Week of December 21, 2020

Assessing the Seriousness of the Latest Cyberattacks

In addition to the rising Covid-19 case numbers in US and most of the world during this holiday season, the US and others have suffered a rash of cyberattacks.  The Washington Post indicates that the ones targeting the US were initiated by a Russian group.  But many of the hacker’s targets are involved in national security, so the public will never know the true impact or the allegiance of the hackers.  However, some think that this may have been initiated by Iran in retaliation for attacks on its nuclear infrastructure.

It appears that some of the targets for the attacks included the Federal Energy Regulatory Commission, Treasury Department, Commerce Department, National Nuclear Security Administration, Sandia and Los Alamos national laboratories, the Office of Secure Transportation, and the Richland field office of the Department of Energy.  It appears that over 18,000 customers were affected.  The attacks took place in the spring of 2020, when the nation was paying more attention to the Corona virus.

A press release from the FBI, Director of National Security, and the Cybersecurity and Infrastructure Security Agency was released on December 16th.  It suggested that government agencies disconnect or power down SolarWinds Orion products.  Aside from that, it was vague about the threat or what agencies have been penetrated.

According to the New York Times, the attack was a “Supply Chain Attack” where the attack is against a commercial product that will inevitably be downloaded to government computer systems.  The Times said the style of the attack was like that used by the Russian intelligence agency known as SVR.

The attackers gained access to SolarWinds software before updates were made available to customers.  The customers then downloaded a corrupted version of the software, which contained a backdoor for the hackers to gain access to the customers’ computers.

Although the government has been closed mouthed on the level of damage, some are indicating that this may be the worst cyberattack in US history.  John Hopkins cyberattack expert Thomas Rid said the number of documents obtained by the attacker is “several Washington Monument piles of documents.”

The US is not the only country to recently experience cyberattacks.  The Times of Israel reported that over 40 Israeli companies were hacked.  The attacks were against the logistical infrastructure, not defense agencies.  One attack earlier this year was against Israel’s water infrastructure.

Reports say Iran is the likely culprit


Accessing the Potential Damage

Although the US government has been reticent to give any idea of the impact of this attack, Senator Angus King (I Maine) said “the attack unfortunately represents a broad and successful espionage-based assault on both the confidential information of the US government…ongoing investigations reveal an attack that is remarkable for its scope, sophistication, and impact.”

However, a possible idea of the impact can be understood if we look at one of the targets to see what sort of intelligence that the hackers might want and what they were possibly able to obtain.

One of the targets was the small, highly secret National Nuclear Security Administration (NNSA).  Officially, their job is to maintain and enhance, “the safety security, and effectiveness of the US nuclear weapons stockpile.”  It was created in 1999 after the loss of nuclear secrets to China during the Clinton Administration.

Although the agency likes to point to its mission to reduce the threat of nuclear warfare and to respond to radiological emergencies in the US and abroad, the key mission is to manage the American nuclear weapons stockpile and ensure that the weapons are operational.  They are also responsible for the naval nuclear reactors found in American submarines and aircraft carriers.

NNSA has also undergone some internal upheaval as its head. Lisa Gordon-Hagerty, was forced out last month in a bureaucratic turf war with Secretary of Energy Dan Brouilette.  There have also been bureaucratic turf wars over how much control the Department of Defense or Department of Energy should have over the NNSA.  Until this year, the agency was quasi-independent.  Now the Department of Energy has more control over the agency – something the galled the NNSA.

As small as the NNSA is (It only has about 2,000 employees), it has a major impact on US nuclear weapons custody, testing, and design.

The following is a list of its responsibilities and how a cyber-attack could compromise its mission.

Ensuring weapons in the nuclear stockpile are operational.  Nuclear weapons are more like a loaf of bread in that they do decay over time.  Critical elements like tritium and plutonium decay and, in the case of plutonium, can even change physical characteristics, which impact the effectiveness of the weapon.  The NNSA must decide when the nuclear weapons decay enough to warrant maintenance to remain reliable.

Since the US no longer carries out nuclear tests, the government must use sophisticated computer software to determine if stored nuclear weapons are still effective.

A hacker could possible learn how the US government simulates the testing of nuclear devices.  This would give an insight into the construction of US nuclear weapons and how to carry out the computer simulation.  This would allow hackers, who are working for a country developing nuclear weapons, to develop computer simulations to verify bomb designs without actual testing.

Help design new nuclear weapons.  The NNSA has software that can help design nuclear weapons and help calculate their potential yield.  This software would give an idea of American nuclear capabilities as well as helping a nation that is designing nuclear weapons.

Develop nuclear reactors for the US Navy.  Aside from the computer software that NNSA uses to design and develop naval reactors, the hackers could also learn the power and performance of the reactors, which could give other nations a good idea of the performance of US submarines and aircraft carriers.

Movement of nuclear materials.  Any information on the movement of nuclear materials could be used to hijack the shipment.  Personal information on the armed guards could be used to target them for subversion.

Waste disposal.  NNSA is responsible for disposing low level radiological materials.  These materials would be of use for a hostile group that wants to build a radiological weapon (dirty bomb) to contaminate a large area.

Remote sensing.  NNSA leads in remote sensing for potential nuclear threats.  Nations that gain insight into how the US detects nuclear activities could better hide their activities.

Subcritical testing.  Nuclear testing where no critical mass is formed or where no self-sustaining nuclear reaction occurs is allowed under international agreement.  These tests take place underground in Nevada in the U1a tunnel complex 900 feet below the surface.

These tests are also critical for the development of Fourth Generation Nuclear Weapons.

The results of these subcritical tests would be of immense value to nations involved in nuclear weapons development – especially fourth generation weapons.

Custom fabrication.  The NNSA has a machine shop in Nevada that produces highly classified assemblies for nuclear devices.  Hackers could gain considerable information on America’s nuclear testing program and the development of new nuclear weapons from such information.

National Ignition Facility.  This facility is concerned with using a high-powered laser to simulate the compression of the primary in a nuclear device by high explosives.  This allows a way of studying what happens in a nuclear device in the first few milliseconds of a nuclear explosion.

The studies at this facility are important for nuclear weapon maintenance.  Hackers could use the information to maintain a nuclear weapons stockpile that can be expected to reliably work.

Although the US government has insisted that they do not know what the potential threat to US security has occurred from the hack, it is clear that the threat is much greater than they are willing to admit.

The NNSA itself has information that would be of immense value to any nation, especially those who currently have or are developing nuclear weapons.  Not all that information would necessarily be top secret.  Even mundane information, in the hands of nuclear physicists would provide considerable intelligence to another country.

The NNSA is only one of several national security agencies that were penetrated by these hackers.  If the type of information that was available from the NNSA is an example of what the hackers retrieved, the US has a major security problem.

The impact of this massive hacking will not be known for years to come.