Millions of computer-based assaults each day hit computers for the agency charged with managing the U.S. nuclear arsenal, U.S. News & World Report on Tuesday quoted National Nuclear Security Administration personnel as saying .
Agency Administrator Thomas D'Agostino said his office must deal with computer strikes from a "full spectrum" of sources.
"They're from other countries' (governments), but we also get fairly sophisticated nonstate actors as well," he said. "The (nuclear) labs are under constant attack, the Department of Energy is under constant attack."
As many as 10 million "security significant cyber security events" afflict the nation's nuclear security enterprise every 24 hours, an NNSA spokesman added.
"Of the security significant events, less than 100th of a percent can be categorized as successful attacks against the nuclear security enterprise computing infrastructure," the spokesman said. The figure means that as many as 1,000 "successful" strikes might take place in one day.
The Obama administration has requested a $155 million in NNSA computer security funding for fiscal 2013, a $29 million increase over the current appropriation. An "incident response center" established by the semiautonomous Energy Department office is charged with spotting and addressing electronic assaults.
Computer attackers last April obtained a few megabytes of information from the Oak Ridge National Laboratory in Tennessee, D'Agostino said. Facility personnel were barred from Internet use after the incident.
"All it takes is one person to let their guard down," the official said. "This is going to be, in my view, an ever-growing area of concern."
Most of the millions of regular strikes on NNSA systems are probably self-operating programs "constantly scanning the Internet looking for vulnerabilities," said Adam Segal, a computer defense specialist with the Council on Foreign Relations.
"The numbers are kind of inflated on that front," he said, adding that a lack of normal Internet connections to nuclear weapons systems make the firing of a nuclear bomb by electronic infiltrators highly improbable.
The nuclear agency indicated it had no knowledge of malicious software capable of firing a nuclear weapon. It added, though, that the "Stuxnet worm is a very real example of how sophisticated malware can cause physical damage to industrial systems".
"Stuxnet showed that airgapping is not a perfect defense," Segal added, referring to the practice of isolating computers from outside networks. "Even in secure systems, people stick in their thumb drives, they go back and forth between computers. They can find vulnerabilities that way. If people put enough attention to it, they can possibly be penetrated."
The expert said an effective attack would require an extensive understanding of Energy Department computer systems.
"There'd probably have to be a state-based actor behind it. You have to understand a lot about the systems," Segal said. "Hacking into the Department of Energy and looking for nuclear secrets -- how to build a bomb, is probably much easier than trying to take over a bomb or a launch code, and probably of more interest to the Russians or the Chinese or the Iranians".
http://www.nti.org/gsn/
Agency Administrator Thomas D'Agostino said his office must deal with computer strikes from a "full spectrum" of sources.
"They're from other countries' (governments), but we also get fairly sophisticated nonstate actors as well," he said. "The (nuclear) labs are under constant attack, the Department of Energy is under constant attack."
As many as 10 million "security significant cyber security events" afflict the nation's nuclear security enterprise every 24 hours, an NNSA spokesman added.
"Of the security significant events, less than 100th of a percent can be categorized as successful attacks against the nuclear security enterprise computing infrastructure," the spokesman said. The figure means that as many as 1,000 "successful" strikes might take place in one day.
The Obama administration has requested a $155 million in NNSA computer security funding for fiscal 2013, a $29 million increase over the current appropriation. An "incident response center" established by the semiautonomous Energy Department office is charged with spotting and addressing electronic assaults.
Computer attackers last April obtained a few megabytes of information from the Oak Ridge National Laboratory in Tennessee, D'Agostino said. Facility personnel were barred from Internet use after the incident.
"All it takes is one person to let their guard down," the official said. "This is going to be, in my view, an ever-growing area of concern."
Most of the millions of regular strikes on NNSA systems are probably self-operating programs "constantly scanning the Internet looking for vulnerabilities," said Adam Segal, a computer defense specialist with the Council on Foreign Relations.
"The numbers are kind of inflated on that front," he said, adding that a lack of normal Internet connections to nuclear weapons systems make the firing of a nuclear bomb by electronic infiltrators highly improbable.
The nuclear agency indicated it had no knowledge of malicious software capable of firing a nuclear weapon. It added, though, that the "Stuxnet worm is a very real example of how sophisticated malware can cause physical damage to industrial systems".
"Stuxnet showed that airgapping is not a perfect defense," Segal added, referring to the practice of isolating computers from outside networks. "Even in secure systems, people stick in their thumb drives, they go back and forth between computers. They can find vulnerabilities that way. If people put enough attention to it, they can possibly be penetrated."
The expert said an effective attack would require an extensive understanding of Energy Department computer systems.
"There'd probably have to be a state-based actor behind it. You have to understand a lot about the systems," Segal said. "Hacking into the Department of Energy and looking for nuclear secrets -- how to build a bomb, is probably much easier than trying to take over a bomb or a launch code, and probably of more interest to the Russians or the Chinese or the Iranians".
http://www.nti.org/gsn/
