Report: Nuke regulator hacked three times in three years

The Nuclear Regulatory Commission was hacked three times in the last three years, according to a new report, and two of the attacks were tied to a foreign government.

According to an internal investigation obtained by Nextgov, hackers sent phishing attacks to agency employees that tricked them into clicking on links in emails and giving up account information or distributing bad software.


In one instance, more than 200 agency employees were sent a link that instructed them to verify their account and log in. Another link reportedly connected to a “cloud-based” storage site containing malicious software.

Both attempts were tracked to a foreign country that went unnamed in the NRC’s investigation.

In a third instance that was not traced back to a foreign nation, hackers broke into one employee’s personal email and sent malware to 16 other staffers in his contact list.

In a statement shared with The Hill, NRC spokesman David McIntyre said that the agency is “is always concerned about the potential for cyber intrusions into its computer networks.

“Every NRC employee completes mandatory annual training on computer security that covers phishing, spear phishing and other attempts to gain illicit access to agency networks,” he added. “The NRC’s Computer Security Office detects and thwarts the vast majority of such attempts, through a strong firewall and reporting by NRC employees.

McIntyre said that the “few attempts” captured in the internal report “were detected and appropriate measures were taken.”

Hacks on critical infrastructure networks like power systems have been a concern for the Obama administration, which released a voluntary cybersecurity framework earlier this year to help companies protect their networks.


Updated with NRC comment at 5:24 p.m.