US officials discovered last month that a federal agency responsible for cybersecurity was hacked and had to take two important computer systems offline.
According to US officials briefed on the matter, the affected systems of the US Cybersecurity and Infrastructure Security Agency run a program that allows federal, state, and local officials to share cybersecurity and physical security assessment tools.
A CISA spokesperson stated that the incident “currently has no operational impact” and that the agency continues to “upgrade and modernize our systems.”
The spokesperson added, “This serves as a reminder that any organization can be affected by a cybersecurity vulnerability, and having an incident response plan is a necessary component of resilience,” and also mentioned that the impact of the attack was “limited to two systems.” “We took them offline immediately.”
As part of the Department of Homeland Security, CISA investigates cyberattacks on federal agencies and provides advice on how private critical infrastructure companies can enhance their security.
It was not immediately clear who was behind the attack, but the attack was due to security vulnerabilities in popular virtual private network software produced by Utah-based IT company Ivanti. For several weeks, CISA has been urging federal agencies and private companies to update their software or take other defensive measures in response to hackers widely exploiting Ivanti’s security vulnerabilities.
Even cybersecurity agencies or officials can fall victim to hacking. Nate Fick, the top US cybersecurity diplomat, said last year that his personal account on social media platform X was compromised, describing it as part of the “dangers of the job.”
