Here’s the email to DoE employees notifying them of a cyber attack
Below is the email that the Department of Energy sent to its employees notifying them that the personal information about several hundred DoE staff and contractors at the department’s Washington headquarters (shown above) may have been accessed by hackers. You’ll notice that DoE mention who might have been responsible for the attack and it makes ...
Below is the email that the Department of Energy sent to its employees notifying them that the personal information about several hundred DoE staff and contractors at the department's Washington headquarters (shown above) may have been accessed by hackers.
You'll notice that DoE mention who might have been responsible for the attack and it makes no mention of whether classified information regarding nuclear-anything was accessed.
(Several media accounts have said Chinese hackers were to blame and that the cyber attack didn't access nuclear-related information.)
Below is the email that the Department of Energy sent to its employees notifying them that the personal information about several hundred DoE staff and contractors at the department’s Washington headquarters (shown above) may have been accessed by hackers.
You’ll notice that DoE mention who might have been responsible for the attack and it makes no mention of whether classified information regarding nuclear-anything was accessed.
(Several media accounts have said Chinese hackers were to blame and that the cyber attack didn’t access nuclear-related information.)
You can also see that DoE is in the early stages of figuring out the details and full extent of the attack. From the early reports, it sounds like this could have been a spear phishing email attack. If that’s the case, an employee at DoE likely got a professional sounding email with a special file attached that contained malware, once the staffer clicked on the file, the hackers were into the department’s networks. What would hackers/spies want with staffers’ and contractors’ email and the info contained within? For one thing, they could use it to crack security safeguards to other networks that contain classified information.
Click here to read an article about DoE’s Inspector General’s report on the department’s cyber security practices from last fall that points out a bunch of cyber vulnerabilities.
Here’s the email:
The Department of Energy (DOE) has just confirmed a recent cyber incident that occurred in mid-January which targeted the Headquarters’ network and resulted in the unauthorized disclosure of employee and contractor Personally Identifiable Information (PII).
The Department is strongly committed to protecting the integrity of each employee’s PII and takes any cyber incident very seriously. The Department’s Cybersecurity Team, the Office of Health, Safety and Security and the Inspector General’s office are working with federal law enforcement to promptly gather detailed information on the nature and scope of the incident and assess the potential impacts to DOE staff and contractors. Based on the findings of this investigation, no classified data was compromised.
We believe several hundred DOE employees’ and contractors’ PII may have been affected. As individual affected employees are identified, they will be notified and offered assistance on steps they can take to protect themselves from potential identity theft.
Once the full nature and extent of this incident is known, the Department will implement a full remediation plan. As more specific information is gathered regarding affected employees and contractors, the Department will make further notifications.
The Department is also leading an aggressive effort to reduce the likelihood of these events occurring again. These efforts include leveraging the combined expertise and capabilities of the Department’s Joint Cybersecurity Coordination Center to address this incident, increasing monitoring across all of the Department’s networks and deploying specialized defense tools to protect sensitive assets.
Cybersecurity is a shared responsibility, and we all play an important role in maintaining the integrity and security of our networks. To help minimize impacts and reduce any potential risks, please keep the following best practices in mind:
Encrypt all files and emails containing PII or sensitive information, including files stored on hard drives or on the shared network.
Do not store or email non-government related PII on DOE network computers.
John Reed is a national security reporter for Foreign Policy. He comes to FP after editing Military.com’s publication Defense Tech and working as the associate editor of DoDBuzz. Between 2007 and 2010, he covered major trends in military aviation and the defense industry around the world for Defense News and Inside the Air Force. Before moving to Washington in August 2007, Reed worked in corporate sales and business development for a Swedish IT firm, The Meltwater Group in Mountain View CA, and Philadelphia, PA. Prior to that, he worked as a reporter at the Tracy Press and the Scotts Valley Press-Banner newspapers in California. His first story as a professional reporter involved chasing escaped emus around California’s central valley with Mexican cowboys armed with lassos and local police armed with shotguns. Luckily for the giant birds, the cowboys caught them first and the emus were ok. A New England native, Reed graduated from the University of New Hampshire with a dual degree in international affairs and history.
More from Foreign Policy
Is Cold War Inevitable?
A new biography of George Kennan, the father of containment, raises questions about whether the old Cold War—and the emerging one with China—could have been avoided.
So You Want to Buy an Ambassadorship
The United States is the only Western government that routinely rewards mega-donors with top diplomatic posts.
Can China Pull Off Its Charm Offensive?
Why Beijing’s foreign-policy reset will—or won’t—work out.
Turkey’s Problem Isn’t Sweden. It’s the United States.
Erdogan has focused on Stockholm’s stance toward Kurdish exile groups, but Ankara’s real demand is the end of U.S. support for Kurds in Syria.