Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
DHS: Physical Security a Concern in Johnson Controls Cyberattack
An internal memo cites DHS floor plans that could have been accessed in the breach.
2 Min Read
Source: GK Images via Alamy Stock Photo
In the latest development around the cyberattack impacting Johnson Controls International (JIC), officials at the Department of Homeland Security (DHS) are now reportedly concerned that the attack may have affected sensitive physical security information.
Johnson Controls serves as a government contractor, providing building automation services to facilities, such as HVAC, fire, and security equipment. Due to the nature of those services, officials at DHS are raising concerns about compromised information such as DHS floor plans. According to media reports, officials detailed in an internal memo that Johnson Controls holds "classified/sensitive contracts for DHS that depict the physical security of many DHS facilities."
It is still unclear as to what information was accessed in the breach, which is believed to be a ransomware attack, but the memo stated that "until further notice, we should assume that [the contractor] stores DHS floor plans and security information tied to contracts on their servers."
Concerns are more heightened due to a potential government shutdown, which could begin this coming Sunday, making the incident not only a security issue, but a time sensitive one. More than 80% of the Cybersecurity and Infrastructure Security Agency (CISA) workforce will be furloughed should this shutdown go into effect, and cyberattacks across the nation's software supply chain would put critical infrastructure at risk.
"There is absolutely a trend emerging in ransomware attacks with cybercriminals going deeper into their victims' systems to deal a more crippling blow," noted John Gunn, CEO at Token, in an emailed statement, underscoring the harsh levels cybercriminals are willing to go to in their attacks, including those against government agencies.
This incident highlights the executive order President Biden issued in 2021 for federal agencies to bolster their cybersecurity safeguards, and brings into question the security of third-party suppliers and contractors.
About the Author(s)
You May Also Like
More Insights
Webinars
Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024
Events
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024
