Defense Research Labs Targeted in Attacks

Thursday, July 07, 2011

Headlines

69dafe8b58066478aea48f3d0f384820

Reports have surfaced that indicate two government research labs and a defense contractor were the targets of attacks against their information systems.

The unauthorized access events occurred at the Pacific Northwest National Laboratory (PNNL), the Battelle Corp - a government contractor that manages PNNL, and the Thomas Jefferson National Laboratory.

The three facilities cut off external internet connections after becoming aware of the attacks, and early indications are that no critical systems were breached.

"The good news is no classified information has been compromised or is in danger from this attack. At this time, we have not found any indication of 'exfiltration' of information from our unclassified networks as well," said PNNL spokesman Greg Koller.

Attacks against critical defense entities is a growing area of concern the nation seeks to bolster detection and mitigation strategies.

"This is really hard for us to think about. If we don't act boldly, something really bad is going to happen. Then we'll over-react," retired Air Force General Michael Hayden told a forum on cyber deterrence hosted by the Potomac Institute for Policy Studies.

Michael Tiffany, chief architect at Recursion Ventures, said in regards to malicious code insertions in critical systems that "force multiplication is cheap. And there are no indicators of force buildup." 

The incidents are the latest in a string of attacks targeting government facilities and defense contractors.

Early last month defense contractor Lockheed disabled their employees remote access privileges while the company reissued new SecurID tokens to all telecommuting workers after detecting unauthorized access attempts.

Defense contractor Northrop Grumman also reportedly disabled remote access to company networks, and L-3 Communications reported that the company had suffered a network breach stemming from cloned RSA SecurID tokens.

Also last month, the public facing website at the Y-12 Nuclear Weapons Plant located at the Oak Ridge National Laboratory (ORNL) was temporarily disabled following reports of a cyber attack on Sunday.

The Y-12 facility stores the majority of the nation's bomb-grade uranium, as well as producing replacement hardware to maintain aging nuclear weapons stores.

Officials at ORNL indicate that the systems targeted in the attack contained no sensitive national security data, and that no private or personal information was exposed in the event.

In mid-April, Internet access and email systems where temporarily shut down at the ONRL as investigators looked into events surrounding another reported cyber attack.

Details of the unauthorized access are few, but initial reports indicated that the targeted attack employed an email that may have contained malware.

ORNL was previously hit by a cyber attack in 2007 which resulted in the loss of a large amount of data, and the move to suspend internet access can be chalked up to lessons learned from the Lab's previous experience.

Possibly Related Articles:
4879
Network->General
Defense Government Attacks Headlines Network Security hackers Oak Ridge National Laboratory PNNL Battelle Corp Pacific Northwest National Laboratory
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.