Defense Research Lab Back Online After Attacks

Monday, July 18, 2011



In early July two government research labs and a defense contractor were the targets of attacks against their information systems.

Nearly two weeks after an Advanced Persistent Threat (APT) attack caused officials to take systems offline at the Energy Department’s Pacific Northwest National Laboratory (PNNL), nearly all systems have been restored to normal operating parameters.

The unauthorized access events also occurred at the Battelle Corp - a government contractor that manages PNNL, and the Thomas Jefferson National Laboratory

“Access to the Internet from PNNL’s network computers was re-enabled late Thursday afternoon. Additionally, most of PNNL’s external websites are operational,” said lab spokesman Geoff Harvey.

Systems at Battelle and the Jefferson labs were restored previously. Officials indicate the labs only suffered a low level exfiltration, and that no sensitive materials were compromised in the attacks.

Attacks against critical defense entities is a growing area of concern the nation seeks to bolster detection and mitigation strategies.

The incidents are the latest in a string of attacks targeting government facilities and defense contractors.

Early last month defense contractor Lockheed disabled their employees remote access privileges while the company reissued new SecurID tokens to all telecommuting workers after detecting unauthorized access attempts.

Defense contractor Northrop Grumman also reportedly disabled remote access to company networks, and L-3 Communications reported that the company had suffered a network breach stemming from cloned RSA SecurID tokens.

Also last month, the public facing website at the Y-12 Nuclear Weapons Plant located at the Oak Ridge National Laboratory (ORNL) was temporarily disabled following reports of a cyber attack on Sunday.

The Y-12 facility stores the majority of the nation's bomb-grade uranium, as well as producing replacement hardware to maintain aging nuclear weapons stores.

Officials at ORNL indicate that the systems targeted in the attack contained no sensitive national security data, and that no private or personal information was exposed in the event.

In mid-April, Internet access and email systems where temporarily shut down at the ONRL as investigators looked into events surrounding another reported cyber attack.

Details of the unauthorized access are few, but initial reports indicated that the targeted attack employed an email that may have contained malware.

ORNL was previously hit by a cyber attack in 2007 which resulted in the loss of a large amount of data, and the move to suspend internet access can be chalked up to lessons learned from the Lab's previous experience.

Possibly Related Articles:
Defense Government Attacks Advanced Persistent Threats Headlines Network Security National Security Pacific Northwest National Laboratory
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.