DHS: Physical Security a Concern in Johnson Controls Cyberattack

An internal memo cites DHS floor plans that could have been accessed in the breach.

In the latest development around the
cyberattack impacting Johnson Controls International (JIC)
, officials at the Department of Homeland Security (DHS) are now reportedly concerned that the attack may have affected sensitive physical security information.
Johnson Controls serves as a government contractor, providing building automation services to facilities, such as HVAC, fire, and security equipment. Due to the nature of those services, officials at DHS are raising concerns about compromised information such as DHS floor plans. According to
media reports, officials detailed in an internal memo
that Johnson Controls holds classified/sensitive contracts for DHS that depict the physical security of many DHS facilities.
It is still unclear as to what information was accessed in the breach, which is believed to be a ransomware attack, but the memo stated that until further notice, we should assume that [the contractor] stores DHS floor plans and security information tied to contracts on their servers.
Concerns are more heightened due to
a potential government shutdown
, which could begin this coming Sunday, making the incident not only a security issue, but a time sensitive one. More than 80% of the Cybersecurity and Infrastructure Security Agency (CISA) workforce will be furloughed should this shutdown go into effect, and cyberattacks across the nations software supply chain would put critical infrastructure at risk.
There is absolutely a trend emerging in ransomware attacks with cybercriminals going deeper into their victims systems to deal a more crippling blow, noted John Gunn, CEO at Token, in an emailed statement, underscoring the harsh levels cybercriminals are willing to go to in their attacks, including those against government agencies.
This incident highlights the
executive order President Biden issued in 2021
for federal agencies to bolster their cybersecurity safeguards, and brings into question the security of
third-party suppliers
and contractors.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
DHS: Physical Security a Concern in Johnson Controls Cyberattack