“Out of an abundance of caution, EDA isolated its network systems by removing all network connectivity,” Commerce spokesman Brad Carroll said in a statement Thursday. A temporary, bare-bones Web site is providing contact information for the small agency and data on federal funding opportunities.
Commerce officials said they have brought in a team of outside experts to help the agency restore the networks. The agency still does not know whether information has been stolen and why the 215-person agency was targeted.
Employees were advised how to protect their personal information, officials said. Computer security experts pointed to a cyberattack as the most likely cause.
The disruption comes as the development bureau accelerates a regional initiative, i6 Green, aimed at rewarding communities that push to create clean-energy jobs. EDA employees are communicating with grantees and other federal employees by phone and fax, officials said.
The virus was discovered Jan. 20; computers were disconnected from the network Jan. 24.
In recent years, hackers have penetrated e-mail and other systems at the Defense and State departments, and launched an attack on the computer system of the Bureau of Industry and Security, another Commerce Department bureau that handles sensitive information.
“At this point, what is likely happening is they’re trying to find out who is attacking us, how can we get back online and how do we make sure we get all of the bad guys out of the system,” said Alan Paller, research director of the SANS Institute, a cyber-training school in Bethesda.
The Commerce Department also suffered a wave of security breaches that compromised the names and Social Security numbers of some employees in late 2009 and early 2010. The department was faulted for not informing some employees until almost seven weeks after one breach.
A recent report to Congress blamed China and Russia for an accelerating theft of information from the computer systems of U.S. government agencies, businesses and research institutions. In EDA’s case, confidential business secrets could have been the goal of the attack, security experts said.
“Something has to be really bad in order for the response to be, ‘Let’s disconnect from the Internet,’ ” said Jacob Olcott, a former counsel for the Senate Commerce committee who now works for Good Harbor Consulting, a cyber risk management company.
The EDA posted updates about the disruption on its official Twitter account Jan. 25:
“EDA’s website is experiencing a disruption in service. The agency is working to address the issue and resume normal operations asap.”
A similar message appeared the next day. There have been no other updates.