Johnson Controls Cyberattack – Is Our Critical Infrastructure At Risk?
Johnson Controls Cyberattack—Is Our Critical Infrastructure At Risk?
On September 27th, Johnson Controls filed a Form 8-K to the Securities and Exchange Commission (SEC) indicating that it had experienced a cybersecurity incident impacting its internal IT infrastructure. Multiple sources are reporting that the Dark Angels ransomware gang is responsible and stole 27 TB of data, encrypted Johnson Controls VMware ESXI servers and other devices, and are demanding a $51 million payment. What’s concerning about this incident is the vast scope of downstream organizations that could potentially be impacted by this attack.
Who is Johnson Controls?
Johnson Controls is a large multinational company that provides building and infrastructure automation and security systems across a broad range of sectors, including data centers, hospitals, schools, transportation, manufacturing, hospitality, entertainment, as well as many local, state, and federal government agencies.
Who is Dark Angels?
Dark Angels is a ransomware gang that has been active since around May 2022. They target and breach a victim’s IT infrastructure, steal, and encrypt their data, and then demand payment to provide a decryption key and delete the stolen data. This double extortion tactic is used by some ransomware gangs so they can threaten to expose the stolen data in case the victim is able to recover the encrypted files independently.
DHS Gets Involved
The Department of Homeland Security (DHS) is investigating this breach as Johnson Controls provides building and infrastructure automation and security systems for government buildings and operational controls for critical infrastructure systems. There are concerns that some of the data leaked may expose physical security assets including building floor plans and access information of sensitive government agencies.
In addition to the serious ramification of any government agency information being exposed, there’s serious concerns about other infrastructure operations being impacted. We’ve seen how disruptive cyberattacks on operational infrastructure can be, two examples being the Colonial Pipeline and JBS Foods attacks in 2021. Amplifying the impact of these isolated incidents with the broad reach of Johnson Controls infrastructure access being used to launch further “stage 2” attacks would be chilling.
Enterprises and Government agencies must continuously assess the security controls of their supply-chain providers and contractors and hold them to very high standards. As more and more infrastructure becomes connected and “smart”, the attack surface and impact of bad actors gaining unauthorized access increases as well.
With the rapid adoption of AI, practical challenges inevitably arise. This extends not only to designing products and services that harness AI but also to the consumption of AI by both enterprises and individual knowledge workers. In this webinar, we will delve into the critical issues surrounding the deployment and management of AI, addressing both the application and policy aspects, both at the individual and enterprise levels.
Join Aragon’s expert analysts, Jim Lundy and Adam Pease, will provide insights into key considerations for enterprises in the realm of AI. Topics to be covered include:
- Why effective AI management is crucial for enterprises.
- The essential policies that need to be put in place for AI.
- Strategies for enterprises to harness AI’s power while safeguarding the enterprise’s integrity.