Nuclear weapons agency hacked amid barrage of cyber attacks on U.S. government: report

The U.S. Department of Energy (DOE) and National Nuclear Security Administration (NNSA), which oversees the United States’ massive nuclear weapons stockpile, have evidence that hackers breached their networks as part of an far-reaching espionage operation that has impacted at least six federal agencies, officials directly familiar with the matter told Politico in an exclusive report published Thursday afternoon.

DOE and NNSA officials on Thursday started coordinating notifications about the breach to their congressional oversight bodies after being briefed by the chief information officer at the DOE, Rocky Campione, Politico reports.

They found suspicious activity in networks belonging to the Federal Energy Regulatory Commission (FERC), Sandia and Los Alamos national laboratories in New Mexico and Washington, the Office of Secure Transportation at NNSA, and the Richland Field Office of the DOE, according to the report.

The hackers have been able to inflict more damage at FERC than the other agencies, and officials there have evidence of highly malicious activity, the officials said, but did not elaborate, the report says.

Furthermore, the officials said that the Cybersecurity and Infrastructure Security Agency (CISA), which has been helping to manage the federal response to the wide-scale hacking campaign, signaled to FERC this week that CISA was overwhelmed and might not be able to allocate the necessary resources to respond. Even though FERC is a semi-autonomous agency, the DOE will therefore be allocating extra resources to FERC to help investigate the hack, the officials told Politico.

Several top officials from CISA, including its former director Christopher Krebs, have either been pushed out by the Trump administration or resigned in recent weeks.

Federal investigators have been combing through networks in recent days to determine what hackers had been able to access and/or steal, and officials at the DOE still don’t know whether the attackers were able to access anything, the people said, noting that the investigation is ongoing and they may not know the full extent of the damage “for weeks.”

DOE officials were planning on Thursday to notify the House and Senate Energy committees, House and Senate Energy and Water Development subcommittees, House and Senate Armed Services committees, and the New Mexico and Washington State delegations of the breach, the officials told Politico.

You can follow Douglas Braff on Twitter @Douglas_P_Braff.