Department of Energy computers have been breached more than 150 times in the past five years, a new investigation reveals, once again raising questions about the vulnerability of critical government networks amid a wave of attacks.
Documents obtained by USA Today through Freedom of Information Act requests indicate the department’s systems were attacked 1,131 times between 2010 and 2014.
Cybercriminals were successful with only 14 percent of their attacks, but that still allowed hackers to breach the Energy Department’s system at least 159 times during a 48-month span, USA Today reported. Of those intrusions, perpetrators were able to gain total administrative privileges for the agency’s computer systems through 53 separate attacks.
Officials declined to tell USA Today if sensitive data was stolen, but the paper reported that 19 of the attacks were incurred by the National Nuclear Security Administration, a department subset that manages the nation’s nuclear weapons stockpile.
“The potential for an adversary to disrupt, shut down [power systems], or worse … is real here,” Prof. Scott White of Drexel University’s Computing Security and Technology program told the paper. “It’s absolutely real.”
Other computers targeted through the cyberattacks include those related to the nation’s power grid and energy labs, Reilly wrote.
“DOE does not comment on ongoing investigations or possible attributions of malicious activity,” department spokesman Andrew Gumbiner said in a statement to the paper.
News of the intrusions were first reported Thursday, the same day that the nation’s top intelligence official told a congressional committee that the U.S. is in dire need of adopting cybersecurity legislation amid a barrage of attacks in recent months that have targeted the government and private sector alike.
Director of National Intelligence James Clapper told a House panel that escalating “cyberthreats” by nation-states such as China and Russia “are increasing in frequency, scale, sophistication and the severity of impact.”
The Energy Department acknowledged in 2013 that hackers had breached its systems and accessed the personally identifiable information of more than 104,000 government employees and contractors. A subsequent audit of the agency’s systems found dozens of instances in which lax security practices, if any, were employed.
“We found that the department had not taken appropriate action to remediate known vulnerabilities in its systems either through patches, system enhancements or upgrades,” Gregory H. Friedman, the Energy Department Inspector General, said at the time.
U.S. prosecutors accuse a British man, Lauri Love, of responsibility for that hack and others against government targets. He is currently facing possible extradition.
Last month, a House committee acknowledged at least five separate divisions within the Department of Health and Human Services had been breached by hackers in the past three years.
“At a time when sensitive information is held by so many in the public and private sectors, Americans should not have to worry that the U.S. government is left so vulnerable to attack,” House Energy and Commerce Committee Chairman Fred Upton, Michigan Republican, and Oversight and Investigations Subcommittee Chairman Tim Murphy, Pennsylvania Republican, said at the time.
• Andrew Blake can be reached at ablake@washingtontimes.com.
Please read our comment policy before commenting.