BLOG purpose

This BLOG is for LLNL present and past employees, friends of LLNL and anyone impacted by the privatization of the Lab to express their opinions and expose the waste, wrongdoing and any kind of injustice against employees and taxpayers by LLNS/DOE/NNSA. The opinions stated are personal opinions. Therefore, The BLOG author may or may not agree with them before making the decision to post them. Comments not conforming to BLOG rules are deleted. Blog author serves as a moderator. For new topics or suggestions, email jlscoob5@gmail.com

Monday, September 28, 2015

ENERGY DEPT STRUCK BY CYBER ATTACKS


USA Today -- September 10, 2015
by Steve Reilly

Cyber attackers successfully compromised the security of U.S. Department of Energy computer systems more than 150 times between 2010 and 2014, according to a review of federal records obtained by USA TODAY.

Incident reports submitted by federal officials and contractors since late 2010 to the Energy Department's Joint Cybersecurity Coordination Center shows a near-consistent barrage of attempts to breach the security of critical information systems that contain sensitive data about the nation's power grid, nuclear weapons stockpile and energy labs.

The records, obtained by USA TODAY through the Freedom of Information Act, show DOE components reported a total of 1,131 cyberattacks over a 48-month period ending in October 2014. Of those attempted cyber intrusions, 159 were successful.

"The potential for an adversary to disrupt, shut down (power systems), or worse … is real here," said Scott White, Professor of Homeland Security and Security Management and Director of the Computing Security and Technology program at Drexel University. "It's absolutely real."

Energy Department officials would not say whether any sensitive data related to the operation and security of the nation's power grid or nuclear weapons stockpile was accessed or stolen in any of the attacks, or whether foreign governments are believed to have been involved.

"DOE does not comment on ongoing investigations or possible attributions of malicious activity," Energy Department spokesman Andrew Gumbiner said in a statement.

In all cases of malicious cybersecurity activity, Gumbiner said the Energy Department "seeks to identify indicators of compromise and other cybersecurity relevant information, which it then shares broadly amongst all DOE labs, plants, and sites as well as within the entire federal government."

The National Nuclear Security Administration, a semi-autonomous agency within the Energy Department responsible for managing and securing the nation's nuclear weapons stockpile, experienced 19 successful attacks during the four-year period, records show.

While information on the specific nature of the attacks was redacted from the records prior to being released, numerous Energy Department cybersecurity vulnerabilities have been identified in recent years by the department's Office of Inspector General, an independent watchdog agency.

After a cyber attack in 2013 resulted in unauthorized access to personally identifying information for more than 104,000 Energy Department employees and contractors, auditors noted "unclear lines of responsibility" and "lack of awareness by responsible officials." In an audit report released in October of last year, the Inspector General found 41 Energy Department servers and 14 workstations "were configured with default or easily guessed passwords."

http://www.usatoday.com/story/news/2015/09/09/cyber-attacks-doe-energy/71929786/

No comments:

Blog Archive