BOSTON (Reuters) - Two U.S. government-funded research laboratories and a defense contractor were targets of a “highly sophisticated” cyber attack last week, representatives of the organizations said, the latest in a string of assaults on U.S. interests.
The attacks struck Pacific Northwest National Laboratory (PNNL) in Richland, Washington; Thomas Jefferson National Laboratory in Newport News, Virginia and Battelle Corp, a government contractor that manages PNNL.
The three shut down Internet access on Friday, when they became aware of the attacks, they said. The two laboratories have yet to restore access to their external websites.
“The good news is no classified information has been compromised or is in danger from this attack,” said PNNL spokesman Greg Koller. “At this time, we have not found any indication of ‘exfiltration’ of information from our unclassified networks as well.”
The attack follows cyber assaults that shut down network access at Lockheed Martin Corp, the Pentagon’s No. 1 supplier by sales, and the Oak Ridge National Laboratory, which is managed by UT-Battelle for the U.S. Energy Department.
In Washington, retired Air Force General Michael Hayden, a former director of central intelligence and ex-head of the Pentagon’s National Security Agency, said on Wednesday that growing cyber threats were pushing security planners into uncharted territory.
“This is really hard for us to think about,” he told a forum on cyber deterrence hosted by the Potomac Institute for Policy Studies, a nonpartisan research group focused on science and technology. “If we don’t act boldly, something really bad is going to happen. Then we’ll over-react.”
James Mulvenon, a specialist on the Chinese military and Chinese cyber issues at Defense Group Inc, a consultant to the U.S. intelligence community, told the same forum that the United States must operate on the assumption that its networked systems already have been penetrated by foes.
U.S. strategy, he said, should be to enhance “resilience” so that the United States can recover relatively quickly from possible cyber-enabled attack.
Recently, a group of private experts briefed a U.S. intelligence audience about how they could go 90 percent of the way toward bringing down a major U.S. city’s vital systems without anyone being able to tell, Michael Tiffany, a cyber security expert, told the session.
“Force multiplication is cheap,” said Tiffany, chief architect at Recursion Ventures, a security technologies company. “And there are no indicators of force buildup” when malicious code is carefully inserted into a system.
Reporting by Jim Finkle in Boston and Jim Wolf in Washington; Editing by Derek Caney, Richard Chang and Tim Dobbyn