The Department of Energy and the National Nuclear Security Administration, which maintains the U.S. nuclear weapons stockpile, told congressional staffers in several briefings this week that there is currently no known impact to its classified systems from a massive hack that targeted its networks, according to an official with direct knowledge of the briefings.
The officials told staffers, however, that the incident has proven how difficult it is to monitor the Energy Department’s unclassified systems, and acknowledged that an issue with a network extension within the Office of Secure Transportation — which specializes in the secure transportation of nuclear weapons and materials — had been discovered.
Energy Secretary Dan Brouillette, DOE’s Chief Information Officer Rocky Campione, and NNSA CIO Wayne Jones all participated in the briefings to the relevant congressional oversight bodies.
The officials told congressional staffers that there was an attempt to breach Los Alamos National Laboratory and the nuclear administration’s field office in Nevada via the vulnerability in a software developed by SolarWinds — a company whose IT management tools are used across the government. The supply-chain attack has affected dozens of federal and private sector entities, who were exploited by suspected Russian hackers as early as March of this year.
The officials said they do not consider either the lab or the field office to have been compromised, and noted that all national labs have been instructed to shut down and fully remove SolarWinds products from their systems.
Still, the department’s investigation is ongoing, the officials said, and neither DOE nor NNSA has a full picture of the impact of the hack — or what it will cost to fix it. The officials said it will probably be expensive to mitigate the damage and prevent it from happening again, but that they are still determining what kind of extra funding and resources the department will need.
The internal investigation has been complex and time-consuming because the compromised SolarWinds software was used widely throughout the nuclear security administration, officials told the staffers — including at the Los Alamos, Lawrence Livermore, and Sandia national labs; NNSA headquarters; NNSA’s Emergency Communication Network; NNSA’s Mixed Oxide Fuel Fabrication Facility, where fuel is made for reactors; the Nevada National Security Site, a disposal site; and Naval Reactors, which provides propulsion plants for nuclear powered ships.
DOE first found evidence of the hack last Monday, officials familiar with the matter said, and began coordinating notifications about the breach to their congressional oversight bodies on Thursday after being briefed by Campione, who oversees DOE’s cybersecurity. Campione told DOE officials last week that, in addition to the labs and the Office of Secure Transportation, suspicious activity had also been found in networks belonging to the Federal Energy Regulatory Commission (FERC), which stores sensitive data on the nation’s bulk electric grid.
Shaylyn Hynes, a DOE spokesperson, said in a statement last week that an ongoing investigation into the hack had found that the perpetrators did not get into critical defense systems.
“At this point, the investigation has found that the malware has been isolated to business networks only, and has not impacted the mission essential national security functions of the department, including the National Nuclear Security Administration,” Hynes said. “When DOE identified vulnerable software, immediate action was taken to mitigate the risk, and all software identified as being vulnerable to this attack was disconnected from the DOE network.”