recommended reading

DHS: Attackers Hacked Critical Manufacturing Firm For Months


An unnamed manufacturing firm vital to the U.S. economy recently suffered a prolonged hack, the Department of Homeland Security has disclosed.

The event was complicated by the fact that the company had undergone corporate acquisitions, which introduced more network connections, and consequently a wider attack surface. The firm had more than 100 entry and exit points to the Internet. 

The case contains a lesson for civilian and military agencies, both of which are in the early stages of new initiatives to consolidate network entryways.

The breach was reported in a newly released quarterly newsletter from the DHS Industrial Control Systems Cyber Emergency Response Team, which stated the "large critical manufacturing organization was compromised by multiple sophisticated threat actors over a period of several months."

The victimized organization is "a conglomeration of multiple companies" purchased in recent years, DHS officials said. The deals required merging multiple networks, which impeded visibility into systems, and “allowed lateral movement from intruders to go largely undetected.”

The manufacturing firm brought in DHS to assist with recovery efforts.

A Homeland Security incident response team probed the business' networks and found many machines had been breached. It is unclear whether the systems controlled industrial operations or were back-end business systems. The hackers ultimately obtained "privileged access" throughout the network, officials said.

Going forward, “rearchitecting the network is the best approach to ensure that the company has a consistent security posture across its wide enterprise," officials advised. 

Agencies Trying to Head Off Similar Vulnerabilities

Federal agencies are attempting to preempt the need for similar overhauls.  

Departments are required to limit connections during the development of new IT systems, including Web-based systems. A longstanding governmentwide effort known as "trusted Internet connections," or TIC, aims to cut the number of external access points to agency networks.

But the cloud has opened up federal systems to untold new Internet connections.

Now, a certification program for Web-based services called the Federal Risk and Authorization Management Program is incorporating the TIC approach from the get-go. FedRAMP and DHS are developing guidelines for agencies that will ensure cloud connections comply with TIC before applications go live, DHS officials announced in September. 

Separately, the Pentagon this week announced the Defense Information Systems Agency, Army and Air Force switched on a San Antonio joint regional security stack to move toward "a consolidated, collaborative, and secure Joint Information Environment (JIE) across the Department of Defense."

The San Antonio base is the first of 25 unclassified data sites that will host firewall protections, intrusion detection systems and other network security functions. Installation is complete at 10 stack sites inside the United States.

David Stickley, who leads JIE implementation, said in a statement the San Antonio upgrade "allows DISA, Army and Air Force to monitor compliance and apply consistent security policy to information traveling over DOD networks.” Other military services are expected to set up similar infrastructures. 

(Image via scyther5/

Threatwatch Alert

Network intrusion

Florida’s Concealed Carry Permit Holders Names Exposed

See threatwatch report


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.


When you download a report, your information may be shared with the underwriters of that document.