A federal agency in charge of cybersecurity discovered it was hacked last month and was forced to take two key computer systems offline, an agency spokesperson and US officials familiar with the incident told CNN.
One of the US Cybersecurity and Infrastructure Security Agency’s affected systems runs a program that allows federal, state and local officials to share cyber and physical security assessment tools, according to the US officials briefed on the matter. The other holds information on security assessment of chemical facilities, the sources said.
A CISA spokesperson said in a statement that “there is no operational impact at this time” from the incident and that the agency continues to “upgrade and modernize our systems.”
“This is a reminder that any organization can be affected by a cyber vulnerability and having an incident response plan in place is a necessary component of resilience,” the spokesperson said, adding that the impact from the hack “was limited to two systems, which we immediately took offline.”
The two systems run on older technology that was already set to be replaced, sources told CNN.
Part of the Department of Homeland Security, CISA investigates cyber intrusions at federal agencies and advises private critical infrastructure firms on how to bolster their security.
The Record first reported on the hack.
It was not immediately clear who was behind the hack, but it occurred through vulnerabilities in popular virtual private networking software made by Utah-based IT firm Ivanti. For several weeks, CISA has urged federal agencies and private firms to update their software or take other defensive measures in response to widespread exploitation of Ivanti vulnerabilities by hackers.
Among the…
Read the full article here