Energy Dept., nuclear agency breached as part of massive cyberattack

Agencies within the Department of Energy (DOE), including portions of the agency charged with maintaining the nation’s nuclear weapons stockpile, were breached as part of a massive hack on an IT group that has hit almost a dozen federal agencies, officials said Thursday.

DOE spokesperson Shaylyn Hynes confirmed to The Hill that “business networks” for the National Nuclear Security Administration (NNSA) were impacted as part of the infiltration of SolarWinds software. The spokesperson said the department is responding to the cyber incident “in coordination with our federal and industry partners. The investigation is ongoing and the response to this incident is happening in real time.”

“At this point, the investigation has found that the malware has been isolated to business networks only, and has not impacted the mission essential national security functions of the Department, including the National Nuclear Security Administration (NNSA),” Hynes added in a statement. “When DOE identified vulnerable software, immediate action was taken to mitigate the risk, and all software identified as being vulnerable to this attack was disconnected from the DOE network.”

Politico first reported the news Thursday, noting other Energy agencies that found “suspicious activity” in their networks included the Federal Energy Regulatory Commission (FERC), the Sandia and Los Alamos national laboratories, the Office of Secure Transportation and the Energy Department’s Richland Field Office. According to the publication, more damage was done at FERC than at any of the other agencies.

The House Energy and Commerce and Senate Energy and Natural Resources panels, which have jurisdiction over the agencies, did not immediately respond to inquires on Thursday afternoon.

The Washington Post on Sunday had attributed the nation state attack against SolarWinds to a prolific Russian military hacking group known as “Cozy Bear.”

Sen. Deb Fischer (R-Neb.), the chair of the Senate Armed Services Committee’s subcommittee on strategic forces with jurisdiction over the NNSA, said in a statement Thursday that she was “troubled” by the breach, and that she had requested a briefing from the Department of Energy “as soon as possible.”

“I have great confidence in the safety and security of our nuclear weapons,” Fischer said. “Nevertheless, I’m troubled by reports that hackers accessed the National Nuclear Security Administration’s network.

“Our nuclear deterrent is the bedrock of our national security,” she added. “The NNSA’s infrastructure and computer systems play a vital role and must be protected. This report reinforces the need to modernize our nuclear enterprise in order to ensure it remains safe, secure, and effective in the face of evolving threats.”

Other agencies hit as part of the massive espionage effort, which has been in progress since as early as March, include the Department of Homeland Security, the State Department, the Treasury Department, the Commerce Department, and branches of the Pentagon.

The breach could still be far wider, with SolarWinds counting the majority of U.S. federal agencies as customers, along with more than 400 of the U.S. Fortune 500 companies. The company estimated earlier this week that around 18,000 of its customers may have been affected by the breach.

While President Trump had not yet addressed the incident, likely to be one of the most widespread cyberattacks in U.S. history, President-elect Joe Biden put out a statement Thursday vowing to make cybersecurity a “top priority” once in office. 

“I want to be clear: My administration will make cybersecurity a top priority at every level of government — and we will make dealing with this breach a top priority from the moment we take office,” Biden said. 

Lawmakers on both sides of the aisle have called for more action in responding to the incident, with multiple committees receiving classified briefings on the incident this week. 

Sen. Mitt Romney (R-Utah), a member of the Senate Foreign Relations Committee, tweeted Thursday that “the cyber hack is like Russian bombers have been repeatedly flying undetected over our entire country,” calling for a “national security re-set.”

Sen. Richard Blumenthal (D-Conn.) described the incident in a tweet Tuesday as “stunning” after emerging from a Senate Armed Services cybersecurity subcommittee briefing.

“Today’s classified briefing on Russia’s cyberattack left me deeply alarmed, in fact downright scared,” Blumenthal tweeted. “Americans deserve to know what’s going on. Declassify what’s known & unknown.”

The federal government has begun responding to the cyberattack, with the Cybersecurity and Infrastructure Security Agency (CISA), the FBI and the Office of the Director of National Intelligence standing up a Cyber Unified Coordination Group this week to coordinate the investigation. 

CISA also put out an emergency directive on Sunday ordering federal agencies to immediately disconnect systems from SolarWinds products. However, the agency warned in a separate alert on Thursday that the hackers may have accessed agencies through other means as well, describing the espionage operation as a “grave risk” to national security.

Updated: 5:43 p.m.