SANTA FE – While the Department of Energy says that a cyberoffensive was limited to business networks, concerns remain about the depth of the breach and what threat it could still pose to national security and New Mexico’s two national laboratories.
Some news reports say that the hacks are believed to have been instigated by a Russian intelligence agency. The reports specifically mention Los Alamos and Sandia national laboratories, where atomic research is conducted, as being vulnerable.
In addition, Los Alamos National Laboratory is tasked with producing plutonium pits, the triggering device in nuclear warheads.
Earlier this week the Cybersecurity and Infrastructure Security Agency (CISA) issued a warning, calling the hack “a grave risk” to federal, state, local and tribal governments, as well as critical infrastructure entities and private sector businesses. It said the suspected breach dates back to at least March.
In a joint statement this week, CISA, the FBI and the director of national intelligence said they were working together to investigate a “significant ongoing cybersecurity campaign.”
“This is a developing situation, and while we continue to work to understand the full extent of this campaign, we know this compromise has affected networks within the federal government,” it said.
The statement says that CISA issued an emergency directive instructing federal civilian agencies to disconnect from networks using SolarWinds Orion products.
SolarWinds is an Austin, Texas, headquartered IT management software developer whose products are utilized by numerous government agencies, Fortune 500 companies and entities managing critical infrastructure.
On Thursday, the Department of Energy and National Nuclear Security Administration issued a statement acknowledging computer systems were compromised by the hack.
“The Department of Energy is responding to a cyber incident related to the Solar Winds compromise in coordination with our federal and industry partners,” said the statement attributed to DOE spokeswoman Shaylyn Hynes. “At this point, the investigation has found that the malware has been isolated to business networks only, and has not impacted the mission essential national security functions of the Department, including the National Nuclear Security Administration (NNSA). When DOE identified vulnerable software, immediate action was taken to mitigate the risk, and all software identified as being vulnerable to this attack was disconnected from the DOE network.”
Spencer Wilcox, security chief for PNM, on Friday would not say whether it utilizes SolarWinds, but noted that SolarWinds has more than 18,000 customers, including most government agencies and private companies.
PNM does not directly provide power to New Mexico’s national labs – that’s done through the Western Area Power Authority – but the company’s infrastructure makes up part of the electric grid the labs rely on. He said all electric utilities are susceptible to the hack.
“The odds are good that more than one of us are impacted by this software,” he said. “The reality is this is the biggest thing I’ve ever seen, and I’ve been doing this 30 years.”
He said in this day and age, it’s inevitable companies of all types will be targeted in cyberattacks.
“It’s not a matter of if, it’s a matter of when. This is going to happen to everybody.”
Wilcox said it may take some time before the extent of the damage is known.
Once the malware is introduced into the system, the software sends a signal to the attacker letting them know that it is live and available.
“Once the attacker knows that, they have the opportunity to come in and craft a way into your environment and set up command and control,” he said. “If they choose to attack you, they then begin to send malicious email, like phishing, or text messages or other ways to get into a device on your network. Once they’ve done that, they then take control of the software that’s already installed.
“What was really interesting about this one is none of it is a simple process, but they were very, very, very crafty in the way they put it together so that it evades detection and stays in once it’s there.”
Members of Congress were filled in on the attack on Friday. Early in the day, U.S. Rep. Jason Crow, D-Colorado, expressed alarm about the attack in a tweet.
“The situation is developing, but the more I learn this could be our modern day, cyber equivalent of Pearl Harbor.”
New Mexico Sen. Martin Heinrich, who sits on the Senate Armed Services and Intel committees, also characterized the hack as “an assault on our nation.”
“This massive intrusion – to include the reported compromise of unclassified networks supporting our national labs in New Mexico – is an assault on our nation, and those responsible must be held accountable.”
Heinrich said everyone should be alarmed at the scale and complexity of the cyberattack.
“We need a whole-of-government approach with engagement between the private and public sectors to provide a full accounting of what happened and deter future cyberattacks,” he said, adding he was surprised by the apparent disregard from President Trump, who has been silent on the matter. “Given the gravity of this breach, it’s concerning that President Trump is paying so little attention to it. In fact, he’s threatening to veto the National Defense Authorization Act that provides critical provisions to help defend against cyber threats.”
In a statement provided to the Journal, U.S. Sen. Tom Udall of New Mexico expressed concern over the attack but also cautioned against jumping to conclusions about the source.
“These attacks are deeply alarming and dangerous, and we must allow the investigations to continue and be careful not to draw early conclusions as cyber forensics experts go through the data to determine the extent of the damage and the parties responsible,” he said. “Cybersecurity is vitally important to our national security, and we need a thorough review of our efforts to protect these systems from attack.”
Jay Coghlan, executive director of Nuclear Watch New Mexico, said the breach escalates the threat of a nuclear catastrophe.
“On top of the dangers that we faced during the Cold War this now raises new concerns,” Coughlan said in a statement to the Journal. “Could our nuclear weapons be hacked for malicious reasons? Could hackers take advantage of LANL’s checkered safety and security record and cause a life threatening event in our own backyard? The sooner we all have a nuclear weapons-free world the safer we will be.”