Manuel Pals Sinita/AFP
Department of Homeland Security headquarters in northwest Washington, D.C., on February 25, 2015.
CNN
—
A federal agency responsible for cybersecurity discovered that it had been hacked last month and had to disconnect two major computer systems, an agency spokesman and US officials familiar with the incident told CNN.
One of the affected systems of the US Cybersecurity and Infrastructure Security Agency runs a program that allows federal, state and local officials to share cyber and physical security assessment tools, according to US officials familiar with the matter. The sources said the other carried information about the security assessment of chemical facilities.
A CISA spokesperson said in a statement that there is “no operational impact at this time” from the incident and that the agency continues to “upgrade and modernize our systems.”
“This is a reminder that any organization can be affected by a cyber vulnerability and that having an incident response plan is a necessary component of resilience,” the spokesperson said, adding that the impact of the breach “was limited to two systems, which were immediately taken offline.
Sources told CNN that both systems operate with outdated technology that was already scheduled to be replaced.
CISA, part of the Department of Homeland Security, investigates cyber breaches at federal agencies and advises private critical infrastructure companies on how to strengthen their security.
Register first mentioned On the breakthrough.
It was not immediately clear who was behind the hack, but it occurred through vulnerabilities in the popular virtual private networking software produced by the Utah-based IT company Ivanti. For several weeks, CISA has urged federal agencies and private companies to update their software or take other defensive measures in response to the widespread exploitation of Ivanti vulnerabilities by hackers.
Among the hackers exploiting the flaws is a Chinese group focused on espionage, as private researchers have done previously He told CNN.
While there is some irony in this, even cybersecurity agencies or officials can be victims of hacking. After all, they rely on the same technology as everyone else. Nate Vick, the US's top cybersecurity diplomat, said last year that his personal account on the social media platform HackedCalling it part of the “risks of the job.”
