Leo Taddeo, former special agent in charge of the Cyber Division of the New York FBI, said that even though Bowman Avenue Dam doesn't seem like a prime target, "we would be very, very concerned about any foreign attempt to affect a component of our critical infrastructure."
"If they could have accessed the Hoover Dam without being detected, I think they would have done that," he said.
A dam of any size is of "major concern," said Taddeo, who is now the chief security officer for the private firm Cryptzone. "They could pose a very expensive problem for the dam operator and could be a public safety issue if there is flooding."
While he could not comment on the Rye incident, he said foreign hackers use intrusions like the one in 2013 to "signal to the U.S. that they have the capability and to divert some of our resources into investigating and thwarting this activity."
He said it was likely that the hackers were probing a number of dams "and this one was misconfigured in a way they could affect it."
"I think we can view this as a target of opportunity," he said, adding that if the hackers found a security loophole in a larger facility such as the Hoover Dam, they wouldn't hesitate to take advantage of it.
"The lesson is network operators have to be vigilant, have to keep systems updated and patched and make sure their perimeter protections are in place and they have to harden their interiors," he said.
Schumer said he is asking Homeland Security to launch a sweeping investigation into how vulnerable critical infrastructure is to attacks through computers and he wants the federal government to work more closely with state and local governments and private companies to beef up Internet security.
"It's malignant," he said of hack attacks. "And it could be metastasizing."
The security firm Cylance reported last year that Iranian hackers had infiltrated top energy, transportation and infrastructure companies across the globe — including 10 American firms — over a two-year period. Iran denied any involvement.
Iran has also been a target. A damaging computer worm called Stuxnet, uncovered in 2010 and believed to have been developed by U.S. and Israeli intelligence, attacked centrifuges at Iran's nuclear enrichment center, setting back the program by two years, according to experts.