Hackers in the past five years successfully penetrated more than 150 times the computer networks at the federal department that controls the nation’s nuclear weapons, nuclear weapon factories, nuclear-research facilities and that handles security for America’s electrical grid, according to a new review.
All total, there were 1,131 cyberattacks on Department of Energy (DOE) computer systems between late 2010 and 2014, an analysis of federal records obtained under the Freedom of Information Act by USA Today concluded.
The declassified material showed that the DOE’s networks were subject to what the newspaper labeled a near-constant barrage of security breaches.
“The potential for an adversary to disrupt, shut down (power systems), or worse … is real here,” Scott White, a professor of homeland security and security management at Drexel University, told the newspaper after reviewing the documents. “It’s absolutely real.”
The Department of Energy refused to say “whether any sensitive data related to the operation and security of the nation’s power grid or nuclear weapons stockpile was accessed or stolen in any of the attacks,” or “whether foreign governments are believed to have been involved,” USA Today said.
The newspaper found that:
- 53 of the 159 successful cyberattacks were root comprises. Such an assault gives hackers administrative privileges to DOE systems. “That means you can do anything on the computer,” Manimaran Govindarasu, a professor in the Department of Electrical and Computer Engineering at Iowa State University, told the newspaper. “So that is definitely serious. Whether that computer was critical or just a simple office computer, we don’t know.”
- 90 of the 153 intrusions targeted the DOE’s Office of Science, which “directs scientific research and is responsible for 10 of the nation’s federal energy laboratories.”
- A cyberattack in 2013 gave hackers access to information about 104,000 Energy Department employees and contractors.
- An audit in October 2014 found that 41 DOE servers and 14 workstations were protected with default passwords, or passwords that could be easily guessed.
- The National Nuclear Security Administration, which is responsible for managing and securing nuclear weapons, was successfully hacked 19 times during a four year period. The administration only controls nuclear weapons when they are not deployed with the Navy or the Air Force. Armed nuclear weapons are under the control of the Pentagon, and not the DOE.
This is the second time USA Today has exposed a lack of grid security. In March it reported that the electrical grid was subject to some sort of physical or cyberattack every four days between 2011 and 2014.
What is your reaction to the Department of Energy being attacked frequently? Are you concerned about a downed grid or a nuclear disaster? Share your thoughts in the section below: