Officials have been concerned for years about the potential that networks associated with the Department of Energy are vulnerable to cyber breaches from foreign adversaries, according to four current and former officials.
Now such a breach has taken place. On Thursday, the Department of Energy announced it was responding to a “cyber incident” in which officials discovered malware related to corrupted versions of SolarWinds software on its networks, including at National Nuclear Security. Administration (NNSA). The NNSA, which is housed within the DOE, is responsible for maintaining the country’s nuclear stockpile. The DOE statement, a copy of which was obtained by The Daily Beast, said the incident was “related to the Solar Winds compromise,” which hackers used to break into a range of federal agency networks over the years. last nine months. A DOE spokesperson said the department was responding to the incident “in real time” and only commercial networks were affected.
Politico was the first to report that hackers breached the networks of the DOE, NNSA, and the Federal Energy Regulatory Commission (FERC), including those of the Sandia and Los Alamos National Laboratories, as well as the Transportation Bureau. secured. US officials believe the intrusions were the work of the Russian foreign intelligence service.
A person who previously worked with NNSA said the Sandia and Los Alamos labs operate on two separate systems, one classified and one unclassified. Although it appears that no classified information was viewed, the former employee said the unclassified system contains sensitive information such as payroll data, job descriptions and other business documents.
“We have to ask ourselves if we should defend ourselves differently.“
“It just shouldn’t have happened,” said a former senior national security official. “We have to ask ourselves if we should defend ourselves differently.”
Concerns about cyber breaches have been raised internally within federal agencies and by the intelligence community at several points in the past three years, according to current and former officials, raising questions about the actions taken. by the government in response. The years-long conversation about the vulnerability of the grid, particularly with respect to US nuclear weapons systems and the national electricity grid, highlights the lengths that the United States has yet to go to protect sensitive US interests. national security, according to former officials.
“We have always believed that these violations could have extraordinary consequences for our infrastructure and our security,” said Dan Coats, former director of national intelligence. “We are facing a world war. A cyber war. It is a global chess game. You make a move and someone finds a way around it. We have to make sure that all the defenses are in place. But you can only play defense for that long. We have to get the ball out of their hands and attack.
There is no evidence that the hacks sought to damage networks or attack critical infrastructure that controls kinetic hardware. But the vast scope of the burglaries has left cybersecurity experts wondering how to react to intrusions. Some, like Trump’s former homeland security adviser Tom Bossert, argued for an aggressive response and that “all elements of national power must be put on the table.” Others, however, see break-ins as closer to traditional espionage and argue against metaphors of war and martial language to guide a response.
the Washington post first reported Sunday, that hackers, suspected of being Russian, compromised the Treasury and Commerce departments with network monitoring software created by SolarWinds.
Shortly before the Publish An article was published, cybersecurity firm FireEye reported that hackers had broken into the company and stole software tools used to mimic attacks in a breach later attributed to the SolarWinds vulnerability. Since Publish reported that a host of other federal agencies, including ministries of defense, state, homeland security and national institutes of health, have been potentially affected by the hack.
Hackers infiltrated their targets by breaking into SolarWinds’ network and using their access to distribute a malicious program update for the company, Orion, to customers.
In a statement to the Securities and Exchange Commission, officials at SolarWinds said that up to 18,000 of its 300,000 customers were potentially exposed to the corrupted version of its software. The company also reported that the vulnerability in its software was installed as early as March, meaning that hackers may have had nine months to search victims’ networks undisturbed.
Once installed, the malware remains inactive for a period of two weeks, after which it camouflages itself to look like normal network traffic as it reaches a command and control server and receives instructions and relays information outside of the network. network of targets, according to a technical assessment published by FireEye.
Neither U.S. officials nor cybersecurity experts have officially attributed the hacks to any actor, but officials told the Publish they believe the burglaries were carried out by hackers from the Russian Foreign Intelligence Service, often referred to by the nicknames “APT 29” and “Cozy Bear”. The APT 29 hackers are known for their stealth and skill and were allegedly responsible for the messaging systems breaches in 2014 at the State Department. Hackers were also reportedly responsible for an attempt to phish federal agencies and think tanks with emails containing malware impersonating a State Department official in 2018.
“It’s really going to turn into a situation where everyone is on the bridge.“
In an update released Thursday, the Cybersecurity and Infrastructure Security Agency (CISA) wrote that the hackers behind the SolarWinds break-ins have “demonstrated patience, operational security and complex know-how.” Cyber security officials also warned that the SolarWinds vulnerability “is not the only initial infection vector that this APT player has exploited,” suggesting that hackers may have found other backdoors to gain access. networks of federal agencies.
U.S. Senator Jim Inhofe (R-OK) and Jack Reed (D-RI), chairman and senior member of the Senate Armed Services Committee respectively, said in a statement Thursday evening that they had been briefed on the “Sophisticated cybersecurity and continuous intrusion” affecting federal agencies.
“We still don’t know a lot about the massive cyber-hacking that violated US cyber defenses, including federal agencies and large private sector companies. But we know that the cyber-intrusion appears to be in progress and that it has the characteristics of a Russian intelligence operation, ”the statement said. “The US government must do everything possible to counter it.”
Former and current officials who spoke to The Daily Beast said the incoming Biden administration will ultimately have to determine whether it is appropriate to take action to punish Russia, possibly through sanctions, for the ‘attack and to do so in the days following the inauguration.
“We are literally at war with people who are trying to undermine us,” Coats said. “There are parts of the federal government that have been very successful in addressing these issues. But it’s really going to turn into a situation where everyone is on the bridge. “
#Federal #government #years #warning #potential #nuclear #hacking #foreign #adversaries