Cyberattacks take two Energy labs offline
PNNL, Jefferson temporarily shut down e-mail, Internet access after 'sophisticated' attack
- By William Jackson
- Jul 06, 2011
Two Energy Department research facilities on opposite sides of the country have been taken offline by what one spokesman called a “sophisticated cyber attack.”
Officials became aware July 1 that the Pacific Northwest National Laboratory in Richland, Wash., and the Thomas Jefferson Laboratory National Accelerator Facility in Newport News, Va., were under attack, PNNL spokesman Greg Koller said.
All network services initially were shut down at PNNL, but external e-mail had been restored by the afteroon on July 6, Koller said. Internal e-mail and some intranet connections havd already been restored at the laboratory. The public website at www.pnl.gov remained offline July 6.
Oak Ridge lab shuts down e-mail, Internet after cyberattack
“We expect we will be able to get them online over the next three days,” Koller said.
The Jefferson Lab website at www.jlab.org also was unavailable on Wednesday.
Battelle Memorial Institute of Columbus, Ohio, which manages the Pacific Northwest Lab and several others for the Energy Department and the United Kingdom, also came under attack July 1. Battelle spokeswoman Katey Delaney said e-mail and outside access was shut down over the weekend, but was restored on July 5. She said the attack still was being investigated and could not comment on whether it appeared to be connected with the Energy Department attacks.
An Energy spokesman said no DOE facilities other than Pacific Northwest and Jefferson Lab appeared to be under attack as of July 6. He said investigators were “actively looking at the source of the attack,” but for security reasons would not release any of that information.
Koller said that security officials have gathered information about the nature of the attack and its source, but have not released it. He said there is no indication that any classified information has been compromised.
The Pacific Northwest lab has about a staff of about 4,900 persons, about 4,500 of them working at the Richland facility, with an annual budget of about $1 billion. Roughly half of its work is in national and homeland security research, with the most of the rest in the areas of energy and the environment.
The Jefferson Lab has 720 full time employees and 1,258 facility users and does work in nuclear physics and technology. In fiscal 2009, it had funding of $115 million, most of it from the DOE Office of Science.
Koller said that the disruptions caused by the attack were minimized by the holiday. “We have a fair number of people on vacation this week anyway,” he said. For others, it has meant extra work. “Through the long weekend we had folks working around the clock trying to fix the problem.” On the Fourth, Koller said, he counted 50 cars in the parking lot of an information services building on the PNNL campus.
By late evening of Tuesday, July 5, internal e-mail and some intranet access was restored, although external connections will remain down until malicious code delivered by the attack can be isolate and removed, and patches installed to fix vulnerabilities. Restoration of services is expected to continue through the rest of the week in what Koller called a “slow, gradual ramp-up.”
Although more details on the Pacific Northwest and Jefferson lab attacks were not immediately available, the incident appears to be the latest in a series of attacks targeting government and contractor systems.
In April, Internet access to the Oak Ridge National Laboratory was shut down for more than a week in the wake of a breach in which malicious code was introduced through a successful spear-phishing attack. At the time, the code was described as “very sophisticated,” and apparently designed to steal information from the lab’s network.
Both Oak Ridge and Pacific Northwest are managed by Battelle. Koller said there is frequent exchange of personnel between the two labs, and that lessons learned from the Oak Ridge incident are being applied at PNNL.
William Jackson is freelance writer and the author of the CyberEye blog.