Two weeks after breach, Energy lab back online
- By William Jackson
- Jul 15, 2011
Almost two weeks after an Advanced Persistent Threat forced the Energy Department’s Pacific Northwest National Laboratory in Richland, Wash., to go offline, Internet access and most public websites have been restored.
“Access to the Internet from PNNL’s network computers was re-enabled late Thursday afternoon,” said lab spokesman Geoff Harvey. “Additionally, most of PNNL’s external websites are operational,” although a handful of sites and systems remained down as additional security measures are being put in place.
Harvey said no classified or sensitive information was compromised, although there was what he described as “minimal exfiltration” of non-sensitive documents, many of which already were publicly available.
Cyberattacks take two Energy labs offline
Response teams had been working to clean and restore IT systems after a breach that exploited a zero-day vulnerability was discovered July 1.
The Thomas Jefferson Laboratory National Accelerator Facility in Newport News, Va., also went offline for a period after suffering a similar exploit, and Battelle Memorial Institute of Columbus, Ohio, which manages the Pacific Northwest Lab and several others for the Energy Department and the United Kingdom, also came under attack July 1. Corporate e-mail and outside network access was shut down over the holiday weekend but was restored on Tuesday, July 5.
CIO Jerry Johnson said teams at Pacific Northwest found multiple malicious codes and tools as a result of the breach and is providing information on the attack to the Energy Department's Cyber Incident Response Center, which can share information with other response groups.
Johnson described the malware as an Advanced Persistent Threat, a class that typically is intended to quietly infiltrate a system and operate below the radar while searching for information or waiting for instructions, but did not give details.
The Pacific Northwest lab has about a staff of about 4,900 people, about 4,500 of them working at the Richland facility, with an annual budget of about $1 billion. Roughly half of its work is in national and homeland security analysis and research, with the most of the rest in the areas of energy, smart grid development and the environment.
The lab routinely repels more than four million probes and breach attempts a day, and because of its cybersecurity analytics and research it provides incident response assistance to other agencies and law enforcement.
Johnson attributed the length of time it took to clean up from the incident to the size and complexity of the IT environment, which includes petabytes of software and information and tens of thousands of devices linked to a 10-gigabit/second research network.
William Jackson is freelance writer and the author of the CyberEye blog.