America’s nuclear security agencies said it has evidence that hackers have infiltrated the Department of Energy (DOE) and the National Nuclear Security Administration (NNSA). As first reported by Politico, DOE and NNSA officials notified congressional oversight today after coordinating with federal law enforcement.
“This is a developing situation, and while we continue to work to understand the full extent of this campaign, we know this compromise has affected networks within the federal government,” the FBI, Cybersecurity and Infrastructure Agency, and the Office of the Director of National Intelligence said in a joint statement.
According to Politico, investigators noticed the intrusion several days ago on networks at the Federal Energy Regulatory Commission, Sandi and Los Alamos national laboratories, the Office of Secure Transportation, and the Richland Field Office of the DOE. The extent of the damage done, what may have been taken, and other agencies affected is unknown.
"The Department of Energy is responding to a cyber incident related to the Solar Winds compromise in coordination with our federal and industry partners. The investigation is ongoing and the response to this incident is happening in real time,” the DOE told Motherboard. “At this point, the investigation has found that the malware has been isolated to business networks only, and has not impacted the mission essential national security functions of the Department, including the National Nuclear Security Administration (NNSA). When DOE identified vulnerable software, immediate action was taken to mitigate the risk, and all software identified as being vulnerable to this attack was disconnected from the DOE network.”
The DOE and NNSA are important parts of America’s nuclear weapons infrastructure. NNSA handles the science and technical side of nuclear weapons, including the proper disposal of nuclear material, counter-proliferation training, and response to radiological disasters. It’s also a rich target for hackers.
"The [nuclear] labs are under constant attack, the Department of Energy is under constant attack,” Thomas D'Agostino, former head of the NNSA, told U.S. News and World Report in 2012. At the time, an NNSA spokesperson claimed it experienced 10 million serious cyberthreats everyday.
The attacks aren’t the only problem. The American government and military are notoriously horrible at cybersecurity. A Pentagon Inspector General report from 2018 did a deep dive into cybersecurity. The results were horrifying. According to one IT security officer, server racks connected to America’s ballistic missile defense systems were left unlocked.
Staff at the site also failed to encrypt key data. “According to the security manager…[redacted] encrypted less than one percent of Controlled Unclassified Information stored on removable media,” the report said.
Civilians working with the missile defense system also failed to consistently practice good cybersecurity. “Of the seven contractors we analyzed, we found that [five] did not always or consistently use multifactor authentication to access unclassified networks that contained [ballistic missile defense systems] technical information,” the report said.
We don’t know the full extent of the DOE and NNSA hack or how it happened, but Pentagon watchdogs have been sounding the alarm that something like this might happen for years.
This article has been updated with comment from the DOE.