Michael Arendt has spent his career on the water. After working his way up through the US Merchant Marines from deckhand to riverboat captain, he came ashore in 2001 to work as a lock and dam operator for the US Army Corps of Engineers. He now guides boats hauling anything from rocks to missiles through Alabama’s Tennessee–Tombigbee Waterway, which connects Tennessee and Alabama to the Gulf of Mexico.
Arendt enjoys the work and sees lock and dam operators as a crucial part of US transportation infrastructure and national security. It’s why he joined a campaign in the mid-2000s to prevent the Corps of Engineers from outsourcing jobs like his to contractors, resulting in the US Congress passing a law requiring the work stay with federal employees. It’s also why Arendt is speaking out again now, protesting Corps of Engineers plans to remotely manage 13 locks and hydroelectric dams in the southeast and replace onsite staff with workers who control them remotely from a central office.
Arendt’s own facility is not on that list for now, but he fears the plan will make US infrastructure and waterways less safe and more vulnerable to cyberattacks. “It’s important in all these systems to have eyes and ears on the waterfront,” says Arendt, who is an officer with the International Federation of Professional and Technical Engineers (IFPTE) labor union. He recalls an incident when a barge passenger fell overboard in wintertime and Arendt helped him get back to shore, something a remote operator could not do.
“I don’t know if they’re going to be able to see this type of thing when there’s so much else going on,” Arendt says. Workers on site like him use cameras to monitor dams and locks but also walk the rounds. Remote operators will also use cameras but have to supervise multiple facilities at once, and won’t be able to step outside in an emergency or for a closer look in bad weather.
The Corps of Engineers plans to centralize operation of the 13 facilities by the end of 2023, adding to the rolls of many others the organization already operates that way. The locks and dams are currently staffed 24/7 by 29 people. That number will go down to 12 once the remote operations plan is complete, with each operator overseeing multiple dams. The first of the project’s dams came online this summer, when workers began operating the Jim Woodruff hydroelectric dam and lock on the Florida–Georgia border from 80 miles away in Fort Gaines, Georgia.
Bringing more dams online is intended to reduce labor costs, according to emails from the Corps of Engineers’ South Atlantic Division sent in response to questions from WIRED. By doing so it hopes to pacify concerns about pricing from hydroelectric power customers, the emails said, while also claiming that automation and upgraded systems installed at the centralized hub will improve reliability and reduce power outages. Operators will be offered retraining for different onsite jobs, but the Corps of Engineers hasn’t worked out the details yet.
The IFPTE says the plan not only destroys jobs and harms waterfront safety, but could also open vital US transportation and energy infrastructure to cybersecurity threats. State-backed attackers from around the world have developed software that can target critical infrastructure control systems. Russian government hackers infamously caused blackouts in Kyiv, Ukraine, in 2015 and 2016, attacks that investigators say should be classified as war crimes. And in 2013, an Iranian hacker allegedly attacked a tiny, 20-foot-tall dam in Westchester County, New York, accessing information that included water levels and the status of the dam’s sluice gate, which opens and closes to control flow and water levels.
That attacker would have been able to remotely operate the sluice gate, according to a 2016 US Department of Justice indictment, had the dam not been offline for repairs at the time. It’s unclear why such a minor facility would have been targeted, but the incident shows that cyberattacks on dams are not just a theoretical hazard. “It’s a nightmare coming,” Arendt says. “It needs to be secured.”