The United States Department of Energy (DOE), the agency responsible for regulating America’s power grid, nuclear arsenal, and national labs, was revealed to have been hacked 159 times between 2010 and 2014, new federal records obtained by reporters disclose.
Records were acquired by the USA Today through the Freedom of Information Act, and show just how often the agency is under attack, with 1,131 cyberattacks reported during the 48 month period. With 159 of those attacks being successful.
However, information on the specifics of the attacks was redacted before being publicly released, and DOE officials chose not to comment when asked if sensitive information relating to the nation’s power grid or nuclear stockpile had been illegally accessed or stolen.
Of the information disclosed, nineteen attacks successfully targeted the National Nuclear Security Administration, which is responsible for managing the the United States nuclear weapons. Ninety attacks were tied to the DOE’s Office of Science, the agencies scientific research branch.
Fifty-three successful attacks were root compromises, giving the attackers administrative privileges to the DOE’s computer systems.
“The potential for an adversary to disrupt, shut down (power systems), or worse … is real here,” Scott White told the USA Today, a Professor of Homeland Security and Security Management and Director of the Computer Security and Technology program at Drexel University. “It’s absolutely real.”
Industry experts expressed their thoughts, stating they aren’t surprised these type of attacks occur on federal agencies and said they will continue to occur til a proper security policy is put in place and successfully implemented.
Previous breaches at the Department of Energy include a breach dating back to January 2013, when several hundred employee’s and contractors’ had their personal information exposed, alongside another breach in July 2013 that exposed some 53,000 current and former employee’s names, Social Security numbers and date of birth.
In an audit report of their systems following the cyber attacks, an audit dating back to October of last year found 41 Energy Department servers and 14 workstations “were configured with default or easily guessed passwords.”
“As the electric grid continues to be modernized and become more interconnected,” the congressional committee’s charter said, “the threat of a potential cybersecurity breach significantly increases.”