Hackers Entered Energy Department Computers More than 150 Times
Energy // Government (U.S.) // United States
Records from a Freedom of Information Act request show that 53 of 159 malicious cyber incidents at the agency in recent years were "root compromises," meaning the attackers gained administrative privileges to department systems.
Energy officials would not say whether any sensitive data related to the operation and security of the U.S. power grid or nuclear weapons stockpile was accessed or stolen, or whether foreign governments are believed to have been involved.
Department spokesman Andrew Gumbiner said that, whenever there is malicious cybersecurity activity, the agency "seeks to identify indicators of compromise and other cybersecurity relevant information, which it then shares broadly amongst all DOE labs, plants, and sites as well as within the entire federal government."
The National Nuclear Security Administration, a federal entity responsible for managing and securing the nation's nuclear weapons stockpile, experienced 19 successful attacks during the four-year period tracked.
Information on the specific nature of the attacks was redacted from the records, but some cybersecurity vulnerabilities have been disclosed in recent years by the department's Office of Inspector General.
In an audit report released October 2014, the IG found 41 department servers and 14 workstations "were configured with default or easily guessed passwords."
The grid's real-time control systems are operated by utilities and are not directly connected to the department's systems.
However, Energy's federal laboratories sometimes pull data on the operation of the grid from utilities for research.
Records show 90 of the intrusions affected the department's Office of Science, which directs scientific research and is responsible for 10 of the nation's federal energy laboratories.