Security experts warn of long-term risk tied to Energy Department breach
As it became clear that the Department of Energy was part of the ongoing SolarWinds hack, it prompted concern among industry and government security experts that the nation’s critical infrastructure, including the electric grid, nuclear systems and power plants might have been compromised.
The DOE formally confirmed the hackers’ tentacles had reached into the agency, noting that the malware injected had been isolated to its business networks and hadn’t impacted mission-critical national security functions of the National Nuclear Security Administration (NNSA) and other departments. Nonethless, security experts warn of the long-term implications of the breach.
“This could be a more concerning situation in which Russia isn’t revealing all their cards to ensure long-term access into networks that house some of our nation’s most sensitive data and potentially to conduct significantly more problematic operations,” said Jamil Jaffer, former senior counsel to the House Intelligence Committee, currently serves as senior vice president for strategy, partnerships and corporate development at IronNet. He believes the hack is mainly an intelligence collection operation with no evidence that data had been deleted, destroyed, manipulated or modified, but cautioned the U.S. shouldn’t drop its guard.