美国国家核安全局遭受大规模黑客网络攻击(英文)

2020-12-20 智邦网

编译

美国空军杂志12月18日报道,美国能源部首席信息官洛奇·坎皮奥尼17日通报,有证据表明,能源部及其国家核安全局(NNSA)网络遭受大规模黑客间谍活动入侵攻击,联邦能源管理委员会(FERC)、桑迪亚国家实验室、洛斯阿拉莫斯国家实验室、国家核安全局安全运输办公室以及能源部里奇兰办事处的网络发现了可疑入侵活动,其中FERC受影响最为严重。

NNSA是美国核弹头现代化和保持核武库能力的研发管理机构,在美国核力量建设中居核心地位;桑迪亚和洛斯阿拉莫斯国家实验室专门从事民用核能与核武器方面研究开发;国家核安全局安全运输办公室负责浓缩铀及其它关键材料的运输保障;能源部里奇兰办事处主要负责汉福德核废料基地的处理与处置监管。

能源部发言人萨琳·海因斯称,调查发现,黑客未能侵入关键的防御系统,由于业务网络对恶意软件的隔离,入侵对能源部的任务核心国家安全功能,包括NNSA未造成影响。但也发现,黑客已经具备能力侵入美国国家安全体系的核心部分网络,通过攻破“太阳风”公司政务信息系统的软件而侵入联邦政府网络。

 

Nuclear weapons agency breached amid massive cyber onslaught

Hackers accessed systems at the National Nuclear Security Administration, which maintains the U.S. nuclear weapons stockpile.

The Energy Department and National Nuclear Security Administration have evidence that hackers accessed their networks as part of an extensive espionage operation that has affected at least half a dozen federal agencies. | Manuel Balce Ceneta/AP Photo

By NATASHA BERTRAND and ERIC WOLFF

12/17/2020 03:29 PM EST

Updated: 12/17/2020 03:46 PM EST

Air Force Magazine 10月18日报道

The Energy Department and National Nuclear Security Administration, which maintains the U.S. nuclear weapons stockpile, have evidence that hackers accessed their networks as part of an extensive espionage operation that has affected at least half a dozen federal agencies, officials directly familiar with the matter said.

On Thursday, DOE and NNSA officials began coordinating notifications about the breach to their congressional oversight bodies after being briefed by Rocky Campione, the chief information officer at DOE.

They found suspicious activity in networks belonging to the Federal Energy Regulatory Commission (FERC), Sandia and Los Alamos national laboratories in New Mexico and Washington, the Office of Secure Transportation at NNSA, and the Richland Field Office of the DOE.

The hackers have been able to do more damage at FERC than the other agencies, and officials there have evidence of highly malicious activity, the officials said, but did not elaborate.

The officials said that the Cybersecurity and Infrastructure Security Agency, which has been helping to manage the federal response to the broad hacking campaign, indicated to FERC this week that CISA was overwhelmed and might not be able to allocate the necessary resources to respond. DOE will therefore be allocating extra resources to FERC to help investigate the hack, even though FERC is a semi-autonomous agency, the officials said.

Several top officials from CISA, including its former director Christopher Krebs, have either been pushed out by the Trump administration or resigned in recent weeks.

Federal investigators have been combing through networks in recent days to determine what hackers had been able to access and/or steal, and officials at DOE still don’t know whether the attackers were able to access anything, the people said, noting that the investigation is ongoing and they may not know the full extent of the damage “for weeks.”

Shaylyn Hynes, a DOE spokesperson, said that an ongoing investigation into the hack has found that the perpetrators did not get into critical defense systems.

“At this point, the investigation has found that the malware has been isolated to business networks only, and has not impacted the mission essential national security functions of the department, including the National Nuclear Security Administration,” Hynes said in a statement. “When DOE identified vulnerable software, immediate action was taken to mitigate the risk, and all software identified as being vulnerable to this attack was disconnected from the DOE network.”

The attack on DOE is the clearest sign yet that the hackers were able to access the networks belonging to a core part of the U.S. national security enterprise. The hackers are believed to have gained access to the federal agencies’ networks by compromising the software company SolarWinds, which sells IT management products to hundreds of government and private-sector clients.

DOE officials were planning on Thursday to notify the House and Senate Energy committees, House and Senate Energy and Water Development subcommittees, House and Senate Armed Services committees, and the New Mexico and Washington State delegations of the breach, the officials said.

CISA, the FBI and the Office of the Director of National Intelligence acknowledged the “ongoing” cybersecurity campaign in a joint statement released on Wednesday, saying that they had only become aware of the incident in recent days.

“This is a developing situation, and while we continue to work to understand the full extent of this campaign, we know this compromise has affected networks within the federal government,” the statement read. The U.S. government has not blamed any particular actor for the hacks yet, but cybersecurity experts have said the activity bears the hallmarks of Russia’s intelligence services.

NNSA is responsible for managing the nation’s nuclear weapons, and while it gets the least attention, it takes up the vast majority of DOE’s budget. Similarly, the Sandia and Los Alamos National Labs conduct atomic research related to both civil nuclear power and nuclear weapons. The Office of Secure Transportation is tasked with moving enriched uranium and other materials critical for maintaining the nuclear stockpile.

Hackers may have been casting too wide a net when they targeted DOE’s Richland Field Office, whose primary responsibility is overseeing the cleanup of the Hanford nuclear waste site in Washington state. During World War II and the Cold War, the U.S. produced two- thirds of its plutonium there, but the site hasn’t been active since 1971.

The attack on the Federal Energy Regulatory Commission may have been an effort to disrupt the nation’s bulk electric grid. FERC doesn’t directly manage any power flows, but it does store sensitive data on the grid that could be used to identify the most disruptive locations for future attacks.

2020-12-20智邦网

声明:本平台发布部分内容来自公开资料或者网络,版权归原作者所有,转载的目的在于传递信息及用于网络分享,不代表本平台赞同其观点,如涉版权问题,请与我们联系,我们第一时间处理。