U.S. Energy Department probes hack, says no threat to national security

By Timothy Gardner

WASHINGTON (Reuters) - The U.S. Department of Energy said on Thursday it was responding to a cyber breach that was part of the suspected Russian campaign hitting other government agencies, but that the attack was isolated to its business networks.

"At this point, the investigation has found that the malware has been isolated to business networks only, and has not impacted the mission essential national security functions of the Department," spokeswoman Shaylyn Hynes said in a statement.

The DOE is the latest U.S. federal agency that has confirmed it was attacked in hacks of SolarWinds software. Systems at the Commerce Department and Treasury Department have also been breached.

Hynes said that security functions at the National Nuclear Security Administration, or NNSA, a branch of the department that manages the country's nuclear weapons arsenal, was not impacted.

Senator Deb Fischer, a Republican who is the chair of the subcommittee that oversees nuclear forces, said she was confident in the security of U.S. nuclear weapons, but was "troubled" that hackers accessed NNSA's network.

The hack "reinforces the need to modernize our nuclear enterprise in order to ensure it remains safe, secure, and effective in the face of evolving threats," said Fischer, who has requested a briefing from the DOE.

Hackers believed to be working for Russia have been monitoring internal email traffic at U.S. agencies in breaches being investigated by the FBI.

Politico reported that hackers were able to do more damage to networks at the DOE's Federal Energy Regulatory Commission, or FERC, than any other branch of the agency. It also said the department's Sandia and Los Alamos labs were hacked.

Hynes referred questions about FERC to officials there who did not immediately comment. FERC regulates transmission of gas and power between states, but has no control over the U.S. or regional power grids.

Software that DOE officials identified as being vulnerable to the attack was disconnected from the department's network and "immediate action was taken to mitigate the risk," Hynes said.

(Reporting by Timothy Gardner, additional reporting by Eric Beech and Jonathan Landay, Editing by Rosalba O'Brien)