Disclosure Of Numerous Hacks At The U.S. Department Of Energy Renews Cybersecurity Concerns In The Energy Sector

King & Spalding
Contact
LinkedIn
Facebook
X
Send
Embed

Records produced by the U.S. Department of Energy (“DOE”) to USA TODAY under a Freedom of Information Act request revealed over 150 successful cyber intrusions into DOE computer systems between 2010 and 2014.  Concerns about the protection of sensitive data and systems related to the nation’s energy facilities and research comes amidst recent DOE activities to encourage broader adoption of cybersecurity frameworks in the energy sector.     

The DOE records obtained by USA TODAY reflect over 1,130 cyber-attacks over a 48-month period, with 159 successful intrusions.  The DOE has not indicated what, if any, data was stolen during the attacks, but USA TODAY reports that the onslaught of attacks was directed at information systems with sensitive data about the nation's power grid, nuclear weapons stockpile and energy research labs. 

News of these intrusions follows on the heels of a notorious July 2013 attack on the DOE that resulted in the exfiltration of personally identifiable information (“PII”) of over 104,000 individuals, including Social Security numbers, bank account data, dates and places of birth, user names, and answers to security questions.  In addition, a July 31, 2015 report released by the White House in regard to its 30-day Cybersecurity Sprint (launched in the wake of the Office of Personnel Management hacks), ranked the DOE at the very bottom of 24 federal agencies with respect to identity, credential, and access management.

The DOE has been actively encouraging the energy industry to improve cybersecurity risk management programs.  In February 2014, the DOE release a Cybersecurity Capability Maturity Model (C2M2) to enhance the cybersecurity capabilities of the energy sector.  On January 8, 2015, the DOE released Energy Sector Cybersecurity Framework Implementation Guidance, developed with industry participants as an energy sector implementation of the NIST Cybersecurity Framework that also incorporates the DOE’s prior C2M2 guidance.

The risks posed by cyber-attacks against the energy sector, and specifically against the DOE, may prompt the Administration and Congress to take a closer look at the sectors’ cybersecurity posture and current measures in place to manage cybersecurity risks.

Reporter, Mark H. Francis, New York, +1 212 556 2117, mfrancis@kslaw.com.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© King & Spalding | Attorney Advertising

Written by:

King & Spalding
King & Spalding
Contact
more
less

King & Spalding on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide