Energy lab back online after cyberattack

Almost two weeks after a cyberattack forced the Energy Department’s Pacific Northwest National Laboratory in Richland, Wash., to go offline, the lab has restored Internet access and most public websites.

“Access to the Internet from PNNL’s network computers was re-enabled late Thursday afternoon,” said lab spokesman Geoff Harvey. “Additionally, most of PNNL’s external websites are operational,” although a handful of sites and systems remained down as additional security measures are being put in place.

Harvey said no classified or sensitive information was compromised, although there was what he described as “minimal exfiltration” of non-sensitive documents, many of which already were publicly available.


Related coverage:

Cyberattacks take two Energy labs offline


Response teams had been working to clean and restore IT systems after a breach that exploited a zero-day vulnerability was discovered July 1.

The Thomas Jefferson Laboratory National Accelerator Facility in Newport News, Va., also went offline for a period after suffering a similar exploit, and Battelle Memorial Institute of Columbus, Ohio, which manages the Pacific Northwest Lab and several others for the Energy Department and the United Kingdom, also came under attack July 1. Corporate e-mail and outside network access was shut down over the holiday weekend but was restored on Tuesday, July 5.

CIO Jerry Johnson said teams at Pacific Northwest found multiple malicious codes and tools as a result of the breach and is providing information on the attack to the Energy Department's Cyber Incident Response Center, which can share information with other response groups.

Johnson described the malware as an Advanced Persistent Threat, a class that typically is intended to quietly infiltrate a system and operate below the radar while searching for information or waiting for instructions, but did not give details.

The Pacific Northwest lab has about a staff of about 4,900 people, about 4,500 of them working at the Richland facility, with an annual budget of about $1 billion. Roughly half of its work is in national and homeland security analysis and research, with the most of the rest in the areas of energy, smart grid development and the environment.

The lab routinely repels more than four million probes and breach attempts a day, and because of its cybersecurity analytics and research it provides incident response assistance to other agencies and law enforcement.

Johnson attributed the length of time it took to clean up from the incident to the size and complexity of the IT environment, which includes petabytes of software and information and tens of thousands of devices linked to a 10-gigabit/second research network.

 

About the Author

William Jackson is a Maryland-based freelance writer.

Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.