Energy lab back online after cyberattack

Almost two weeks after a cyberattack forced the Energy Department’s Pacific Northwest National Laboratory in Richland, Wash., to go offline, the lab has restored Internet access and most public websites.

“Access to the Internet from PNNL’s network computers was re-enabled late Thursday afternoon,” said lab spokesman Geoff Harvey. “Additionally, most of PNNL’s external websites are operational,” although a handful of sites and systems remained down as additional security measures are being put in place.

Harvey said no classified or sensitive information was compromised, although there was what he described as “minimal exfiltration” of non-sensitive documents, many of which already were publicly available.


Related coverage:

Cyberattacks take two Energy labs offline


Response teams had been working to clean and restore IT systems after a breach that exploited a zero-day vulnerability was discovered July 1.

The Thomas Jefferson Laboratory National Accelerator Facility in Newport News, Va., also went offline for a period after suffering a similar exploit, and Battelle Memorial Institute of Columbus, Ohio, which manages the Pacific Northwest Lab and several others for the Energy Department and the United Kingdom, also came under attack July 1. Corporate e-mail and outside network access was shut down over the holiday weekend but was restored on Tuesday, July 5.

CIO Jerry Johnson said teams at Pacific Northwest found multiple malicious codes and tools as a result of the breach and is providing information on the attack to the Energy Department's Cyber Incident Response Center, which can share information with other response groups.

Johnson described the malware as an Advanced Persistent Threat, a class that typically is intended to quietly infiltrate a system and operate below the radar while searching for information or waiting for instructions, but did not give details.

The Pacific Northwest lab has about a staff of about 4,900 people, about 4,500 of them working at the Richland facility, with an annual budget of about $1 billion. Roughly half of its work is in national and homeland security analysis and research, with the most of the rest in the areas of energy, smart grid development and the environment.

The lab routinely repels more than four million probes and breach attempts a day, and because of its cybersecurity analytics and research it provides incident response assistance to other agencies and law enforcement.

Johnson attributed the length of time it took to clean up from the incident to the size and complexity of the IT environment, which includes petabytes of software and information and tens of thousands of devices linked to a 10-gigabit/second research network.

 

About the Author

William Jackson is a Maryland-based freelance writer.

Featured

  • FCW PERSPECTIVES
    sensor network (agsandrew/Shutterstock.com)

    Are agencies really ready for EIS?

    The telecom contract has the potential to reinvent IT infrastructure, but finding the bandwidth to take full advantage could prove difficult.

  • People
    Dave Powner, GAO

    Dave Powner audits the state of federal IT

    The GAO director of information technology issues is leaving government after 16 years. On his way out the door, Dave Powner details how far govtech has come in the past two decades and flags the most critical issues he sees facing federal IT leaders.

  • FCW Illustration.  Original Images: Shutterstock, Airbnb

    Should federal contracting be more like Airbnb?

    Steve Kelman believes a lighter touch and a bit more trust could transform today's compliance culture.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.