Shows & Panels
- AFCEA Answers
- Ask the CIO
- The Big Data Dilemma
- Carrying On with Continuity of Operations
- Connected Government
- Constituent Servicing
- Continuous Monitoring: Tools and Techniques for Trustworthy Government IT
- The Cyber Imperative
- Cyber Solutions for 2013 and Beyond
- The Data Privacy Imperative: Safeguarding Sensitive Data
- Expert Voices
- Federal Executive Forum
- Federal IT Challenge
- Federal Tech Talk
- Mission-critical Apps in the Cloud
- The Modern Federal Threat Landscape
- The Path from Legacy Systems
- The Real Deal on Digital Government
- The Reality of Continuous Monitoring... Is Your Agency Secure?
- Veterans in Private Sector: Making the Transition
Shows & Panels
Hackers break into Energy's computer networks, put employees at risk
Friday - 8/16/2013, 4:36pm EDT
"Individual notifications to affected current employees will begin no later than this Friday, Aug. 16, and will be completed by Aug. 30," stated an internal Energy Department email sent to employees earlier this week, which was obtained by Federal News Radio. "While a significant number of employees whose information may have been affected may no longer be employed by the department, it will be necessary to obtain current contact information in order to notify these personnel. The individual notification process for former employees will begin this week."
DoE told employees it is working with federal law enforcement agencies to find out more about the hacking incident, which happened at the end of July.
"No classified data was targeted or compromised," the email stated. "Once the full nature and extent of this incident is known, the department will implement a full remediation plan."
This is yet another in a growing list of hacking incidents for Energy in the last couple of years.
In February, Energy said the attack disclosed employee PII, but didn't offer any details of how many or which parts of the agency were affected.
In June 2012, the FBI charged a man for trying to sell access to DoE's network to an undercover agent.
In 2011, Energy's lab went offline for almost two weeks after a cyber attack against the Northwest National Laboratory in Washington state limited Internet access and took down its website.
The Energy Inspector General reported in December that the department lacked a unified cybersecurity incident management strategy. Auditors said Energy maintained a number of independent, at least partially duplicative, cybersecurity incident management capabilities that created inefficiencies in the process and security of the network.
Since the report, Energy CIO Bob Brese told Federal News Radio in December he's trying to modernize the agency's network in layers and start up a new security operations center. Energy created a Joint Cybersecurity Coordination Center that consolidated its reporting and information sharing across all of DoE, including its labs and offices.
Former Energy Chief Information Security Officer Gil Vega said in April Energy faced a zero day attack earlier this year and responded quickly because of the cyber threat intelligence coming from the coordination center.