Hackers accessed systems at the National Nuclear Security Administration

According to media reports, the U.S. Energy Department and National Nuclear Security Administration have evidence that hackers accessed their networks as part of a major cyber espionage operation that affected many U.S. federal agencies.

POLITICO reports that DOE and NNSA officials notified their congressional oversight bodies of the breach after being briefed by Rocky Campione, CIO at Department of Energy (DOE). "They found suspicious activity in networks belonging to the Federal Energy Regulatory Commission (FERC), Sandia and Los Alamos national laboratories in New Mexico and Washington, the Office of Secure Transportation at NNSA, and the Richland Field Office of the DOE," POLITICO notes.

Since the Cybersecurity and Infrastructure Security Agency (CISA) has been overwhelmed helping coordinate federal response to the hacking operation, DOE will be allocating more resources to respond and help further investigate. Just yesterday, CISA, the Federal Bureau of Investigation (FBI), and the Office of the Director of National Intelligence (ODNI) released a joint statement, notifying the public and private sector they had formed a Cyber Unified Coordination Group (UCG) to coordinate a whole-of-government response to this significant cyber incident. The UCG is intended to unify the individual efforts of these agencies as they focus on their separate responsibilities.

"At this point, the investigation has found that the malware has been isolated to business networks only, and has not impacted the mission essential national security functions of the department, including the National Nuclear Security Administration," Shaylyn Hynes, a DOE spokesperson, said in a statement. "When DOE identified vulnerable software, immediate action was taken to mitigate the risk, and all software identified as being vulnerable to this attack was disconnected from the DOE network.”

Rick Holland, Chief Information Security Officer, Vice President Strategy at Digital Shadows, a San Francisco-based provider of digital risk protection solutions, says while the reporting cannot be confirmed, it is entirely possible that additional government agencies have been targeted in this campaign. "As the incident response activities and historical hunting continue, more details will trickle out to the public, however the general public is unlikely to ever know the complete scope and implications of these intrusions.”

Tom Pendergast, Chief Learning Officer at MediaPro, a Seattle, Washington-based provider of cybersecurity and privacy education, notes, “It appears that human error wasn’t directly implicated in this incident, but the fact that nation state actors had months of gathering inside information that they could use to extort or manipulate employees within the breached companies should ignite planning right now to prepare employees to fend off social engineering attempts that utilize this information. Imagine how easy it would be to scam an employee if you could examine all their communications? This is a ticking time bomb that may take many years to explode.”

Brandon Hoffman, Chief Information Security Officer at Netenrich, a San Jose, Calif.-based provider of IT, cloud, and cybersecurity operations and services, says this is really just the beginning. He adds, "As soon as we think it can’t get any worse, more evidence will be found. The government needs to really step up and prepare for the fallout of all this data loss. Claiming we don’t know will not satisfy the public about the state of national security. There needs to be some level of transparency about what was taken and how we plan to respond based on all the potential ways this data can be used.”

Mark Kedgley, CTO at New Net Technologies (NNT), a Naples, Florida-based provider of cybersecurity and compliance software, warns there is no such thing as 100% secure so having effective breach detection is just as critical as preventative, vulnerability management controls. "Establishing a secure baseline and operating sensitive integrity monitoring is the only way to guarantee systems have not been tampered with.”

Maria Henriquez is a former Associate Editor of Security. She covered topics including cybersecurity and physical security, risk management and more.

ON DEMAND: In this webinar, Regina Lester, Vice President of Security & Safety Operations at Toledo Zoo, will share her insights on implementing security technologies in the entertainment sector and the challenges all organizations face — large and small — when it comes to balancing budget and security.