Department of Energy

Wising Up Uncle Sam to Cybertricks

November 22, 2011

You are here

Oak Ridge National Laboratory’s main entrance is marked by a limestone sign. Several new buildings visible in the background house more than 1,000 of the lab’s 4,300 employees. | Photo courtesy of Oak Ridge National Laboratory

Oak Ridge National Laboratory’s main entrance is marked by a limestone sign. Several new buildings visible in the background house more than 1,000 of the lab’s 4,300 employees. | Photo courtesy of Oak Ridge National Laboratory

Ed. note: This was cross-posted on The Washington Times

Oak Ridge National Laboratory has played an important role protecting America's national security and promoting U.S. innovation and prosperity since World War II and the Manhattan Project. The lab's researchers have achieved countless advances in nuclear energy and nuclear security. It is home to one of the world's fastest supercomputers. And its scientists and engineers continue to pursue groundbreaking innovations in science and energy every day.

Unfortunately, these strengths also make the lab the focus of unwanted attention from our adversaries. That is what we saw happen last April when foreign cyberspies attacked the laboratory using a common hacker trick: sending a fake email as a way of stealing documents from the lab's network. In this way, a simple email that appeared to be from the human resources department was really a devious weapon targeting our national security.

While the attackers failed in their attempts to secure sensitive and classified documents, the laboratory did have to disconnect from the Internet for several days to stop the theft and clean the network.

You might ask why such a common hacker trick still works. As has been the case for generations, clever enemies and new methods of deception can still find and exploit people's weaknesses.

New technologies, however, do offer cybersecurity protections even if an individual doesn't recognize that there's a problem. By automatically spotting the damaging software or virus and quarantining the email until it can be neutralized, these systems are making our information networks more secure.

Federal agencies are already working together to apply this technology to government networks, to prevent confidential or national security information from falling into the hands of our adversaries.

But we need to do more. In the United States, the private sector owns most of our critical infrastructures, including transportation, communications and electric power systems. The federal government should continue to expand our partnerships with industry to deploy these cybersecurity technologies and help to secure these essential infrastructure services from hackers.

In addition, it is important for all of us - in both the public and private sectors - to share information quickly about new cybersecurity threats as they arise. Because the technology works most effectively when it is updated frequently to account for new viruses, this information sharing helps to make all of our systems more secure. As in many arenas, security in cyberspace is not just a government imperative, it is a societal endeavor.

Congressional leaders wisely urged President Obama and the federal government to address these issues. We responded in May with a legislative proposal giving the secretary of homeland security new authorities to protect government networks from intrusions, to work with critical infrastructure companies to improve their cybersecurity, and to permit information sharing about threats.

The bill recognizes that the government must take special care to protect the privacy and civil liberties of our citizens, even as we recognize the great importance of defending the nation against cybersecurity and privacy attacks from our adversaries.

Encouragingly, a strong bipartisan consensus in Congress supports cybersecurity reform. A Republican task force in the House published a report last month on the pressing need to improve cybersecurity. The Senate has also taken significant steps toward tackling this issue. During a mid-October meeting with leaders from the Obama administration, a bipartisan group of senators agreed to work together to pass a cybersecurity bill as quickly as possible.

Congress should act now. The web of interconnections that bind society - from energy to financial services to transportation - demands an integrated approach that cuts across federal agencies and involves all relevant committees in Congress.

This national threat demands a national, bipartisan approach. For two generations, our leaders came together across party lines to respond as one nation to Cold War security threats. We can afford no less today.