US agency in charge of power grid and nukes keeps getting breached

DOE cyberattackedThe US Department of Energy (DOE), which oversees the US power grid, nuclear arsenal and national science labs, is a prime target for cyberattackers who want to harm the United States.

Now we are beginning to glimpse the extent of the threat, thanks to unclassified records obtained through a Freedom of Information Act request by USA Today.

The government records show cyberattackers successfully compromised the DOE 159 times between October 2010 and October 2014, and attacked the agency a total of 1131 times during that period.

USA Today reports that 53 of the successful attacks were root compromises, meaning the attackers had administrator privileges on compromised DOE computer systems.

Of the 159 successful intrusions, 90 compromised the DOE Office of Science, which conducts energy research, and another 19 attacks compromised the National Nuclear Security Administration – the agency in charge of securing the nation’s stockpile of nuclear weapons.

The DOE disclosed a breach in July 2013 that compromised personal records of 104,000 past and current federal workers, contractors and their dependents.

But the DOE isn’t saying what data or systems may have been compromised in the other 158 breaches – that information has been redacted from the records.

A DOE spokesperson told USA Today that the agency can’t comment on investigations into the compromises or who might have been behind them.

But it’s quite possible that other nation states could be the culprits, as the US’s top cybersecurity official alluded to in a speech in Washington, DC this week.

Admiral Michael Rogers, head of US Cyber Command and the National Security Agency, said nation states are spending a lot of time and effort to gain access to the US power grid and other critical infrastructure, according to the Wall Street Journal.

Those nation states want to have “options and capabilities” against the US, Rogers said:

We have seen nation states spending a lot of time and a lot of effort to try to gain access to the power structure within the United States, to other critical infrastructure, and you have to ask yourself why. It's because in my mind they are doing this with a purpose, doing this as a way to generate options and capabilities for themselves should they decide that they want to potentially do something.

How the US can defend itself against these threats is an open question right now.

Should the US develop its own offensive cyber capabilities as a deterrent? Should it use economic sanctions against countries like China that have a history of cyberattacks on US interests?

Perhaps the US government should focus first on cleaning its own house.

USA Today reports that an audit last year found 41 DOE servers and 14 workstations used default or easily guessed passwords.

That’s making an attacker’s job far too easy.

Image of high voltage warning sign courtesy of Shutterstock.com.