A US Department of Energy probe has revealed that the body tasked with safeguarding nuclear weapons has failed to disclose details on the rising number of cyber-attacks, thus putting the agency's information systems at “increased risk.”
The Government Accountability Office’s investigation discovered that “cyber security incidents were not consistently identified and/or reported…specifically, sites had not always reported cyber incidents in a timely manner.” The audit found that 91 of 223 reported incidents at seven sites belonging to the DOE reported infractions as late as 15 hours after the event.
The probe also revealed that security breaches reported by different federal agencies have skyrocketed almost seven-fold since 2006. The DOE has disclosed over 2,300 cyber security incidents in the timeframe of October 2009 to March 2012. These infractions comprised of “unauthorized access to systems, improper use of computing resources and the installation of malicious software,” the report said.
The US nuclear watchdog uses numerous networks and systems. They are also continuously bombarded with “sophisticated cyber-attacks” that threaten the DOE’s ability to safeguard American nuclear secrets.
The agency is also required under the Federal Information Security Management Act of 2002 to instigate protocols for detecting, reporting and responding to such incidents. This includes alerting and consulting with the federal information security incident centre, Inspectors General as well as law enforcement agencies. The National Nuclear Security Administration (NNSA) is the core shield which safeguards US atomic energy.
But the probe stipulates that “despite our prior recommendations, the Department of Energy and the NNSA had been unable to establish an integrated strategy for incident management.”
Experts believe that these failures did not jeopardize atomic weapons security, but rather "weapons-related information and facility security information could potentially be vulnerable," Steven Aftergood, the director of the Project on Government Secrecy at the Federation of American Scientists told motherjones.com.
In March of this year, an NNSA spokesman told US News and World Report the number of cyber attacks can sometimes reach 10 million per day.
The perpetrators of these attacks remains an open question, but “it's probably not Russia or China,” James Lewis, a senior cyber security expert at the Centre for Strategic and International Studies explains, adding “they've already gotten everything.”