A research and development consultancy that works with the Department of Energy and National Nuclear Security Administration is investigating a cyber breach.
In a statement to this publication, Sol Oriens said it had appointed a technology forensics firm to investigate the incident, and that law enforcement agencies had been informed. The company became aware of the breach last month.
Sol Oriens is a New Mexico-headquartered consulting company that provides services to federal government agencies including program management, technology management, weapons R&D and product engineering.
“Upon detecting suspicious activity within our network environment, our IT professionals immediately secured the system and we quickly recovered priority company systems.
“The investigation is ongoing, but we recently determined that an unauthorized individual acquired certain documents from our systems. Those documents are currently under review, and we are working with a third-party technological forensic firm to determine the scope of potential data that may have been involved,” a spokesperson for the contractor said.
Sol Oriens added that to date it has no indication that the incident involves client classified or critical security-related information. The consultancy firm said also that it would notify affected individuals and entities once the forensic investigation into the cyberattack concludes.
A DOE spokesperson said: “The Department of Energy is aware of the cyberattack against Sol Oriens, a veteran-owned consulting firm whose clients include the Department of Energy and the National Nuclear Security Administration.
“There is no evidence that any DOE or NNSA data was compromised and there is no risk or impact to any government systems. We continue to stay in close communication with Sol Oriens,” the spokesperson added.
The NNSA helps to manage the safety of the U.S.’s nuclear stockpile and is a semi-autonomous agency within the DOE, according to its website. It works closely with the Department of Defense and national labs on nuclear safety and use, including nuclear propulsion in the Navy and the country’s emergency response to nuclear incidents.
Hackers have found a path of least resistance by targeting small subcontractors that often do not have the resources for extensive cybersecurity defenses. Last month hackers targeted USAID by compromising an account held with email marketing company Constant Contact.
The DOE has a cybersecurity test called the “Cybersecurity Capability Maturity Model (C2M2),” companies can voluntarily use to assess the security of their networks.
News of the Sol Oriens breach was first reported by CNBC last Friday.