Federal records obtained by USA Today via the Freedom of Information Act reveal that from 2010 to 2014, the U.S. Department of Energy (DOE) was targeted by hackers 1,131 times, with 159 successful occurrences.
Worth pointing out: 53 of the 159 successful hacks were deemed “root compromises”; that is, intrusions where the attackers were able to gain administrator-level privileges to the DOEs computer systems.
“That means you can do anything on the computer,” explains Manimaran Govindarasu, a professor in the Department of Electrical and Computer Engineering at Iowa State University who studies cybersecurity issues involving the power grid. “So that is definitely serious. Whether that computer was critical or just a simple office computer, we don't know.”
The numbers are startling. It means the Department tasked with overseeing the nation’s power systems is under a constant barrage of cyberattacks. Information being targeted includes systems containing sensitive data about energy labs, the country’s power grid, and its nuclear weapons stockpile.
In an interview with USA Today, Scott White, Professor of Homeland Security and Security Management and Director of the Computing Security and Technology program at Drexel University, said, “The potential for an adversary to disrupt, shut down (power systems), or worse . . . is real here.”
Additional material obtained in the reports includes notes on the Office of Science. Of the 17 DOE laboratories it is responsible for, 10 incurred 255 cyberattacks, with 90 being deemed successful breaches.
Of the 90 hacks to make it past security protocols, 28 were considered root compromises.
The DOEs computer systems were also targeted regularly during this timeframe, with 432 attack attempts made. 13 were successful, five of which were deemed root compromises.
And for those wondering about the aforementioned nuclear weapons stockpile, yes, this system was targeted as well — 113 times over the four years, with 19 being considered successful, 6 of which were deemed root compromises.
Naturally, DOE officials are mum on what and how much sensitive data relating to the country’s power grid and nuclear weapon stockpile was compromised / stolen. The Department also refused to answer questions on whether any of the hacks were tied to foreign governments.
“DOE does not comment on ongoing investigations or possible attributions of malicious activity,” confirmed spokesman Andrew Gumbiner. He did add that in all instances of malicious cybersecurity activity, the DOE “seeks to identify indicators of compromise and other cybersecurity relevant information, which it then shares broadly amongst all DOE labs, plants, and sites as well as within the entire federal government.”
The oversight and energy subcommittees of the House Committee on Science, Space and Technology are not resting on this report, or other previously published ones for that matter; they plan to meet and examine the vulnerabilities of the national electric grid and just how severe these threats are.
“As the electric grid continues to be modernized and become more interconnected,” the charter states, “the threat of a potential cybersecurity breach significantly increases.”
Download USA Today’s obtained documents here.
Via USA Today
Advertisement
Learn more about Electronic Products Magazine
