Businesses with government contracts ripe targets for cyber attacks

An apparent cyberattack on a major building automation systems manufacturer is gathering national attention after reports that it may have compromised some data belonging to the Department of Homeland Security.

Why it matters: Government contractors are a ripe target for cyberattacks, and the Biden administration has made it a priority to apply tougher cybersecurity rules to any business working with the government.

Driving the news: CNN reported Monday that DHS is investigating whether a reported ransomware attack targeting Johnson Controls International affected sensitive physical security information, including building floor plans.

• Johnson Controls has not yet determined the full extent of the incident, saying in a statement only that the company is continuing "to assess what information was impacted" and is "executing our incident management and protection plan."

Details: Johnson Controls has been responding to a reported ransomware attack for at least a week, according to BleepingComputer.

• The company manufactures security equipment, industrial control systems, fire safety equipment and other physical security devices.
• Customers have included international aerospace manufacturers, universities and medical facilities.

The intrigue: No ransomware gang has claimed responsibility for the reported attack yet — suggesting that if this is a ransomware incident, the company could still be in negotiations over whether to pay a ransom to unlock its systems.

Between the lines: Johnson Controls is far from the first government contractor to face a cyberattack or espionage campaign.

• A high-profile espionage campaign in late 2020 that affected at least nine federal agencies and at least 100 companies started with Chinese hackers targeting government contractor SolarWinds.
• Another government contractor, Maximus, suffered a breach this year as hackers targeted a vulnerability in the popular file-transfer tool MOVEit.

What they're saying: Johnson Controls hasn't shared any additional details about the incident besides what it told the Securities and Exchange Commission in a brief statement in a public 8-K filing Wednesday.

• The filing says the company has "experienced disruptions in portions of its internal information technology infrastructure and applications resulting from a cybersecurity incident."