Energy lab still offline in wake of July 1 attack
- By William Jackson
- Jul 11, 2011
Ten days after being targeted by what a spokesman called a “highly sophisticated cyber attack,” the Energy Department’s Pacific Northwest National Laboratory in Richland, Wash., remains cut off from most of its Internet access as staff works to find and correct problems.
Internal e-mail and intranet services and some external services were restored last week, but the lab’s Web site at www.pnnl.gov remained down July 11 and the lab still has no Internet connection.
“There is no estimated timeline for restoring remote services,” said PNNL spokesman Greg Koller. “They will be restored once we are able to add the appropriate security patches and when we can guarantee we are not vulnerable to further attacks of this nature.”
Cyberattacks take two Energy labs offline
Ongoing storm of cyberattacks is preventable, experts say
Koller said staff has been working around the clock since July 1 to restore services, but that no classified information was threatened in the incident and that there is no indication that information from the lab’s unclassified networks has been compromised.
Pacific Northwest is one of two Energy Department labs targeted in the attack. The Thomas Jefferson Laboratory National Accelerator Facility in Newport News, Va., also went offline for a period after the attack was discovered, but restored Internet services and began rebuilding its Web site at www.jlab.org last week.
Battelle Memorial Institute of Columbus, Ohio, which manages the Pacific Northwest Lab and several others for the Energy Department and the United Kingdom, also came under attack July 1. E-mail and outside access was shut down over the holiday weekend but was restored on Tuesday, July 5.
Pacific Northwest Lab became aware of the attack July 1 and as a precaution quickly shut down most internal network services, including e-mail, SharePoint, a wireless network, voicemail and Internet access. Internal e-mail services and intranet services were restored July 5. Other services, including as SharePoint, voice mail and access to the wireless network (without Internet access) were gradually restored, and external e-mail restored July 6. BlackBerry service was restored late July 7.
Koller said that because of PNNL’s cybersecurity analytics and research, and its assistance to other agencies and law enforcement, it is not surprising that the lab was targeted.
“We are on the front-lines of many of today’s major issues, from enhancing the power grid to reducing dependence on imported oil, and designing materials and chemicals for novel energy solutions to protecting our nation from acts of terrorism,” he said. In-house expertise gained in helping other organizations analyze and respond to attacks was used in responding to this incident, he added.
Koller said the lab routinely repels more than 4 million probes and attempts against its external network defenses each day. “The vast majority of these attacks are simple to detect and defend,” he said. “This attack is much more sophisticated.”
William Jackson is freelance writer and the author of the CyberEye blog.