mass shooter or car

bombing at a site that sees more than 1 million visitors a year5, we also must focus on protecting the

systems that control the turbines as well as the various tunnels that draw water into the dam, all of

which is controlled by a mix of relatively new security software as well as legacy programs that are

1 http://www.usbr.gov/newsroom/presskit/bios/biosdetail.cfm?recordid=12 Budget Justifications and Performance Information, Fiscal Year 2013 (PDF). U.S. Department of the Interior. 2012. p. 11.3 http://www.usbr.gov/lc/hooverdam/faqs/powerfaq.html4 http://www.g4s.com/~/media/Files/4pg%20PDF%20Case%20Studies/g4s_case_HooverDam1_200310%20FINAL.pdf5 http://www.usbr.gov/lc/hooverdam/service/

decades old. With large governmental agencies such as the DoD, NSA, and FBI facing large scale hacking

attempts and thousands of files stolen by rogue employees as well as outside malicious attackers6, we

must upgrade our policies in order to combat this threat. This is where the main problem falls in. The

last time G4S updated their emergency security protocols was in 2010 7and has since yet to be updated

with newer technology as replacing some of the legacy systems and older software would cost tens of

millions of dollars and thousands of hours of manpower. The other issue that we face is that the bulk of

the physical security is performed by The Hoover Dam Police who only are given at the maximum 12

weeks of law enforcement training8 which is this day and age is not enough training for the vast amount

of visitors and the cornucopia of problems that could arise if malicious intent is exercised upon the

Hoover Dam. In order to bolster the security and prepare for the future of new threats, there needs to

be either updates to G4S’s security protocols or hiring their competitors instead, enhancing the

background check and vetting process for all security employees including the Hoover Dam Police and

Security Agency, and finally there needs to be increased surveillance and security on the physical

perimeters of the Hoover Dam in order to combat any orchestrated car or truck bombing.

When looking at how to proceed in order to fix this glaring issue of security at the Hoover Dam,

we will be viewing solutions through the lens of risks, methods used, as well as transparency. The first

issue is that the Bureau has a current contract with the security company G4S to monitor all networks

and computer systems that help operate and control the dam. The company even proudly states that

they have stopped a few would-be suicides due to their “high tech” solutions9 but for a company that

prides itself as incredibly high tech and innovative as well as is the largest security company in the world,

6 http://www.nytimes.com/2015/07/10/us/office-of-personnel-management-hackers-got-data-of-millions.html7 http://www.g4s.com/~/media/Files/4pg%20PDF%20Case%20Studies/g4s_case_HooverDam1_200310%20FINAL.pdf8 Lower Colorado Region (February 2011). "Hoover Dam Police Department: About Us". Bureau of Reclamation.9 http://www.g4s.com/~/media/Files/4pg%20PDF%20Case%20Studies/g4s_case_HooverDam1_200310%20FINAL.pdf

the fact their policies have not changed in 5 years is quite alarming. This brings us to the choice of

negating their contract and forming a new one with one of their competitors such as Securitas or UTC

Building and Industrial Systems. The risk with doing this is that the current security employees would

have to be phased out with those of the new company and the large turmoil created during the

transition period could not only cause chaos but also could be a prime time for an outside insurgency to

attack as the security systems would have to be down for new software to loaded onto the servers. This

process would take quite a bit of time and could include large penalties for cancellation of the contract.

Although a new company could bring in new foresight and expertise, the two competitors to G4S is

distinctively lacking in the size and funding of their cyber security divisions as compared to G4S and

could end up being more expensive than G4S. Changing companies could add to the overall

transparency of the government and could show an initiative for striving for stronger cyber and physical

security of critical infrastructure but overall the cost to taxpayers and increased inherent risk during a

workplace shakeup makes this much less feasible than creating a committee to work alongside G4S in

order to get an updated security threat policy. This is will not only save money in the long run compared

with switching companies entirely but will also occur faster and will not leave any gaps in lowered

security measures.

The next area of improvement that needs to be updated is background checks for all employees.

Currently G4S states that looks at criminal records and work histories for people10 and the Hoover Dam

Police adds on a physical examination, drug screening, and a security clearance check.11 This however is

simply not enough with the growing number of employees leaking classified data to outside malicious

parties as well as employees turning violent and causing either structural harm to the computer systems

or even to other employees. There are two options that one can take in order to combat this. The

