Officials from the American Department of Energy (DOE) and the National Nuclear Security Administration (NNSA) notified congressional oversight, today, that they have evidence both the DOE and NNSA have been infiltrated by hackers.
“This is a developing situation, and while we continue to work to understand the full extent of this campaign, we know this compromise has affected networks within the federal government,” the FBI, Cybersecurity and Infrastructure Agency, and the Office of the Director of National Intelligence said in a joint statement.
Investigators first noticed the security breach a few days prior on the networks at the Federal Energy Regulatory Commission, Sandi and Los Alamos national laboratories, the Office of Secure Transportation, and the Richland Field Office of the DOE, as per the first report by news outlet Politico. Presently, it is known what damage was done, precisely, or if other agencies have been affected as well.
A spokesperson for the NNSA, in 2012, claimed that the agency experienced at least 10 million serious cyber-threats daily. “The [nuclear] labs are under constant attack, the Department of Energy is under constant attack,” Thomas D’Agostino, former head of the NNSA, told U.S. News and World Report in 2012.
America’s sensitive agencies like those affiliated with its nuclear program are under serious threat not just because of hackers, the U.S government and military are also partly to blame for their lax cybersecurity practices. A report on cybersecurity done by an Inspector General at the Pentagon found that both the government and the military are utterly careless and incompetent when it comes to implementing proper cybersecurity practices. An IT security officer revealed that server racks connected to America’s ballistic missile defense systems were left unlocked.
The report stated that those working at the site left key data unencrypted. The report also revealed that civilian contractors working with the missile defence system also failed to follow proper security protocols. The report stated, “of the seven contractors we analyzed, we found that [five] did not always or consistently use multifactor authentication to access unclassified networks that contained [ballistic missile defense systems] technical information”.
The DOE and NNSA are essential components of America’s nuclear weapons infrastructure. The science and technical side of nuclear weapons, including the proper disposal of nuclear material, counter-proliferation training, and response to radiological disasters is handled by the NNSA. Which is what also makes it a rich target for hackers.