Title: Ransomware Attack on Contractor Johnson Controls Raises concerns about Security of DHS Facilities
Date: June 15, 2023
In an alarming development, the Department of Homeland Security (DHS) is investigating whether a recent ransomware attack on government contractor Johnson Controls International has compromised sensitive physical security information, including DHS floor plans. According to internal DHS correspondence reviewed by CNN, senior officials are addressing the potential ramifications of this cyberattack.
Johnson Controls, a major manufacturer of alarm and building automation systems, holds classified and sensitive contracts for the DHS, which outline the physical security measures for numerous DHS facilities. The internal memo underscored the urgency of determining which DHS offices might be affected by the attack, given the looming potential government shutdown if a deal is not reached in Congress.
The memo advised assuming that Johnson Controls stores DHS floor plans and security information tied to contracts on their servers until further notice. However, it remains unclear if the cybercriminal hackers accessed this sensitive information, and the full extent of the impact on DHS systems or facilities is still unknown.
The incident serves as a stark reminder to US officials about the cybersecurity risks associated with working with private contractors for essential government services. In response, the Biden administration has been striving to tighten cybersecurity measures for government contractors, mandating them to meet a minimum set of security standards.
Ransomware gangs frequently target US government contractors due to the valuable and sensitive data they possess, leveraging it during ransom negotiations. It is uncertain whether the hackers responsible for this attack have demanded a ransom.
The cyberattack on Johnson Controls occurred last week, resulting in disruptions to internal IT systems and the temporary shutdown of some subsidiary websites. The incident is expected to continue causing disruptions to the company’s operations, as mentioned in a filing with the US Securities and Exchange Commission.
Johnson Controls has taken immediate action by engaging external cybersecurity experts to help recover from the cyberattack. The company is also in contact with its insurers to address the incident’s financial aftermath.
As of now, the DHS spokesperson has not responded to requests for comment regarding the incident. Similarly, when CNN inquired about the nature of DHS data stored by Johnson Controls and the potential compromise of sensitive physical security information, the company declined to comment, referring to its SEC filing instead.
The responsibility for the breach of Johnson Controls has not been independently confirmed, raising speculation about the identity of the cybercriminal group involved.
Besides the physical security information, DHS officials are now also investigating whether any personally identifiable information of DHS officials was compromised in the hack, according to internal correspondence.
This incident highlights the critical need for improved cybersecurity measures and collaboration between the government and private contractors to safeguard sensitive information and protect the nation’s critical infrastructure from malicious attacks.