recommended reading

DHS: Attackers Hacked Critical Manufacturing Firm For Months


An unnamed manufacturing firm vital to the U.S. economy recently suffered a prolonged hack, the Department of Homeland Security has disclosed.

The event was complicated by the fact that the company had undergone corporate acquisitions, which introduced more network connections, and consequently a wider attack surface. The firm had more than 100 entry and exit points to the Internet. 

The case contains a lesson for civilian and military agencies, both of which are in the early stages of new initiatives to consolidate network entryways.

The breach was reported in a newly released quarterly newsletter from the DHS Industrial Control Systems Cyber Emergency Response Team, which stated the "large critical manufacturing organization was compromised by multiple sophisticated threat actors over a period of several months."

The victimized organization is "a conglomeration of multiple companies" purchased in recent years, DHS officials said. The deals required merging multiple networks, which impeded visibility into systems, and “allowed lateral movement from intruders to go largely undetected.”

The manufacturing firm brought in DHS to assist with recovery efforts.

A Homeland Security incident response team probed the business' networks and found many machines had been breached. It is unclear whether the systems controlled industrial operations or were back-end business systems. The hackers ultimately obtained "privileged access" throughout the network, officials said.

Going forward, “rearchitecting the network is the best approach to ensure that the company has a consistent security posture across its wide enterprise," officials advised. 

Agencies Trying to Head Off Similar Vulnerabilities

Federal agencies are attempting to preempt the need for similar overhauls.  

Departments are required to limit connections during the development of new IT systems, including Web-based systems. A longstanding governmentwide effort known as "trusted Internet connections," or TIC, aims to cut the number of external access points to agency networks.

But the cloud has opened up federal systems to untold new Internet connections.

Now, a certification program for Web-based services called the Federal Risk and Authorization Management Program is incorporating the TIC approach from the get-go. FedRAMP and DHS are developing guidelines for agencies that will ensure cloud connections comply with TIC before applications go live, DHS officials announced in September. 

Separately, the Pentagon this week announced the Defense Information Systems Agency, Army and Air Force switched on a San Antonio joint regional security stack to move toward "a consolidated, collaborative, and secure Joint Information Environment (JIE) across the Department of Defense."

The San Antonio base is the first of 25 unclassified data sites that will host firewall protections, intrusion detection systems and other network security functions. Installation is complete at 10 stack sites inside the United States.

David Stickley, who leads JIE implementation, said in a statement the San Antonio upgrade "allows DISA, Army and Air Force to monitor compliance and apply consistent security policy to information traveling over DOD networks.” Other military services are expected to set up similar infrastructures. 

(Image via scyther5/

Threatwatch Alert

Network intrusion / Software vulnerability

Hundreds of Thousands of Job Seekers' Information May Have Been Compromised by Hackers

See threatwatch report


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.


When you download a report, your information may be shared with the underwriters of that document.