10 http://www.abcactionnews.com/news/local-news/i-team-investigates/i-team-g4s-hires-employees-with-troubling-pasts11 http://www.usbr.gov/lc/hooverdam/police/ofcrqual.html

cheaper and slightly more effective way would be to change the background checks to mirror the ones

that are given for employment at the FBI. These include interviews with family members and friends as

well as a battery of tests to check one’s mental health among various other issues12. This would be the

quickest to implement as the structure for the process is already developed by the FBI and can simply be

carried over. There would be no issue of transparency as all applicants would be notified of the vetting

process before they even got to that stage of the job application. The other choice would be a much

more insidious and covert monitoring system that would entail not changing the initial process of

background checks from the previous methods but instead focuses on monitoring the employees social

media accounts as well as their phone calls. This would provide the strongest amount of security against

anyone planning an attack on the physical or cyber operation of the Hoover Dam but would be very

expensive as you would need to hire a workforce with a high security clearance that would monitor the

data being sent out by the employees. It would also do the very opposite of creating transparency

among the American public and recent polls show the monitoring of phone calls and internet history as

very unpopular13, even if it could help catch terrorists, which would not be very helpful to the overall

sentiment of the public towards government. Although the 2nd option is much more stronger in terms of

defending against conspirators, the first option of mirroring the background check with the version of

the FBI’s is much more feasible, can be implemented more quickly, is still strong enough to catch

“problem” employees, and does not create any transparency issues with the government.

The last policy that needs to be updated is the monitoring of visitors that come to the Hoover

Dam. Currently there are a couple of checkpoints in which the Hoover Dam Police can check out

suspicious vehicles and turn back anyone who refuses the check. While there are nuclear material

detectors scattered around the visitors parking garage and welcome center and metal detectors in the

12 https://www.fbi.gov/about-us/cjis/identity-history-summary-checks/submitting-an-identity-history-summary-request-to-the-fbi13 https://www.washingtonpost.com/world/national-security/nsa-surveillance-program-reaches-into-the-past-to-retrieve-replay-phone-calls/2014/03/18/226d2646-ade9-11e3-a49e-76adc9210f19_story.html

welcome center14, there is no security stopping anyone from parking in the garage, walking to the top of

the dam which is loaded with tourists and begin shooting people. Also, car bombs can still pass through

the security check point as the Police rely on visual cues of comfortableness as red flags15 rather than

the use of large scale X-Ray scanner or infrared detectors which are incredibly expensive. Also, the bulk

of the security is stationed outside and away from the control rooms in which employees work which is

a problem if a rogue employee starts to attack the computer network or even starts randomly shooting

at personnel. There are two different options to fix this issue. The first would be to simply increase the

number of checkpoints and hire more police officers as well as station more police officers below ground

in the dam. This would be the cheapest option and could be introduced very quickly; however it could

cause a huge problem to the large amount of tourists that come to see the Hoover Dam every day. By

creating more security checkpoints it would increase the overall safety but the traffic backup would be

much worse than it currently is 16and the backup of cars could not only cause a security issue in case a

mass shooting or sabotage of the Dam occurred but it could also create a negative sentiment of the

government among the tourists and lead to a worsening of the transparency of the government. The

other option which is much more expensive and will take longer to roll out is the implementation of

newer screening technology as well as the use of bomb sniffing dogs and increased training for the

police officers. This option would not create worse situation of traffic backups and at the same time

would increase the security checks way more than simply adding more personnel. The benefit from

happy tourists and keeping the roadways free from traffic jams as well as creating government

transparency will definitely outweigh the added costs and manpower needed to train the employees on

the use of the new screening technology.

14 http://www.csoonline.com/article/2124482/access-control/how-9-11-shaped-hoover-dam-security-operations.html15 http://www.traveltalkmedia.com/hooverdam_driving.html16 http://www.reviewjournal.com/road-warrior/hoover-dam-bypass-traffic-faces-bottleneck-along-us-highway-93

In light of all of this information, the recommended course of action is to work with G4S rather

than hire a new company for security and update the policy one on one with the company which will

save time, money, and will not create a gap in security that changing companies would. Secondly, the

background checks of all employees should be changed to model those that are used by the FBI that will

incorporate mental health checks as well as interviews with friends and family to get a good picture of

the employee rather than use the more invasive option of monitoring the employee’s social media

accounts as well as phone calls which although is more effective, is highly unpopular with the general

public and is seen as a massive damage to rebuilding the transparency and trust in government with the

public. The final recommendation is that new screening technology, as well as the use of bomb sniffing

dogs, is used by The Hoover Dam Police in order to create greater security rather than creating more

check points and simply hiring more employees leading to issues with traffic backups that could turn

deadly if a real tragedy did unfold.

In conclusion, by focusing on the risks, methods, and transparency of the operations at the

Hoover Dam, we the security auditing team have decided on a policy that stresses on saving money by

working with the current security contractor, strengthening background checks by patterning them off

of the tried and true version that the FBI uses and helps promote a friendly atmosphere for the over 1

million tourists that visit by focusing on new screening technology rather than lengthy multiple

checkpoints which could cause not only frustration but also a security risk if a backup occurred during a

real emergency. Although there is a growing threat of not only foreign hackers that attack our security

systems and infrastructure but also domestic terrorists and disgruntled employees looking for revenge,

as long as we stay on top of the innovative curve of security and guarding of threats, than we will be

able to protect and serve the citizens of Arizona, Nevada, and California who rely heavily on the clean

water and power generated by The Hoover Dam but also the tourists who come in droves every day to

visit one of the most important structures in American History. If these changes are taken, The Hoover

Dam will continue to operate smoothly into the foreseeable future.