DHS investigating whether floor plans and other security information were exposed in ransomware attack on contractor CNN Politics

p
Senior Department of Homeland Security officials are working to determine whether a ransomware attack on government contractor Johnson Controls International has compromised sensitive physical security information such as DHS floor plans according to internal DHS correspondence reviewed by CNN
pp
Johnson Controls a major manufacturer of alarm and building automation systems âholds classifiedsensitive contracts for DHS that depict the physical security of many DHS facilitiesâ according to the internal memo
pp
The looming potential government shutdown â which could start on Sunday morning barring a deal struck in Congress â makes it âespecially time sensitiveâ to determine which DHS offices might be affected by the ransomware attack the memo said
pp
âUntil further notice we should assume that the contractor stores DHS floor plans and security information tied to contracts on their serversâ the memo said But it was unclear whether the cybercriminal hackers accessed that information âWe do not currently know the full extent of the impact on DHS systems or facilitiesâ it states
pp
The incident is a stark reminder for US officials of the cybersecurity risks they take on by working with private contractors for key government services The Biden administration has tried to tighten cybersecurity for government contractors by compelling them to meet a minimum set of security standards
pp

Chinese hackers stole 60000 emails from senior State Department officials in May
pp
Ransomware gangs often target US government contractors because of the sensitive data they hold which can increase their leverage in ransom negotiations But itâs unclear whether the hackers in this case have demanded a ransom
pp
The cyberattack hit Johnson Controls in the last week causing disruptions to internal IT systems and knocking some of the companyâs subsidiary websites offline
pp
The incident is expected to continue to cause disruptions to some of Johnson Controlsâ business operations the company said in a filing with the US Securities and Exchange Commission on Wednesday Johnson Controls has hired âexternal cybersecurity expertsâ to recover from the âcybersecurity incidentâ and is in touch with its insurers the SEC filing said
pp
A DHS spokesperson told CNN on Friday âWe are assessing the potential impacts of this incident and implementing additional safeguards to our layered security model This was not a breach of any DHS network or systemâ
pp
Trent Perrotto a spokesperson for Johnson Controls International declined to comment when CNN asked what DHS data the company stores and whether sensitive physical security information was compromised in the cyberattack Perrotto referred CNN to the companyâs SEC filing
pp
CNN could not independently confirm which cybercriminal group was responsible for the breach of Johnson Controls
pp
DHS officials are also checking to see whether any personally identifiable information of DHS officials was swept up in the hack according to the internal correspondence reviewed by CNN
pp
This story has been updated with additional developments
pp 2023 Cable News Network A Warner Bros Discovery Company All Rights Reserved CNN Sans â  2016 Cable News Networkp