Cyberattack on US Department of Energy a ‘grave threat’

The attack is part of the huge SolarWinds hack that has hit other government agency systems and critical infrastructure. The US cybersecurity agency has warned it poses a serious risk.

The US Department of Energy (DoE) said on Thursday it was responding to a cyber breach on its networks. The incident is part of a massive hack campaign that has struck at least two other US government agencies.

Malware “has been isolated to business networks only,” an Energy Department spokeswoman Shaylyn Hynes said in a statement.

Nukes not affected

She denied an earlier report by US media outlet Politico that the attack had impacted US national security, including the National Nuclear Security Administration, which manages the country’s nuclear weapons stockpile.

Software that DoE officials identified as being vulnerable to the attack has been disconnected from the department’s network, Hynes added.

The nation’s cybersecurity agency on Thursday warned that the hack presented a “grave” risk to government and private networks.

Federal agencies and “critical infrastructure” were put at risk by the sophisticated attack that was hard to detect and will be difficult to undo, the Cybersecurity and Infrastructure Security Agency said in an unusual warning message.

Homeland Security, the agency’s parent department, defines critical infrastructure as any “vital” assets to the US or its economy. This includes power plants and financial institutions.

Fears over widespread network access

According to officials cited in the Politico report, hackers did more damage to networks at the DoE’s Federal Energy Regulatory Commission, or FERC, than any other branch of the agency. It also said the department’s Sandia and Los Alamos labs were hacked.

FERC regulates the transmission of gas and power between states but has no control over the US or regional power grids.

Senator Deb Fischer, a Republican who is the chair of the subcommittee that oversees nuclear forces, said she was confident in the security of US nuclear weapons but was “troubled” that hackers accessed NNSA’s network.

The hack “reinforces the need to modernize our nuclear enterprise in order to ensure it remains safe, secure, and effective in the face of evolving threats,” said Fischer, who has requested a briefing from the DoE.

  • Technologies that revolutionized warfare

    AI: ‘Third revolution in warfare’

    Over 100 AI experts have written to the UN asking them to ban lethal autonomous weapons — those that use AI to act independently. No so-called “killer robots” currently exist, but advances in artificial intelligence have made them a real possibility. Experts said these weapons could be “the third revolution in warfare,” after gunpowder and nuclear arms.

  • Technologies that revolutionized warfare

    Gunpowder

    The “first revolution in warfare” was invented by the Chinese, who started using the black substance between the 10th and 12th centuries to propel projectiles in simple guns. It gradually spread to the Middle East and Europe in the following two centuries. Once perfected, firearms using gunpowder proved to be far more lethal than the traditional bow and arrow.

  • Technologies that revolutionized warfare

    Artillery

    The invention of gunpowder also introduced artillery pieces to the battlefield. Armies started using basic cannons in the 16th century to fire heavy metal balls at opposing infantrymen and breach defensive walls around cities and fortresses. Far more destructive field guns were invented in the 19th century and went on to wreak havoc in the battlefields of World War I.

  • Technologies that revolutionized warfare

    Machine guns

    Guns that fire multiple rounds in rapid succession were invented in the late 19th century and immediately transformed the battlefield. Machine guns, as they came to be known, allowed soldiers to mow down the enemy from a protected position. The weapon’s grisly effectiveness became all too clear in WWI as both sides used machine guns to wipe out soldiers charging across no man’s land.

  • Technologies that revolutionized warfare

    Warplanes

    Military thinkers did not ignore the invention of the first airplane in 1903. Six years later, the US military bought the first unarmed military aircraft, the 1909 Wright Military Flyer. Inventors experimented with more advanced fighter and bomber aircraft in the following years. Both became standard features in many of the national air forces established by the end of WWI.

  • Technologies that revolutionized warfare

    Mechanization

    Armies had traditionally used soldiers and horses to fight and transport military equipment. But around WWI, they started using more machines such as tanks and armored vehicles. Faster and more destructive armies were the result. Nazi Germany put this new form of “mechanized warfare” to destructive effect in WWII using an attack strategy known as “Blitzkrieg” (“lightning war”).

  • Technologies that revolutionized warfare

    Missiles

    Although artillery was effective, it had a relatively limited range. The missile’s invention in WWII suddenly allowed an army to strike a target hundreds of kilometers away. The first missile — the German V-2 — was relatively primitive, but it laid the foundation for the development of guided cruise missiles and intercontinental ballistic missiles (ICBM) capable of carrying nuclear warheads.

  • Technologies that revolutionized warfare

    Jet engine

    Jet aircraft first saw action alongside traditional propeller airplanes at the end of WWII. Jet engines dramatically increased an aircraft’s speed, allowing it to reach a target quicker and making it far harder for an adversary to shoot it down. After WWII, military reconnaissance planes were developed that could fly higher than 25 kilometers (15.5 miles) and faster than the speed of sound.

  • Technologies that revolutionized warfare

    Nuclear weapons

    The “second revolution in warfare” announced its horrific arrival on August 6, 1945 when the US dropped the first nuclear bomb — “Little Boy” — on the city of Hiroshima in Japan, killing between 60,000 and 80,000 people instantly. In the Cold War that followed, the US and Soviet Union developed thousands of even more destructive warheads and raised the specter of a devastating nuclear war.

  • Technologies that revolutionized warfare

    Digitization

    Recent decades have witnessed the ever more prevalent use of computers to conduct war. The devices made military communication quicker and easier and radically improved the precision and efficiency of many weapons. Armed forces have recently focused on developing cyber warfare capabilities to defend national infrastructure and attack foreign adversaries in cyberspace.

    Author: Alexander Pearson


What do we know about the SolarWinds breach?

Hackers accessed federal agencies through holes in software from US-based company SolarWinds. Malicious code was hidden in updates to its Orion software in March that could give hackers the same views as in-house IT crews. Some 18,000 SolarWinds’ clients are thought to have downloaded the compromised updates. 

The Department of Homeland Security said on Thursday the hackers also used other techniques to gain access to networks.

Russian hackers are believed to be behind the attack. 

In addition to the DoE, two federal departments, the US Treasury and the Department of Commerce, have been hit.

Further US government departments, including the Defense and Justice departments, are assuming that the nonclassified networks have been accessed.

Microsoft also affected

Microsoft on Thursday said it detected a malicious version of the software from SolarWinds inside the company. Its investigation so far showed no evidence hackers had used Microsoft systems to attack customers, reported news agency Reuters.

“Like other SolarWinds customers, we have been actively looking for indicators of this actor and can confirm that we detected malicious Solar Winds binaries in our environment, which we isolated and removed,” a Microsoft spokesperson said, adding that the company had found “no indications that our systems were used to attack others.”

kmm/sms (Reuters, AP, AFP)

Read More